static DHCP and auto assign together

[TheBlindKind]

Hi everyone,

If I enable manual IP assignment on my RT AC56R and only assign an IP to one MAC address, letting the router assign addresses to all other devices, will firewall rules I apply to the one manually assigned device work? I made a network services filter rule in the firewall for that one manually assigned IP that didn't work, and I want to be sure it isn't that I'm using this automatic and manual DHCP assignment combination that is the problem. I'm trying to block steam content on only one device by blocking source ports 27015:27030, but that doesn't stop the device from eating up every bit of bandwidth available for days on end. Thoughts?

 

[ColinTaylor]

The manual IP assignment will have no bearing on your NSF problem. In fact it's recommended because it stops the client's IP address from changing.

 

[TheBlindKind]

Thank you, Colin.

 

[ColinTaylor]

I'm trying to block steam content on only one device by blocking source ports 27015:27030, but that doesn't stop the device from eating up every bit of bandwidth available for days on end.

You should be blocking the destination ports not the source.

What sort of content are you trying to block? In my experience Steam will download games over port 80/443 in which case your only choice might be to block the destination IP's rather than ports. https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711

 

[TheBlindKind]

Thanks again, Colin. I'm trying to keep the machine from automatically downloading updates, which for some reason are always enormous. Our internet connection is 1.5 down, and even with QOS and file transfers set to lowest priority the machine hogs up so much of that that nothing else is really possible, not even streaming low quality audio, which I enjoy being able to do. I don't even want to block it all the time,just from 6 a.m. to midnight.

 

[ColinTaylor]

I downloaded something the other day and it used port 80 or 443 (I didn't pay attention to which one). So you either block those which means no web browsing for that client, or you block the destination IP's referred to in that article.

What country are you in? USA? Then you could try blocking these destinations:

162.254.192.0/21
192.69.96.0/23
205.185.194.0/24
205.196.6.0/24
208.64.200.0/22
208.78.164.0/22

 

[TheBlindKind]

Wow, thanks yet again. I didn't know the NSF supported bitwise notation. I'll try this when I get off work and report back as soon as I know anything.