Page 1 of 1

I want to block from WiFi user to get to the router-how to?

Posted: Thu Dec 25, 2014 1:47 pm
by David1234
I want to be able to enter the router using HTTP only from the Ethernet connection
so if someone try to enter from the WiFi - he will get 404 error - or something

this is what I have done but it doesn't work -
chain=forward action=drop src-address=0.0.0.0/0 dst-address=172.20.164.254
the Wlan IP is 172.20.164.254

I don't want to change the port (80) - because this is not a solution for me

what am I missing or doing wrong?
this is doable I want to believe , no ?

what I do now it NAT to address I don't use
chain=dstnat action=dst-nat to-addresses=172.20.164.5 
     dst-address=172.20.164.254 in-interface=wlan1
I can stay with this , but if I want to do NAT to an image inside the router - can it be done?





Thanks,

Re: I want to block from WiFi user to get to the router-how

Posted: Fri Dec 26, 2014 1:37 am
by tinka
i think that you have specify the input (not the forward) chain to block access to the router.

Re: I want to block from WiFi user to get to the router-how

Posted: Sun Dec 28, 2014 10:49 am
by David1234
have try this also -
still doesn't block

Re: I want to block from WiFi user to get to the router-how

Posted: Tue Dec 30, 2014 8:34 pm
by tinka
have you put the rules in the correct order?

i would suggest to make a log rule and use only src. place it on top of the rule list. Start accesing the router from the src address. Once you see packets hit the log rule you know it works. Now change the action to drop.

Be carefull because you can block yourself so make sure you can login with mac.

Now once this works try to change to your liking and check with each step if the rule gets triggered.

Re: I want to block from WiFi user to get to the router-how

Posted: Tue Dec 30, 2014 10:00 pm
by ShayanFiroozi
Hi,
you can use In/Out interface in firewall rules , or IP addresses , chain is input , src address is you Wifi network subnet such as 192.168.200.0/24 or something like that , and your dest address is your router address action is drop or tarpit