FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
872 views 4 comments
by

Hi,

i saw only br-lan how net interface, but i need to different interface (i have 4 lan port into RUT955) for to block the internet navigation, like iptables with eth0.



iptables -A INPUT -i eth0 -j DROP

Is it possible? Am I clear?

Thanks

1 Answer

0 votes
by anonymous
Hi,

If you wish to block all the outgoing traffic from LAN ports only and leave capability for WiFi clients to browse the internet, you will need to set-up port-based VLAN.

Create a new LAN interface for ports only and then restrict that interface from reaching out to WAN in the firewall.

Useful wiki pages for this solution:

https://wiki.teltonika-networks.com/view/RUT955_VLAN

https://wiki.teltonika-networks.com/view/RUT955_Firewall#Summary

EB.
by

thank you for replay.

this is my situation:

do you have an example to limit internet only interface port of 192.168.200.133?

from 192.168.100.171 ping to 192.168.200.133 result ICMP is reachable.

from 192.168.200.133 ping to 192.168.100.171 result ICMP is unreachable.

from 192.168.200.133 ping to 192.168.100.1 result ICMP is reachable.

Why happen this?

by anonymous
I see that you've done a lot of changes to the firewall and it will be better if you reset your device to factory defaults to avoid confusion and needless debugging.

If you wish to just block 192.168.200.133 address from reaching the WAN, you can do this:

https://wiki.teltonika-networks.com/view/RUT955_Firewall#Traffic_Rule_Configuration

Go to Traffic rules, enter 192.168.200.133 as a Source address, select LAN (the one where 192.168.200.X devices are) zone as source zone and choose WAN as a destination zone, REJECT as an action.

This should be enough to block one address from reaching out to the WAN.

EB.
by

Hi,

my issue is Blocking All except Teamviewer.

I configured only the port in Traffic Rules. 

Teamviewer support:

so it is sufficient to simply block all incoming connections on your firewall and only allow outgoing connections over port 5938, regardless of the destination IP address

thanks

by
My model is RUT955, firmware 6.06.1