0

On my tp-link TL-WR1043ND router I want to prevent a particular machine from having access to the WAN while still allowing that machine to access other machines on the LAN.

My assumption is that I need to do something in the "Access Control" section, however the problem is that it wants an ip range or domain name for the target of the rule. The router uses DHCP to get an address from the WAN, so I don't have any guarantee what the ip address of the wan will be.

If the answer is that it's not possible with this router, could someone describe how to do it using OpenWRT instead?

HappyEngineer
  • 191
  • 1
  • 2
  • 7

2 Answers2

1

Yes, this is simply a matter of an access rule. I'm not familiar with your router, but you would create a rule that basically says "From source address (PC IP here) to ANY deny".

Now... as to LAN traffic, well, that will depend on your configuration. If the router has a built-in switch, and does not inherently or explicitly permit LAN to LAN traffic, you may need a rule that supersedes the one posted above. However, if it is implied, or if your devices are connected to the same switch downstream, then they are likely in the same subnet and your router does not have much of a say in the matter if they can talk to each other. The gateway is only consulted when a machine needs to reach outside of it's subnet.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
-1

I couldn't use my tplink Access Control Rule Management to block access from one internal ip to another. Only to external ip's. You may consider adding another hardware router, and then it should work.

Sunny127
  • 101
  • It's not clear wether you answer really pertains to the question, because it is too brief. Can you elaborate on your suggested approach? – Felix Frank Aug 10 '14 at 21:27