[kwlug-disc] Deny Internet access for some LAN devices
B. S.
bs27975 at gmail.com
Wed Apr 12 18:01:51 EDT 2017
Doesn't need to be a VLAN, which would require the router to understand
VLAN. Just static addresses (nets) on the camera, and a secondary eth on
points you care about / would access with. e.g. On the PI, where the VPN
address and internal net can forward to that interface and vice versa,
and forwards from that net to 0.0.0.0 denied. Gateway on the cameras
would be the PI.
For VLAN, the cameras, or the switch(es) they're connected to, would
have to be VLAN capable and probably aren't. The PI could be made to be,
but by itself that doesn't buy you anything that isn't already present
above.
Have to be static on the cameras, else a physically separate network or
DHCP is going to cause network confusion. Or specially crafted DHCP
settings - which would only bring complication for little gain.
You'll want to turn off PnP, et al, on the cameras, and UPnP et al
inside the house, so nothing can inadvertently discover the presence of
the cameras.
On 04/12/2017 08:57 AM, Raymond Chen wrote:
> I love the subnet idea. I'll check if it has the VLAN support. Thank you.
>
> @Paul, no it doesn't have parent control. :)
>
> On Tue, Apr 11, 2017 at 11:52 PM, Paul Nijjar via kwlug-disc <
> kwlug-disc at kwlug.org> wrote:
>
>>
>> Are there parental control features on the router? You could say that
>> the cameras have an early bedtime and are not allowed to access the
>> Internet after those hours.
>>
>> - Paul
>>
>> On Tue, Apr 11, 2017 at 06:08:40PM -0400, Raymond Chen wrote:
>>> I have some cameras in my house. I'm trying to disable their access to
>>> Internet. Since I have a VPN service on my Raspberry Pi, if I want to
>>> connect to those cameras, I can connect to the VPN first.
>>>
>>> One way I can think of is setting their gateway IP address to empty. But
>> if
>>> there is a malware on the camera, that doesn't help so much, right?
>>>
>>> I'm sure those DD-WRT routers can do that, just create a policy based on
>>> the MAC... But unfortunately my route is D-Link N600. It has some basic
>>> firewall, filter features, but most of them are protecting agains outside
>>> access. Any idea?
>>>
>>
>>
>> --
>> http://pnijjar.freeshell.org
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
More information about the kwlug-disc
mailing list