NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
RBR850 - Need help preventing internet access to a NAS device
I used to have an Asus router for the longest time - it had ability for me to configure certain devices (e.g. NAS) from accessing the internet. But devices within the network could access the NAS.
I got the Orbi RBR 850 + satellite - i've been combing through the product manual and other forums online but haven't been able to find my way to such a configuration. with an expensive router, I would have thought this would be a no brainer.
Am I missing anything? or does the Orbi not have this feature? The only thing I could find within the Orbi was the "block services" - using this prevents all devices on the network from accessing the NAS device too which is not what I want.
The tests I have run do not support that assertion.
I set up total blocks on two computers on my network.
'Any', ports 1-65535, IP address, and 'Always'.
After clearing cache and the hosts file, neither computer could reach anything on the internet.
No web sites, no software update sites, etc.
(Note that 'ping' [ICMP] is neither TCP nor UDP, so service blocking does not stop ping.)
However, both computers could reach web sites on my LAN (printer and Pi-hole DNS server)
I could telnet into the Pi-hole, which is how I know that it was 'dead' on the internet.
So, local access in/out of the blocked computers - fine. Internet access out of the blocked computers - dead.
Was this the service block that you set up on the NAS and it failed to work?
(My ancient RBR50 Orbi may not be identical to your more recent model.)
6 Replies
I believe what you want is on the Advanced Tab, Security, Block Services.
Create a rule to Block starting at port 1 and ending at port 65535 for the IP address of the NAS.
Set schedule to "Always".
Apply.
This means, of course, that the NAS will not be able to update firmware unless you temporarily remove the block.
Thanks CrimpOn. But as I said, that's not what I want. "Block services" blocks access to the NAS from local network devices. the requirement is:
- NAS should not be able to access traffic to the internet
- NAS should be able to communicate with local network devices
The tests I have run do not support that assertion.
I set up total blocks on two computers on my network.
'Any', ports 1-65535, IP address, and 'Always'.
After clearing cache and the hosts file, neither computer could reach anything on the internet.
No web sites, no software update sites, etc.
(Note that 'ping' [ICMP] is neither TCP nor UDP, so service blocking does not stop ping.)
However, both computers could reach web sites on my LAN (printer and Pi-hole DNS server)
I could telnet into the Pi-hole, which is how I know that it was 'dead' on the internet.
So, local access in/out of the blocked computers - fine. Internet access out of the blocked computers - dead.
Was this the service block that you set up on the NAS and it failed to work?
(My ancient RBR50 Orbi may not be identical to your more recent model.)