NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RBR850 - Disable Internet Access but enable local intranet access
I just bought the RBR850 and am struggling to find in the user manual the instructions on how to disable Internet access for a device on my network but allow local network devices to connect to it. ...
iqi wrote:
I just bought the RBR850 and am struggling to find in the user manual the instructions on how to disable Internet access for a device on my network but allow local network devices to connect to it.
On the Original Orbi models, the web interface (http://orbilogin.net), on the Advanced Tab, Security Menu has an option called Block Services. The attached screen shot shows how I have blocked the device at 192.168.1.102 from opening Any TCP or UDP connection to any possible port (1-65535) on the internet. Local access is not affected.
There is always a chance that the Orbi 850 has different options than my (old) Orbi.
Thank you. I did precisely that but I find that the device was still able to access the internet. Traffic from the device was not restricted to the local network. I have to figure out a way to test traffic to the device from outside the network.
For example, I have the following setting but this laptop can still access the internet. I also tried Service type = All but the setting didn't prevent internet access from the device.
Service Type Restrict 18 Protocol TCP/UDP Starting Port 1 Ending Port 65535 Service Type/User Defined Restrict18 Filter Services For : Only This IP Address : 192.168.5.18
Aditionally, I don't see the ability to restrict services for the guest wireless network. Any insights on how to do that is appreciated too.
iqi wrote:
Aditionally, I don't see the ability to restrict services for the guest wireless network. Any insights on how to do that is appreciated too.
I am not aware of any method to restrict internet access for devices on the Guest WiFi network (There is no concept of Guest on the wired network.) The entire purpose of having a Guest network is for "Guests" to connect. I suppose one could make the case, "I want to have some folks over to play WOV (World of Vomit) on my LAN server, but don't want them getting to the internet."
I mean, it's OK for them to have access to my personal resources, but not the internet?
Since this is posted in the Parental Controls forum, my guess is that there is a struggle going on and you are losing. Sorry.
iqi wrote:
Thank you. I did precisely that but I find that the device was still able to access the internet. Traffic from the device was not restricted to the local network. I have to figure out a way to test traffic to the device from outside the network.
Well, fudge. I will perform another test. I usually get tripped up by forgetting to set the Schedule to Always and click on Apply. (I get in a hurry and go on to other things.)
OK. Test performed with a Linux laptop, IP 192.168.1.18. Set up to block Any, from port 1 through port 65535. Schedule Always. "Apply".
The laptop cannot load web pages. The software update checker cannot load software repositories. I think the internet is "dead" to this laptop. Can you try your experiment again?
My understanding is that there can be no way to test traffic to the device from the internet
- The Orbi does not allow connections from the internet to any device on the LAN unless a port is opened specifically to allow that.
- When devices open port "out", then resources on the internet use those connections to send traffic to the device.
That's how most Internet of Things (IoT) devices work. When they power up, they open a connection to their "cloud". The cloud can never connect to them because the Orbi will reject any inward connections.