NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Allowing Only Whitelisted IP per Device/Internal IP
I have 2 wired devices connected to my wired network that I am trying to do very specific things with using my R7000: A) I do NOT want these devices to have access to the rest of the internal net...
FarHills wrote:
Thanks for the succinct explanation. If I disable the bridge, is there some hack-ish way of doing a whitelist?
Not that I know of. If you want to control access by DNS names (not IP addresses) you could look into parental controls. You could also look into open-source firmware (dd-wrt or tomato), and see if they have any options that look useful.
Isolating the devices from your local network is somewhat easier. You could for instance use two routers (lan port of one connected to the wan port of the second), and then connect your special devices directly to the first router. The NAT filewall in the second wirewall would block access to your home network.
StephenB wrote:The router doesn't support whitelisting, and in any event with VLAN/Bridge you are turning off the NAT functions altogether. The devices aren't protected by the router firewall rules at all, and no traffic is blocked in either direction. So you will be relying on the security built into the devices.
Thanks for the succinct explanation. If I disable the bridge, is there some hack-ish way of doing a whitelist? I suspect I'm going to be needing a firewall or another router to accomplish this, but I'm an IT novice, so I'm not certain. Could I set up 2 separate sub-nets on this router maybe? I didn't see an option for that, but then again I may just have overlooked it.
FarHills wrote:
Thanks for the succinct explanation. If I disable the bridge, is there some hack-ish way of doing a whitelist?
Not that I know of. If you want to control access by DNS names (not IP addresses) you could look into parental controls. You could also look into open-source firmware (dd-wrt or tomato), and see if they have any options that look useful.
Isolating the devices from your local network is somewhat easier. You could for instance use two routers (lan port of one connected to the wan port of the second), and then connect your special devices directly to the first router. The NAT filewall in the second wirewall would block access to your home network.
I have 2 wired devices connected to my wired network that I am trying to do very specific things with using my R7000:
A) I do NOT want these devices to have access to the rest of the internal network. To do this I have set up the router to bridge those devices by wired port (VLAN/Bridge Settings), and the switch plugged into that port ONLY has those 2 wired devices on it. Does this prevent them from accessing the devices on the other wired ports?
B) I want to set up a whitelist so that these devices can ONLY access a few external IP addresses and nothing else. I'm currently not sure how to do this using the router's firmware. Is it possible?
Thank you in advance for any help you can give!
Your talking a server with a preset limits to isolate your normal net work from the two wired devices may be more then the r7000 rounter can do I'am sure a home router has the horse power to all this but a computer placed between the router and devices running a server software could do it. Companies do for their different departments and also limit access to other websites tp protect them selves.