NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

keale's avatar
keale
Star
May 07, 2021
Solved

BR200: How to block WAN completely except for some IP addresses?

We have an isolated LAN in our lab. We want to use BR200 as a gateway for a pair of special IPs and services (https and ssh). Other LAN WAN traffic should be blocked.   How can I configure this via...
  • keale's avatar
    keale
    May 17, 2021

    Dear antinode,

    I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...

    I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.

     

    I achieved wished result via settings in the firewall traffic rules.

    One has to keep in mind that the order of the rule is important.

    So one must first allow the IPs that one wants
    1. IP for WIKI ACCEPT
    2. IP for GITLAB ACCEPT
    3. IP for Timeserver ACCEPT

    After what its possible to block the rest

    4. ALL IPs DROP

     

    Thank You for help and best wishes!

antinode's avatar
antinode
Guru
May 07, 2021

> [...] Other LAN WAN traffic should be blocked.

 

   Inbound connecations are blocked by default.  Don't run software
which makes outbound connections?

 

> I have not found anything comparable for BR200.

 

   I've never touched a BR200, and the User Manual is far from
comprehensive, so I know nothing, but what's wrong with the usual
ADVANCED > Security > Block Services stuff, with a rule for ports
1-65535?

 

   Visit http://netgear.com/support , put in your model number, and look
for Documentation.  Get the User Manual (at least).  Read.  Look for
"Block specific services and applications from the Internet"?

  • keale's avatar
    keale
    Star
    May 17, 2021

    Dear antinode,

    I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...

    I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.

     

    I achieved wished result via settings in the firewall traffic rules.

    One has to keep in mind that the order of the rule is important.

    So one must first allow the IPs that one wants
    1. IP for WIKI ACCEPT
    2. IP for GITLAB ACCEPT
    3. IP for Timeserver ACCEPT

    After what its possible to block the rest

    4. ALL IPs DROP

     

    Thank You for help and best wishes!