NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
BR200: How to block WAN completely except for some IP addresses?
We have an isolated LAN in our lab. We want to use BR200 as a gateway for a pair of special IPs and services (https and ssh). Other LAN WAN traffic should be blocked.
How can I configure this via the web interface for BR200? On our very old router ProSave FVS338, under LAN WAN Rules there is an option Default Ouboond Policy: Block Always.
I have not found anything comparable for BR200.
Dear antinode,
I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...
I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.
I achieved wished result via settings in the firewall traffic rules.
One has to keep in mind that the order of the rule is important.
So one must first allow the IPs that one wants
1. IP for WIKI ACCEPT
2. IP for GITLAB ACCEPT
3. IP for Timeserver ACCEPTAfter what its possible to block the rest
4. ALL IPs DROP
Thank You for help and best wishes!
2 Replies
> [...] Other LAN WAN traffic should be blocked.
Inbound connecations are blocked by default. Don't run software
which makes outbound connections?> I have not found anything comparable for BR200.
I've never touched a BR200, and the User Manual is far from
comprehensive, so I know nothing, but what's wrong with the usual
ADVANCED > Security > Block Services stuff, with a rule for ports
1-65535?Visit http://netgear.com/support , put in your model number, and look
for Documentation. Get the User Manual (at least). Read. Look for
"Block specific services and applications from the Internet"?Dear antinode,
I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...
I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.
I achieved wished result via settings in the firewall traffic rules.
One has to keep in mind that the order of the rule is important.
So one must first allow the IPs that one wants
1. IP for WIKI ACCEPT
2. IP for GITLAB ACCEPT
3. IP for Timeserver ACCEPTAfter what its possible to block the rest
4. ALL IPs DROP
Thank You for help and best wishes!