How can I isolate specific IP range to block all WAN access?

Technical Support for Routers
1

I am totally green. I was spoiled with Tomato and DDWRT and their built-in administrative feature set that would allow me to segregate my Chinese security cameras from the internet.

Since I am completely unfamiliar with scripting or command entries, perhaps explaining what I had might help to frame my needs…

All of my WAN-enabled IPs were in the standard 192.168.1.1-254 range. Those devices which I wanted to explicitly prevent from accessing the web (or vice versa) were assigned to 192.168.2.1-254. All devices on the LAN that needed to access these cameras had a subnet mask set to 255.255.252.0 - so they could access the different octet.

Then, in the administrative section, I created a rule that blocked all WAN access to any device with an IP 192.168.2.X. It worked perfectly.

However, I do not know how to replicate this same ability with this new GL-AR750S router. Is there an easier way to block access to WAN but still allow LAN devices to communicate with them?

I could even isolate IPs within the standard range - for example: 192.168.8.1-100 get WAN and 192.168.8.200-254 are isolated from all WAN access. That would be even easier, as I wouldn’t have to change the default subnet mask.

Any help would be appreciated. While I am lazy, in this case, it is really my complete technical illiteracy that is keeping me from even knowing what to search for.

2

Since there is no iprange module in the router firewall, I block from 192.168.8.192 to 192.168.8.255 to access wan through the following rules.

iptables -I FORWARD  -s  192.168.8.192/26 -o eth0.2 -j DROP
1 Like
3

Thanks for taking the time to explain that. Now, like any stray cat you feed, they come back for more :wink:

Assuming that I screw it up (or decide to change/revert), is there a simple way to remove a given rule? I haven’t attempted, so forgive me if it’s something as simple as unticking or selecting/removing.

I appreciate your help!

4

I was asking as the router in question is 700 miles away in a motor coach where my wife is staying. Fortunately I was able to remote in today and see the advanced firewall custom rules box, and see that adding, modifying, and removing rules is as simply as typing in a text box. Certainly seems very simple. Thank you so much for your help.

1 Like