Blocking a LAN ip from internet access/

Page 2 of 2 FirstFirst 12

  1. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #11

    Nice book :) once you understand the basics of TCP/IP everything that uses it becomes easier to understand. Especially when getting into how routers work and how they decide which path is the best.

    Josh :)
      My Computer
    Quote Quote

  3. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #12

    Hi Josh, I think I successfully blocked my NAS from internet access by using the Internet Access Control feature of my router as you suggested. This is what I did:

    - Logged into the router's (TL-R600VPN) web configuration page
    - Went to "Access Control"
    - Clicked on "Add New"
    - "Rule Name"="NAS_Block"
    - "Click here to aadd new host list"
    - "Mode"="IP Address"
    - "Host Description"="NAS"
    - LAN IP Address"="192.168.0.99" (static IP assigned outside DHCP scope)
    - "Save"
    -"Host":"NAS"
    -"Target"="Any Target"
    -"Schedule"="Anytime"
    -"Action"="Deny"
    -"Status"="Enabled"
    -"Save"

    Once this rule was created as above I ticked "Enable Internet Access Control" and " Allow the packets not specified by any access control policy to pass through the Router", then click "Save"

    I then tested a simple internet access operation from my NAS like time synchronization and it was unable as access to the net was blocked.

    So is this the most secure way of protecting the NAs from the Internet (as secure as physically unplugging the cable), or could someone hack the router, change its configuration and gain access to any LAN's host (including the NAS)?
      My Computer
    Quote Quote

  4. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #13

    Nice, I'm glad you managed to work it out :)

    It is going to be as secure as you're going to get. Your router should not accept requests to access it's settings from the outside and plus a hacker will have to try and evade your ISPs security infrastructure before reaching you so you are pretty secure from that standpoint.

    The only way a hacker could easily gain entry is by your machine. Therefore make sure that you have a good anti-virus application so that any malware that could try and gain entry to the network is negated. Apart from that most entry points are secure :)

    Of course please be advised that anyone who connects to the switch will have access to the NAS so you may want to look as to how physically secure your switch is. To be honest if it's in your house I would be more concerned about them breaking in the house rather than trying to access your NAS

    Hope this helps,
    Josh :)
      My Computer
    Quote Quote

  6. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #14

    Shadowjk said:
    Of course please be advised that anyone who connects to the switch will have access to the NAS so you may want to look as to how physically secure your switch is.
    But regarding my local LAN, I can configure folder permissions within DSM (The NAS OS) so that a given user can access a given NAS folder and not others, I guess that would take care of the local LAN NAS security regardless of anyone gaining physical access to the switch, right?
      My Computer
    Quote Quote

  7. Shadowjk
    Posts : 2,298
    Windows 7 Professional x64 SP1 ; Windows Server 2012 R2 Standard
       New #15

    Correct, though if someone still gets physical access they will be able to communicate with your machine and any other device on your network but the NAS. They would also be able to access your router settings if they are connected by the switch however I am assuming you have an appropriate username and password to try and circumvent that.

    Josh
      My Computer
    Quote Quote

  8. antares
    Posts : 207
    Windows XP Professional SP3/Windows 7 Ultimate x64
    Thread Starter
       New #16

    Shadowjk said:
    Correct, though if someone still gets physical access they will be able to communicate with your machine and any other device on your network but the NAS. They would also be able to access your router settings if they are connected by the switch however I am assuming you have an appropriate username and password to try and circumvent that.

    Josh
    Josh, the router settings are protected by a username and password, and also I set a filter by which only the MAC address of my PC can access it.
    regarding other hosts in the LAN, a newcomer connected to the switch won't be able to access other LAN devices or the internet if they are also protected by appropriate permission rules either locally or through the router.
    Well, as you said earlier, I think I have to worry more about someone intruding my home and stealing.
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
Hi. My younger brother keeps scamming his way to gaining access to his laptop and then goes on to play online games, when he's got the PC for completing his projects. How can I block router/internet access to that specific program without affecting his average browsing capabilities? I would...
Hi Just uninstalled a pirated Norton 360 from my girlfriend's computer (Installed by an ex), then after restarting the laptop I couldn't connect to the internet. Ran diagnostics and turned up sayin firewall settings are blocking incoming connections. Switched off firewall restarted laptop stll...
The computer is new. I added a second HDD (G:) from my old computer. Windows Explorer sees G:, lists its files, but when I try to call up a file, it says I have no access. This in spite of my administrative rating. I have tried to change the security configuration on G:, but then it starts...
I have just set up a new system running Windows 7 Professional 64 bit. For some reason I cannot access certain sites in any browser (IE, Firefox or Safari (Haven't tried Chrome yet)). Example sites that are blocked may be redirects such as those starting with Email Marketing Software & Email...
Several months ago I posted about some software that allows me to centrally manage pushing patches to my home computer network, which is 2xXP and 9xWindows 7. I never did find any software that could accomplish the task, at least non-corporate software that didn't cost more than my car. So, I'm...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:15.
Find Us