Difference between revisions of "Blocking Internet Access for LAN Clients"
From Teltonika Networks Wiki
Kristijonasb (talk | contribs) |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | |||
==Introduction== | ==Introduction== | ||
Line 7: | Line 6: | ||
Access between your end device and other networks is controlled by your network device's (router, gateway) firewall. Therefore, in order to set networks access limitations you will need to modify the firewall configuration. In the Teltonika-Networks devices this can be done over the <b>Network → Firewall</b> page. | Access between your end device and other networks is controlled by your network device's (router, gateway) firewall. Therefore, in order to set networks access limitations you will need to modify the firewall configuration. In the Teltonika-Networks devices this can be done over the <b>Network → Firewall</b> page. | ||
+ | |||
+ | To access the Firewall page, you must first switch to 'Advanced' WebUI mode: | ||
+ | |||
+ | [[File:Networking_rutx_manual_webui_basic_advanced_mode_v1.gif|border|class=tlt-border]] | ||
+ | |||
+ | ===All clients=== | ||
---- | ---- | ||
<ul> | <ul> | ||
− | <li> | + | <li>To block all LAN clients from accessing the Internet, go to the <b>Network → Firewall → Traffic Rules</b> page.</li> |
<li>Scroll down to the 'Add New Forward Rule' section and create a rule such as this: | <li>Scroll down to the 'Add New Forward Rule' section and create a rule such as this: | ||
<ol> | <ol> | ||
Line 16: | Line 21: | ||
<li>Set 'Destination Zone' to <i>wan</i>.</li> | <li>Set 'Destination Zone' to <i>wan</i>.</li> | ||
<li>Click 'Add'.</li> | <li>Click 'Add'.</li> | ||
− | </ol>[[File: | + | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_1.png|border|class=tlt-border]] |
</li> | </li> | ||
− | + | <li>When the rule is created, you will be redirected to its configuration page. While there, set up the rule like this: | |
− | |||
− | |||
− | |||
− | |||
− | <li> | ||
<ol> | <ol> | ||
<li>Set 'Protocol' to <i>Any</i>.</li> | <li>Set 'Protocol' to <i>Any</i>.</li> | ||
<li>Set 'Action' to <i>Drop</i>.</li> | <li>Set 'Action' to <i>Drop</i>.</li> | ||
− | </ol>[[File: | + | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_2.png|border|class=tlt-border]] |
</li> | </li> | ||
<li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li> | <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li> | ||
</ul> | </ul> | ||
− | ===Single client | + | ===Single client=== |
---- | ---- | ||
<ul> | <ul> | ||
− | <li>To block a single LAN client from accessing the Internet, set up the rule like this: | + | <li>To block a single LAN client from accessing the Internet, go to the <b>Network → Firewall → Traffic Rules</b> page.</li> |
+ | <li>Scroll down to the 'Add New Forward Rule' section and create a rule such as this: | ||
+ | <ol> | ||
+ | <li>Create a custom name for the rule.</li> | ||
+ | <li>Set 'Source Zone' to <i>lan</i>.</li> | ||
+ | <li>Set 'Destination Zone' to <i>wan</i>.</li> | ||
+ | <li>Click 'Add'.</li> | ||
+ | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_1.png|border|class=tlt-border]] | ||
+ | </li> | ||
+ | <li>When the rule is created, you will be redirected to its configuration page. While there, set up the rule like this: | ||
<ol> | <ol> | ||
<li>Set 'Protocol' to <i>Any</i>.</li> | <li>Set 'Protocol' to <i>Any</i>.</li> | ||
<li>Set 'Source address' to the the one that you wish to block.</li> | <li>Set 'Source address' to the the one that you wish to block.</li> | ||
<li>Set 'Action' to <i>Drop</i>.</li> | <li>Set 'Action' to <i>Drop</i>.</li> | ||
− | </ol>[[File: | + | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_4.png|border|class=tlt-border]] |
</li> | </li> | ||
− | <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>192.168.1.100/30</i> as the 'Source address' would | + | <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>192.168.1.100/30</i> as the 'Source address' would include IP addresses from 192.168.1.100 to 192.168.1.103.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_5.png|border|class=tlt-border]]</li> |
<li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li> | <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li> | ||
</ul> | </ul> | ||
− | + | ==Blocking specific site or network== | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<ul> | <ul> | ||
<li>To block access to a website for LAN clients, go to Services → Web Filter.</li> | <li>To block access to a website for LAN clients, go to Services → Web Filter.</li> | ||
Line 68: | Line 63: | ||
<li>Turn Web Filter on.</li> | <li>Turn Web Filter on.</li> | ||
<li>Set 'Mode' to <i>Blacklist</i>.</li> | <li>Set 'Mode' to <i>Blacklist</i>.</li> | ||
− | </ol>[[File: | + | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_6.png|border|class=tlt-border]] |
− | + | </li>Alternatively, you may set 'Mode' to <i>Whitelist</i> to allow access only to specific sites and block access to all others. | |
<li>Specify sites that you wish to block under the 'Site Blocking Rules' section. | <li>Specify sites that you wish to block under the 'Site Blocking Rules' section. | ||
<ol> | <ol> | ||
− | <li>Click 'Add' to create a new entry in the list | + | <li>Click 'Add' to create a new entry in the list.</li> |
<li>Specify a 'Hostname' that you wish to block.</li> | <li>Specify a 'Hostname' that you wish to block.</li> | ||
<li>Don't forget to save the changes.</li> | <li>Don't forget to save the changes.</li> | ||
− | </ol>[[File: | + | </ol>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_7.png|border|class=tlt-border]] |
</li> | </li> | ||
</ul> | </ul> | ||
− | [[Category: | + | [[Category:Networking]] |
Revision as of 14:44, 10 July 2020
Main Page > General Information > Configuration Examples > Router control and monitoring > Blocking Internet Access for LAN ClientsIntroduction
This article contains instructions o how to block Internet access for LAN clients using a Teltonika-Networks device.
Blocking WAN (Internet) access
Access between your end device and other networks is controlled by your network device's (router, gateway) firewall. Therefore, in order to set networks access limitations you will need to modify the firewall configuration. In the Teltonika-Networks devices this can be done over the Network → Firewall page.
To access the Firewall page, you must first switch to 'Advanced' WebUI mode:
All clients
- To block all LAN clients from accessing the Internet, go to the Network → Firewall → Traffic Rules page.
- Scroll down to the 'Add New Forward Rule' section and create a rule such as this:
- Create a custom name for the rule.
- Set 'Source Zone' to lan.
- Set 'Destination Zone' to wan.
- Click 'Add'.
- When the rule is created, you will be redirected to its configuration page. While there, set up the rule like this:
- Set 'Protocol' to Any.
- Set 'Action' to Drop.
- If you later wish to undo the changes, you can delete the rule or turn it off.
Single client
- To block a single LAN client from accessing the Internet, go to the Network → Firewall → Traffic Rules page.
- Scroll down to the 'Add New Forward Rule' section and create a rule such as this:
- Create a custom name for the rule.
- Set 'Source Zone' to lan.
- Set 'Destination Zone' to wan.
- Click 'Add'.
- When the rule is created, you will be redirected to its configuration page. While there, set up the rule like this:
- Set 'Protocol' to Any.
- Set 'Source address' to the the one that you wish to block.
- Set 'Action' to Drop.
- Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying 192.168.1.100/30 as the 'Source address' would include IP addresses from 192.168.1.100 to 192.168.1.103.
- If you later wish to undo the changes, you can delete the rule or turn it off.
Blocking specific site or network
- To block access to a website for LAN clients, go to Services → Web Filter.
- Set the main parameters of Web Filter under the 'Site Blocking Settings' section.
- Turn Web Filter on.
- Set 'Mode' to Blacklist.
Alternatively, you may set 'Mode' to Whitelist to allow access only to specific sites and block access to all others.
- Specify sites that you wish to block under the 'Site Blocking Rules' section.
- Click 'Add' to create a new entry in the list.
- Specify a 'Hostname' that you wish to block.
- Don't forget to save the changes.