Difference between revisions of "Blocking Internet Access for LAN Clients"

From Teltonika Networks Wiki
Line 1: Line 1:
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.4'''] firmware version .</p>
+
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.08'''] firmware version .</p>
 
==Introduction==
 
==Introduction==
  
Line 16: Line 16:
 
             <li>Set 'Destination Zone' to <i>wan</i>.</li>
 
             <li>Set 'Destination Zone' to <i>wan</i>.</li>
 
             <li>Click 'Add'.</li>
 
             <li>Click 'Add'.</li>
         </ol>[[File:New rule traffic rule Block LAN.png|border|class=tlt-border]]
+
         </ol>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_7.8.png|border|class=tlt-border|800x117px|center]]
 
     </li>
 
     </li>
 
</ul>
 
</ul>
Line 25: Line 25:
 
     <li>To block all LAN clients from accessing the Internet, set up the rule like this:
 
     <li>To block all LAN clients from accessing the Internet, set up the rule like this:
 
         <ol>
 
         <ol>
             <li>Set 'Protocol' to <i>Any</i>.</li>
+
             <li>Choose 'Protocol' <i>All</i>.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
         </ol>[[File:Networking device faq blocking internet access for lan clients v4 2.png|border|class=tlt-border]]
+
         </ol>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_drop_7.8.png|border|class=tlt-border]]
 
     </li>
 
     </li>
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li>
+
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Traffic_rule_on_off.gif|border|class=tlt-border]]</li>
 
</ul>
 
</ul>
  
Line 37: Line 37:
 
     <li>To block a single LAN client from accessing the Internet, set up the rule like this:
 
     <li>To block a single LAN client from accessing the Internet, set up the rule like this:
 
         <ol>
 
         <ol>
             <li>Set 'Protocol' to <i>Any</i>.</li>
+
             <li>Set 'Protocol' to <i>All</i>.</li>
             <li>Set 'Source address' to the the one that you wish to block.</li>
+
             <li>Set 'Source IP address' to the the one that you wish to block.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
         </ol>[[File:Traffic rule single config Block LAN.png|border|class=tlt-border]]
+
         </ol>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_drop_specific_ip_7.8.png|border|class=tlt-border]]
 
     </li>
 
     </li>
     <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>192.168.1.100/30</i> as the 'Source address' would denote a range of 192.168.1.100 to 192.168.1.103.<br>[[File:Traffic rule single subnet config Block LAN.png|border|class=tlt-border]]</li>
+
     <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>192.168.1.100/30</i> as the 'Source address' would denote a range of 192.168.1.100 to 192.168.1.103.<br>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_drop_specific_ips_7.8.png|border|class=tlt-border]]</li>
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li>
+
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Traffic_rule_on_off.gif|border|class=tlt-border]]</li>
 
</ul>
 
</ul>
  
Line 51: Line 51:
 
     <li>To block all LAN clients from accessing specific IP address, set up the rule like this:
 
     <li>To block all LAN clients from accessing specific IP address, set up the rule like this:
 
         <ol>
 
         <ol>
             <li>Set 'Protocol' to <i>Any</i>.</li>
+
             <li>Set 'Protocol' to <i>All</i>.</li>
 
             <li>Set 'Destination address' to the the one that you wish to block.</li>
 
             <li>Set 'Destination address' to the the one that you wish to block.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
 
             <li>Set 'Action' to <i>Drop</i>.</li>
         </ol>[[File:Traffic rule destination config Block LAN.png|border|class=tlt-border]]
+
         </ol>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_drop_specific_ip_dest_7.8.png|border|class=tlt-border]]
 
     </li>
 
     </li>
     <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>10.0.0.0/8</i> as the 'Destination address' would denote a range of 10.0.0.0 to 10.255.255.255<br>[[File:Traffic rule destination subnet config Block LAN.png|border|class=tlt-border]]</li>
+
     <li>Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying <i>10.0.0.0/8</i> as the 'Destination address' would denote a range of 10.0.0.0 to 10.255.255.255<br>[[File:Blocking_internet_access_for_lan_clients_traffic_rule_new_drop_specific_ips_dest_7.8.png|border|class=tlt-border]]</li>
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Networking_device_faq_blocking_internet_access_for_lan_clients_3.gif|border|class=tlt-border]]</li>
+
     <li>If you later wish to undo the changes, you can delete the rule or turn it off.<br>[[File:Traffic_rule_on_off.gif|border|class=tlt-border]]</li>
 
</ul>
 
</ul>
  
Line 68: Line 68:
 
             <li>Turn Web Filter on.</li>
 
             <li>Turn Web Filter on.</li>
 
             <li>Set 'Mode' to <i>Blacklist</i>.</li>
 
             <li>Set 'Mode' to <i>Blacklist</i>.</li>
         </ol>[[File:Site blocking config Web filter.png|border|class=tlt-border]]<br>Alternatively, you can set 'Mode' to <i>Whitelist</i> to allow access only to specific sites and block access to all others.
+
         </ol>[[File:Blocking_internet_access_web_filter_enable7.8.png|border|class=tlt-border]]<br>Alternatively, you can set 'Mode' to <i>Whitelist</i> to allow access only to specific sites and block access to all others.
 
     </li>
 
     </li>
 
     <li>Specify sites that you wish to block under the 'Site Blocking Rules' section.
 
     <li>Specify sites that you wish to block under the 'Site Blocking Rules' section.
Line 74: Line 74:
 
             <li>Click 'Add' to create a new entry in the list. You may add as many entries as you wish.</li>
 
             <li>Click 'Add' to create a new entry in the list. You may add as many entries as you wish.</li>
 
             <li>Specify a 'Hostname' that you wish to block.</li>
 
             <li>Specify a 'Hostname' that you wish to block.</li>
 +
            <li>Enable the instance, which will be blocked.</li>
 
             <li>Don't forget to save the changes.</li>
 
             <li>Don't forget to save the changes.</li>
         </ol>[[File:Site blocking example config Web Filter.png|border|class=tlt-border]]
+
         </ol>[[File:Blocking_internet_access_web_filter_site7.8.png|border|class=tlt-border]]
 
     </li>
 
     </li>
 
</ul>
 
</ul>
  
 
[[Category:Router control and monitoring]]
 
[[Category:Router control and monitoring]]

Revision as of 15:10, 25 July 2024

Main Page > General Information > Configuration Examples > Router control and monitoring > Blocking Internet Access for LAN Clients

The information on this page is updated in accordance with the 00.07.08 firmware version .

Introduction

This article contains instructions o how to block Internet access for LAN clients using a Teltonika-Networks device.

Blocking WAN (Internet) access

Access between your end device and other networks is controlled by your network device's (router, gateway) firewall. Therefore, in order to set networks access limitations you will need to modify the firewall configuration. In the Teltonika-Networks devices this can be done over the Network → Firewall page.

  • First, go to the Network → Firewall → Traffic Rules page.
  • Scroll down to the 'Add New Forward Rule' section and create a rule such as this:
    1. Create a custom name for the rule.
    2. Set 'Source Zone' to lan.
    3. Set 'Destination Zone' to wan.
    4. Click 'Add'.
    Blocking internet access for lan clients traffic rule new 7.8.png

All clients

  • To block all LAN clients from accessing the Internet, set up the rule like this:
    1. Choose 'Protocol' All.
    2. Set 'Action' to Drop.
    Blocking internet access for lan clients traffic rule new drop 7.8.png
  • If you later wish to undo the changes, you can delete the rule or turn it off.
    Traffic rule on off.gif

Single client or range of clients

  • To block a single LAN client from accessing the Internet, set up the rule like this:
    1. Set 'Protocol' to All.
    2. Set 'Source IP address' to the the one that you wish to block.
    3. Set 'Action' to Drop.
    Blocking internet access for lan clients traffic rule new drop specific ip 7.8.png
  • Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying 192.168.1.100/30 as the 'Source address' would denote a range of 192.168.1.100 to 192.168.1.103.
    Blocking internet access for lan clients traffic rule new drop specific ips 7.8.png
  • If you later wish to undo the changes, you can delete the rule or turn it off.
    Traffic rule on off.gif

Blocking a specific IP or network

  • To block all LAN clients from accessing specific IP address, set up the rule like this:
    1. Set 'Protocol' to All.
    2. Set 'Destination address' to the the one that you wish to block.
    3. Set 'Action' to Drop.
    Blocking internet access for lan clients traffic rule new drop specific ip dest 7.8.png
  • Alternatively, you can specify an IP address/netmask combination to include a range of addresses. For example, specifying 10.0.0.0/8 as the 'Destination address' would denote a range of 10.0.0.0 to 10.255.255.255
    Blocking internet access for lan clients traffic rule new drop specific ips dest 7.8.png
  • If you later wish to undo the changes, you can delete the rule or turn it off.
    Traffic rule on off.gif

Blocking a specific site(s)

Note: On RUT and TRB series devices, Web Filter is additional software that can be installed from the System → Package Manager page.

  • To block access to a website for LAN clients, go to Services → Web Filter.
  • Set the main parameters of Web Filter under the 'Site Blocking Settings' section.
    1. Turn Web Filter on.
    2. Set 'Mode' to Blacklist.
    Blocking internet access web filter enable7.8.png
    Alternatively, you can set 'Mode' to Whitelist to allow access only to specific sites and block access to all others.
  • Specify sites that you wish to block under the 'Site Blocking Rules' section.
    1. Click 'Add' to create a new entry in the list. You may add as many entries as you wish.
    2. Specify a 'Hostname' that you wish to block.
    3. Enable the instance, which will be blocked.
    4. Don't forget to save the changes.
    Blocking internet access web filter site7.8.png
Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Blocking_Internet_Access_for_LAN_Clients&oldid=129524"