Jump to content

How to configure my router settings so only certain ip gets internet

IceTeaSRB
Go to solution Solved by IceTeaSRB,

I did it, not the way that i wanted but still did it.

I tried the MAC address and then just block internet access to it, but the thing is, I had to change the mac address for my work boot, because it is the same somehow to my private boot.

I will probably change it so that only MAC addresses that i allow can have access to the internet. That way i dont have to turn off wan to get the mac address banned every time xD. And it is safer so it does not go on internet.

And for Wi-Fi i hope that guest network is not affected by the MAC filtering. I can live with me allowing my other devices trough mac address, but dont want to add every guest all the time to the MAC filter.

I think this is the best for my situation at home and i have room to expand if want, without much trouble.

Thanks for all the suggestions and advice, you guys helped me a lot and lessened my headache. 

Hello,

I want to configure my router settings so only certain IP's have internet access. So when you connect to the IPv4 manually and get approved you have internet. Ideally only for wired connections that this applies for now.
If you have advice or know exactly how to do it it would be much appreciated. 
I have Asus RT-AX53U router.

Thanks 😄

Link to comment
Share on other sites

Link to post
Share on other sites

I think you need a fancier router to do this properly. But I feel like I remember ASUS has a way you can assign IP addresses to certain devices (likely after they are assigned), and then toggle their internet access. But this only works with devices already connected to your network. I don't think those routers can do VLANs or control multiple SSID's with different settings. But this isn't always going to work with modern devices. I noticed my iPhone masks its MAC address for wifi somehow. It shows up as a different device from time to time.

 

I'm confused though. If you don't want wireless devices having internet access, why connect them to your wifi at all? Also, if you don't want wired devices having access until you approve them, don't let them plug in a wire maybe??

Link to comment
Share on other sites

Link to post
Share on other sites

I want wireless to have internet just not wired.

I want this because i have dual boot system, I want one to have internet and one not. But dont want to unplug it because i want it to have access to my local server and of course i dont want to accidentally go online from that system. I have to do this because of work, work one does not have internet and personal does...

 

Link to comment
Share on other sites

Link to post
Share on other sites

Could you disable network drivers on the work system?

 

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

I would just disable the ethernet ports on the device(s).

Link to comment
Share on other sites

Link to post
Share on other sites

24 minutes ago, johnt said:

masks its MAC address for wifi somehow.

Interestingly, in windows you can manually change your MAC address

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

Some routers have an Access Control system, but usually it works by MAC address so you'd need to customize the MAC on at least one OS for it to be able to differentiate them.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, IceTeaSRB said:

dual boot system

Just to confirm, this is one machine with two boot partitions, right? Otherwise it's the same hardware? 
If that's the case you cannot fix this at the router level. The router just sees the hardware and is largely ignorant of what's running on it. 
But if you're booting into the work OS, you should be able to disable the network adapters (in windows this would be in control panel). And if you need to isolate it even harder you could delete the network drivers from that OS.

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, OddOod said:

should be able to disable the network adapters

They said they want local network access

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Kilrah said:

They said they want local network access

Thanks. Missed that. 
I guess OP could try setting up a DNS router on the network and point work machine to that. Might be able to set up a pihole to do that. Don't set an upstream DNS server, ensure add all the machines Work OS needs local access to have static IPs, load those static IPs into the custom DNS section of pihole, point WorkOS DNS to pihole. 

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

Extreme method.

 

Null route every other IP other than those you want internet on.

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18

Link to comment
Share on other sites

Link to post
Share on other sites

Why don’t you just disable the NIC in one of the OSes? It’s so much easier than messing with network stuff. 

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, OddOod said:

Thanks. Missed that. 
I guess OP could try setting up a DNS router on the network and point work machine to that. Might be able to set up a pihole to do that. Don't set an upstream DNS server, ensure add all the machines Work OS needs local access to have static IPs, load those static IPs into the custom DNS section of pihole, point WorkOS DNS to pihole. 

I will try this and let you know.
Can i maybe use this ?

Screenshot_1.png

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, IceTeaSRB said:

Can i maybe use this ?

 

What is that?

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

Am I missing something? Why not just subnet out and block internet access on the VLAN. Assign the blocked VLAN to the ports, and a unblocked VLAN to the wireless network. Firewall them out.

ask me about my homelab

on a personal quest convincing the general public to return to the glory that is 12" laptops.

cheap and easy cable management is my fetish.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Skipple said:

Am I missing something? Why not just subnet out and block internet access on the VLAN. Assign the blocked VLAN to the ports, and a unblocked VLAN to the wireless network. .

I must look in to that, most of the stuff is new to me...

Link to comment
Share on other sites

Link to post
Share on other sites

17 minutes ago, IceTeaSRB said:

Can i maybe use this ?

Seems like it could work. 

 

  

13 minutes ago, Skipple said:

Am I missing something? 

The fact it's just a basic consumer router.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, OddOod said:

Interestingly, in windows you can manually change your MAC address

Sorry it's not "mask" per-say. The devices just create a different MAC address at times. From the fruit corp:

 

image.png.9154fa91675753c1f209b5a128ec2a8d.png

Link to comment
Share on other sites

Link to post
Share on other sites

Someone in another place I follow just mentioned simply setting a manual IP address on the system with an invalid gateway for a similar situation. Should work for you locally but not allow reaching the internet.

F@H
Desktop: i9-13900K, ASUS Z790-E, 64GB DDR5-6000 CL36, RTX3080, 2TB MP600 Pro XT, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Antec Vortex 360 AIO, Thermaltake Versa H25 TG, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Asus Zenbook UM325UA, Ryzen 7 5700u, 16GB, 1TB, OLED

 

GPD Win 2

Link to comment
Share on other sites

Link to post
Share on other sites

I did it, not the way that i wanted but still did it.

I tried the MAC address and then just block internet access to it, but the thing is, I had to change the mac address for my work boot, because it is the same somehow to my private boot.

I will probably change it so that only MAC addresses that i allow can have access to the internet. That way i dont have to turn off wan to get the mac address banned every time xD. And it is safer so it does not go on internet.

And for Wi-Fi i hope that guest network is not affected by the MAC filtering. I can live with me allowing my other devices trough mac address, but dont want to add every guest all the time to the MAC filter.

I think this is the best for my situation at home and i have room to expand if want, without much trouble.

Thanks for all the suggestions and advice, you guys helped me a lot and lessened my headache. 

Link to comment
Share on other sites

Link to post
Share on other sites

18 hours ago, IceTeaSRB said:

it is the same somehow to my private boot.

Because the MAC is the network interface identifier. It's set at the factory and often printed on the board somewhere
But you can override it in OS

5950X/3080Ti primary rig  |  1920X/1070Ti Unraid for dockers  |  200TB TrueNAS w/ 1:1 backup

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×