1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking HDHomeRun Prime Tuner for a user/Mac address using TOMATO 1.28

Discussion in 'Tomato Firmware' started by Tahir Bashir, Dec 12, 2012.

  1. Tahir Bashir

    Tahir Bashir Serious Server Member

    I am using HDHomeRun Prime Tuner. This tuner is connected to network via Ethernet cable. Any computer in network can use this tuner. My sons have tuned this device on their computers. I don't have access to these computers as they keep these computers password protected.

    I am using ASUS router (RT_N66U). I have TOMATO firmware 1.28 installed on this router. I have set access restrictions on my sons computers using their mac addresses.
    This router turns off internet for my kids on certain time daily. But it does not turn off HDHomeRun Prime Tuner connected to network.

    So after internet is off they keep on watching Cable late night. It kills the purpose of turning off the internet.

    I have scheduled some recordings, If I unplug this device from internet it effects my recordings.

    How can I turn off their access to the Tuner without unpluging the ethernet cable?
    Your Help is appreciated.

    I have external portable hard drive connected via USB.

    Currently this drive is shown as "UNKNOWN". How can I assign a name to this drive?

    Your Help is appreciated.
  2. Tahir Bashir

    Tahir Bashir Serious Server Member

    How can I block a particular IP accessing another device on the network.

    I want to block (my son's computer) for connecting to tuner connected on on certiain times?

    And if is already connected to , it needs to disconnect on certain time.
  3. PeterT

    PeterT Network Guru Member

    The problem is that connections on the local LAN do not go via the router; but rather only via the switch or hub in the router.

    One idea might me (but I'm not sure how to implement it) would be to use VLAN's; place your sons on a VLAN and your PC and the Tuner on a different VLAN.

    Then the communications between VLANs would go via the router and you could block their access.
  4. gfunkdave

    gfunkdave LI Guru Member

    Or, you know, you could be a parent and discipline your children for watching TV when they are supposed to be sleeping.
    koitsu likes this.
  5. mpegmaster

    mpegmaster Addicted to LI Member

    AMEN... :cool:
  6. Bird333

    Bird333 Network Guru Member

    You might be able to install ebtables and block them at the mac address level. But the real solution is discipline your kids.
  7. Bird333

    Bird333 Network Guru Member

    Create a virtual AP. unbridge it from br0. Set it on a different network. Then create iptables rules to allow certain access.
  8. Tahir Bashir

    Tahir Bashir Serious Server Member

    Thanks for your reply
    Can you please give me simple way to create VLAN, I will put tuner on VLAN
  9. Tahir Bashir

    Tahir Bashir Serious Server Member

    I appreciate your suggestion but it is hard to discipline teenagers here. They pretend that they are sleeping then they start watching when I am sleeping.
  10. digiblur

    digiblur Networkin' Nut Member

    Just use a vlan like explained above.

    Sent from a little old Note 2
  11. apnar

    apnar Network Guru Member

    A VLAN would normally work for this situation, but with the HD Homerun Prime in particular it will not work. The device will not send its traffic to an address outside it's network segment so as soon as you put it on its own VLAN it will stop working unless you also put what needs to talk to it in that VLAN as well.

    This isn't an easy problem to solve technically; the only options I can think of are to try to cut the computer from the network entirely during the block time. If they are physically connected to the router you could write a job to assign that port to an empty VLAN during that time (I think VLAN changes require a reboot though). If they connect wirelessly you could add the MAC to the block list or turn off wireless entirely for the duration of the block (if you have things that needed to stay connected over wireless create a second network with a secret passphrase).

    Another approach may be just to detect if the viewing occurs. You could write a script to query the Homerun for clients at times during the block. You'd have to deal with punishment after-the-fact but it's an easier thing to do technically.
  12. ArmoredDragoon

    ArmoredDragoon Serious Server Member

    You could make a cron script that either shuts off the port (possible with these little routers?) or switches the port to another vlan, and then changes it back at the appropriate time.

    The hdhomerun also depends on multicast in order to work, you could disable that as well. Strangely, the multicast setting effects all switch ports, regardless of whether the multicast traffic enters the router interface. I guess that works to your advantage.

    I'm still learning the linux side of things here but I do know that on Cisco equipment (I'm a CCNP) you can selectively block MAC addresses on given ports. Not sure how you handle that in linux, or if the switch ports can be managed in such a way. If you really want to have a high level of control, you could always get one of the cheaper managed switches from netgear or trendnet (trendnet's budget switches are VERY good in my experience,) they should be able to do what I describe (though I don't own one so don't quote me on that.)

    EDIT: I'll bet something like this could do it: http://www.newegg.com/Product/Product.aspx?Item=N82E16833150087

    Make sure before you buy though. You'll probably need to learn a thing or two about layer 2 networking regardless of which option you take though, but it would be by far the most elegant solution to your problem, and I'm 90% sure it will be able to do any one of the things I described, in fact, that is a layer 3 switch, so there are probably a bunch of neat things it can do. But again make sure before you buy, prior to a few minutes ago I never knew that model existed.

Share This Page