Is it possible to restrict LAN access?

Discussion in 'Tomato Firmware' started by HKPolice, Jun 25, 2009.

  1. HKPolice

    HKPolice Network Guru Member

    Here's my setup: 2x Tomato routers on the same subnet, both connected to the internet via WAN ports. Some of the users are only allowed to use router #1 (their default gateway) to access the net, whereas some other users are allowed to use both routers at the same time and their default gateway is set to router #2.

    I have UPnP enabled on both routers, but for some reason, UPnP entries start appearing on the second router from IPs that are not supposed to be using it, their default gateway is router #1.

    I've already put access restriction rules on router #2 to deny internet access from all IPs that are not supposed to access it. Is it possible to deny LAN access as well?

  2. Toastman

    Toastman Super Moderator Staff Member Member

    I've been doing the same for several months now, the appropriate gateway is issued by DHCP from the main router. While I often see a client opening ports on *both* routers, it invariably uses the correct one for traffic. Occasionally there will be the few rogue connections using the wrong gateway, I've never figured out why.

    The UPnP spec actually says that a client should be able to discover and use gateway devices using this protocol, so perhaps we are complaining about something that it actually should be doing anyway.
  3. HKPolice

    HKPolice Network Guru Member

    That sucks :(

    Anyone else have experience with this? Is there no way of restricting LAN access within the same subnet? :(
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice