Possible to isolate a client?

Discussion in 'Tomato Firmware' started by pen2, Mar 22, 2008.

  1. pen2

    pen2 LI Guru Member

    Hi there,

    I have a WRT54GS and recently I received an IPTV receiver from my dsl provider.
    For security reasons, I wish to isolate the IPTV receiver in the following manner:

    The IPTV receiver is connected to the router via lan, but cannot speak to any other client on the lan/wlan; it can, however, access the internet.

    This would minimize the risk of a trojanized box, as it could "only" spread outwards, but could not tap my internal data.

    Is this possible?
  2. ifican

    ifican Network Guru Member

    You would have to be running a 3rd party firmware that allowed you to identify ports by vlans and put the iptv in its own vlan. This would accomplish just what you want to do.
  3. Joro711

    Joro711 Network Guru Member

    In Access Restriction make block internet access for this client.But if client change IP,again have access.Sorry for my bad english.
  4. pen2

    pen2 LI Guru Member

    is this possible with tomato or do I need something like DD/OpenWRT?

    Not exactly what I want - I want to give internet access to the IPTV receiver but I want to "lock it out" of my other clients in the local lan
  5. srouquette

    srouquette Network Guru Member

  6. mikester

    mikester Network Guru Member

    try using different subnets to keep the traffic seperate?
  7. ifican

    ifican Network Guru Member

    Yes you can do it with tomato, but you will have to get someone to help you make the changes via the command line. DD-WRT has it built in, i dont remember what setting it is under but it there. Currently i have tomato loaded so i can't check for you but i know someone will know, an I know there is someone out there that would be willing to help you write the script. I really should learn to do it myself but i have been lazy about it. That and trying to pickup juniper command line has not been easy :).
  8. pen2

    pen2 LI Guru Member

    For DD I found this:
    and this:

    so it seems to me, that the only thing missing is the relationship port 4 <--> vlanX which was done with the GUI of DD, the rest seemed to be quite generic.

    Oh, and one more thing: The port which gets separated from the rest (and wlan) should be able to receive multicast packets (iptv...)

    Thanks for all your help so far!
  9. ifican

    ifican Network Guru Member

    Those were the exact articles i was referring too but could not remember where they were. Now for the second part of the question i dont know. You should beable to create a firewall script that allows say host A to reach host B on port x. I can do it with other devices but i have never tried with tomato or dd-wrt.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice