WRT54GS Parental Controls and MAC restrictions

Discussion in 'Cisco/Linksys Wireless Routers' started by harshl, Feb 2, 2005.

  1. harshl

    harshl Network Guru Member

    I just installed a WRT54GS for my brother, unfortunately I did not realize that the MAC Address restriction for internet access on the wired side is done through policies in this router which are disabled when the parental controls are turned on.

    Our intent was to have parental controls in place for all machines in the house (which it is doing very well) but block internet access all together using MAC Address restrictions for one or two machines.

    I have scoured for info and have not found anything helpful for this situation. Does anyone know if there is firmware out there that will allow me to block a certain machines internet access while leaving the parental controls active? If not, I would appreciate suggestions for another way of blocking a particular machines access without completely disconnecting it from the network.

    Thanks in advance for any replies,
  2. layerthree

    layerthree Network Guru Member

    You can do MAC filtering with iptables. I'm not sure if there is an easy with the various distros out there, but the default linksys firmware has cron and iptables that you can easily script to do so, even by time.
  3. harshl

    harshl Network Guru Member

    How would access the iptables? I don't remember seeing anything like that in the web interface. Can you telnet to these routers on the default firmware?

    Also, where is a good place to read up on iptables? I run a pair of BSD routers at my place, but I don't believe I have ever done anything with iptables. I would need to find some info on what they do exactly and how to configure them.

    Thank you very much for giving me an idea, if you have some time point me to some docs to help me through the process or to learn more on my own.

    Thanks again,
  4. harshl

    harshl Network Guru Member

    Ok, I have done some research on iptables and I understand what it is and does. Now if someone can tell me how to access it that would be a big help. Also is it possible to set a filter using iptables that will deny traffic from all MAC address' except one that I list?

    If not I can just put in a couple of blocks and I will be in good shape.

  5. layerthree

    layerthree Network Guru Member

    Batbox will be the easiest non-permante way of getting to the box.

    After you try out your command:

    iptables -A FORWARD -i $TRUSTEDIF -j ACCEPT
    iptables -A FORWARD -j ACCEPT 
    iptables -A FORWARD -m mac --mac-source XX:XX:XX:XX:XX:XX -j ACCEPT 
    Where TRUSTDIF = the segment where you want filtering, I believe br0 is the default for the Linksys, since it bridges all 4 of the lan ports.

    This will do exactly what you want. Allow only the address you want and block all the rest. The implicit deny takes precedence, then you're only allowing the mac's you want.

    Once it works out for you, you'd have to read one of the howto's on spinning your own firmware ware.

    Or if you give me your tested rules, if I have time, I'll build one for you.

    Rusty's guide is pretty good for iptables


    I'm the same way, I use to strictly use OpenBSD but where there was the licensing arguement over pf on BSD, I had to switch over to linux for my firewall/router. So your work uses pf, which I think is easier syntax wise, but doesn't have as much features as iptables.
  6. harshl

    harshl Network Guru Member

    That is great information! I think I can take it from here.

    Thank you very much!!!

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice