Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    Jul 2017
    Posts
    3

    Default Blocking certain machine accessing other parts of network

    Hello all,

    I am new to Untangle. I know some networking but not too sure on when creating certain firewall rules.

    I want to create a rule whereby, certain machines on my network, I want to block all network traffic except port 80 and/or port 443. These machines are TV boxes, eg EE TV or Android TV etc.

    This what I have done, but I am not able to test the rules. I need your opinion to see if this will solve the issue.

    1) I created user names for these devices = tv-box.
    2) Then I created a Policy and installed Firewall in there.
    3) Created a rule which allows port 80 and 443.

    I also checked firewall logs, and at the moment I can't see anything else which needs blocking.

    Thanks
    f1assistance likes this.

  2. #2
    Master Untangler f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    447

    Default

    I'm curious about your reason/need to try and isolate these devices and their traffic within your "network"?
    You do realize Untangle resides on the perimeter of the LAN and only controls traffic entering/exiting your domain right?
    I've segregated such unmanaged devices by placing them on their own LAN (additional NIC/WAP) and separate subnet...then bypassed their traffic out to the interweb. TNO!
    Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM

  3. #3
    Newbie
    Join Date
    Jul 2017
    Posts
    3

    Default

    Hi

    Thank you for your reply.

    I only have one NIC for LAN. I have about 20 devices including a NAS, Laptops, TV Boxes, Nest Thermostat etc etc...

    Thethinking is that TV Boxes, Nest etc, only needs internet access, so give them just internet, block access to NAS and Laptops.
    NAS doesn't need access to TV Boxes and Nest, so block access.

    So, I was experimenting different rules to cater for these kind of settings and make the network more secure.

    Regards

  4. #4
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    447

    Default

    You can't block traffic between local devices without segmenting your network.

    Devices on the same network/VLAN/subnet talk to each other directly without going through the router/firewall. So the router/firewall CAN'T stop the traffic between devices in that case, as it never sees it to begin with.

    You could still block certain devices form contacting the internet, though, via filter or firewall rules.

    To segregate traffic within your network you would need different subnets or VLANs. For VLANs you would need to read up on how they work and make sure your switch infrastructure can support VLANs. For subnets you would still need to read up, and also learn static routing in Untangle.

    A lot of people, including myself, do this with VLANs. I use one for Local trusted devices, one for IoT devices, one for guest wifi. Note that you still can't stop the devices inside of a single VLAN from talking to each other - just like above. But you can stop one VLAN from talking to another VLAN.

  5. #5
    Newbie
    Join Date
    Jul 2017
    Posts
    3

    Default

    Thank you Jason.

    VLAN is not on the table as more expense. I wll look into different subnets to begin with.

    Regards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2