Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Untangler
    Join Date
    Dec 2020
    Posts
    37

    Question Block outbound webcam traffic

    I have a wireless nursery webcam that I only need to access locally. By default and without an option to disable it, the cam is accessible from the internet. I believe it is encrypted, but I very much want to block the outbound traffic of this device. If I need remote access, I'll vpn in.
    Any ideas on how to achieve this?

    Thank you!

  2. #2
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    787

    Default

    Quote Originally Posted by dvdwsn View Post
    I have a wireless nursery webcam that I only need to access locally. By default and without an option to disable it, the cam is accessible from the internet. I believe it is encrypted, but I very much want to block the outbound traffic of this device. If I need remote access, I'll vpn in.
    Any ideas on how to achieve this?

    Thank you!
    Find out what port it is using to the outside world, IMO put it on a dedicated IOT network so it's not snooping on the main network..
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,687

    Default

    On several IoT devices, I make the DHCP IP static in Config -> Network -> DHCP Server. Then block that IP from the WAN in Config -> Network -> Filter Rules.
    dvdwsn likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangler
    Join Date
    Dec 2020
    Posts
    37

    Default

    Quote Originally Posted by dashpuppy View Post
    IMO put it on a dedicated IOT network so it's not snooping on the main network..
    That's a great idea. Are there any tutorials for doing this with Untangle?
    dashpuppy likes this.

  5. #5
    Untangler
    Join Date
    Dec 2020
    Posts
    37

    Default

    Quote Originally Posted by jcoffin View Post
    On several IoT devices, I make the DHCP IP static in Config -> Network -> DHCP Server. Then block that IP from the WAN in Config -> Network -> Filter Rules.
    So, set static reservation in DHCP, then add a rule, Source Address, is, ip-of-device, action-block?
    I don't have any filter rules currently. I thought they were more for blocking inbound traffic?

  6. #6
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    787

    Default

    Quote Originally Posted by dvdwsn View Post
    That's a great idea. Are there any tutorials for doing this with Untangle?
    Yes on my YT Channel.
    dvdwsn likes this.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  7. #7
    Untangler
    Join Date
    Dec 2020
    Posts
    37

    Default

    Is it part of the VLAN video? I don't see one that mentions IoT in the title.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    IoT is a class of devices. VLAN is a layer 2 division. Typically you make use of a VLAN and an associated IP network to isolate problematic devices... like IoT.

    The terms can bury you, but logically it's not that complicated. Make a network that exists only for IoT stuff, put it somewhere, make your IoT devices use it, and then you can make rules in the various apps referencing that network to define the controls you want.

    If you only have 1 device to worry about, that's overkill. But doing all that means you can add more of those devices and get the control you want quickly just because you've got a special network segment, that also may or may not have wireless bolted into it that does what you want already.
    Kyawa and dashpuppy like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    That Which Lurks Below
    Join Date
    Jul 2018
    Posts
    50

    Default

    Quote Originally Posted by dvdwsn View Post
    That's a great idea. Are there any tutorials for doing this with Untangle?
    In brief:
    1. identify an unused interface on the NG Firewall
    2. connect a switch or AP to this interface
    3. connect your IoT devices to this switch/AP
    4. create this Filter Rule (adjusted for your interface):
    2022-04-29 15_20_54.png

  10. #10
    Untangler
    Join Date
    Dec 2020
    Posts
    37

    Default

    I have a managed Unifi switch that can support VLANs. I'd like to do that instead of the good alternate option gravenscroft suggested, so that wireless clients can be segmented as well.
    How do you tag the devices? Is it by host, or device? I'm honestly not really sure of the difference there.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2