dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1472
share rss forum feed


TeddLws

@verizon.net

Problem blocking internet access

I am trying to do something simple that is backfiring on me. Perhaps I am missing the point.

I have 50/20 Verizon Fios through an M1424WR Rev E Gen 2 Actiontec Router with Firmware Rev. 20.19.8. This router is limited to 100 Mbps so I am using a Netgear Bridge to speed up lan speeds for backup purposes etc. As far as I know the bridge filters little with some QOS support if you want it. The devices hooked up to the lan are: 2 pcs via ethernet, 1 notebook pc via wireless, 1 ethenet printer and an NAS.

I want to block all internet access in or out to one, ethernet connected, pc and the NAS. Seems simple enough. Assigned both fixed ips. Set up rules to make it work --et voila it worked fine. That is until I powered down the NAS or the PC. Intermittantly after a power down the rules blocking access by the two devices remain intact but their ips shown under blockinternet services\access control show both devices at 199.101.28.20. Sooo, the devices are assigned and connected at their usual 192.168.1.x addresses but the access rules show the 199.xx as the address. Now, power up the machines and they get full internet access. This is exactly what I didn't want. So now hit resolve now on the rules, the router plugs the correct ips in and the rules work again.

I called tech support and the tech that answered was pleasant enough but indicated that Verizon doesn't support this type of configuration and if I want to try resetting the router he can support that. All that leads nowhere.

Have I made a mistake in my configuration or should I ramp up the pressure and ask them to replace the router?


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL

4 edits
This is what you need to do.

#1 On the devices that you don't want to access the Internet, set them manually on the devices to use only a Static IP and a Subnet Mask.

#2 By leaving the Default Gateway and DNS Servers blank they can not access the net.

a) Unless that is: Another computer on the same LAN that has Internet Access acts a proxy server and they set their web browser to use that proxy server on the correct port of the proxy server.

b) Since the NAS most likely does not have a web browser then by leaving the Default Gateway and DNS Servers blank, then far as I know there is no work around(s) to get online.

#3 As how to do that in the PC, that will depend on the OS and Version of that PC.

For example of how to do it, on Windows XP see portforward.com -> Guides -> Configuring a Static IP Address -> Setup a Static IP address on Windows XP

#4 As how to do that on the NAS: That will depend on the brand, model, hardware version of the NAS and what firmware it has on it.

#5 I don't know for sure if your NAS will let you keep the Default Gateway and DNS Servers blank. I hope it does...
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


JerseyDevil

@verizon.net
Thanks much for the reply. It was all extremely helpful. I had thought of the fixed IP thing but never made the connection to use the other settings to eliminate the risk of outside connections. The NAS did allow me to do the settings as you suggested. It's an inexpensive IOmega that houses a couple of drives. The old pc was, of course, easy to set up. Took at least ten seconds. Now I can get my auto-backups running and use the rest of my virtual toys. Thanks again, Ted


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to TeddLws
You are welcome.

I take that back there are no work around(s) for the NAS.

The only two work around(s) to get the NAS on-line are:

#1 If the DHCP Server in the router is enabled, then to change it back to use DHCP.

#2 OR to enter in the Default Gateway and DNS into the NAS.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.