Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 25 November 2024, 01:21:13 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Restricting access for one WiFi client to Internet only.
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Restricting access for one WiFi client to Internet only.  (Read 16428 times)
UTM_Novice
Jr. Member
*
Offline Offline

Posts: 5


« on: Thursday 02 April 2020, 01:32:57 pm »

I'm a bit lost with something I'm trying to do here...

For background, I have EFW 3.3.0, running on a multi-homed HP RP5700 Desktop, with the ubiquitous Green, Red, and Blue zones.

The Blue zone connects to a DLink DIR-890L router, which has three separate networks, routed back through it's 172.16.x.x/16 address to the EFW Box/Internet and Local LAN. My WiFi clients connect to the router using WPA2/PSK, with a complex password arrangement. I've "punched" some inter-zone holes from Blue to Green, to allow file/print access for WiFi-connected devices.

In essence, then, there is a blanket exemption from the 172.16.x.x/16 address on the routers ethernet link, through the EFW appliance to a number of fixed (192.168.1.x/24) addresses on the LAN. Naturally, only devices we've authenticated are able to get on to the WiFi network, and thus access internal resources.

Recently, my wife was given a (very nice) work laptop to use for work, and we'd prefer that this device is allowed to access the Internet only (i.e. not able to take advantage of the Blue to Green exemptions granted to our own devices).

Is this doable?

In an ideal world, I'd simply go into the exemption rule (Inter-zone traffic), and add exemptions based on individual MAC addresses. However, even if I did that (for example, "excluding" one of the WiFi SSIDs from the rule), it would not work, as they are all seen as the 172.16.x.x/16 address on the ethernet LAN (from the Firewall's perspective).

I'm probably missing something basic, but would appreciate any help people can offer...

Logged
toka
Full Member
***
Offline Offline

Posts: 13



« Reply #1 on: Monday 10 August 2020, 11:53:53 pm »

Close Laptop Network Card (MAC) to Green Network
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com