Access Restrictions - MAC/IP filtering doesn't work RC3-RC6

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
zen_seeker
DD-WRT Novice


Joined: 16 Jan 2008
Posts: 23

PostPosted: Fri Jan 18, 2008 14:22    Post subject: Access Restrictions - MAC/IP filtering doesn't work RC3-RC6 Reply with quote
I've been testing this on a few images with my WRT350N and it doesn't work. When searching for answers to my issue I've read that this is a problem for at least the RC3 to RC6.2 images.

Allow with Time settings seems to be the cause of the issue. Deny works fine on 24 hour but Allow with anythig other than 24 hour fails. (I suspect that the Allow is failing to but since the default is "all have full access unless otherwise stated" it's not really making a difference.)

Can anyone point to an image that does support this function properly? (It might be just the WRT350N that's an issue but from what I've read this isn't the case.)

Thanks
Sponsor
Eko
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 5771

PostPosted: Fri Jan 18, 2008 14:32    Post subject: Reply with quote
If you have allow policies, you must make last policy (e.g.10) to deny all /all times.
zen_seeker
DD-WRT Novice


Joined: 16 Jan 2008
Posts: 23

PostPosted: Fri Jan 18, 2008 16:44    Post subject: Reply with quote
Hmm... I didn't with the stock firmware...if I recall correctly. I've also seen it work without that at work...but it's a MUCH better Cisco router.

Another way is to just deny the same MAC in a second rule 24/7 but it takes a second rule to make it work. (Used to do this on the old router or make two Deny rules that leave a window open in the middle.)

If that's the only way it's going to work I can live with it...but may I ask what you think/believe is the best image for teh WRT350N from your point of view? (I know you don't have one but you've read and support far more than I have in my two week membership here.)

I've tried the latest release in RC6.2, the latest in your and CaScAdE's USB thred, and the current MINI I started with. After the MINI they all installed fine over HTTP.

USB support isn't a big deal, nice to have but I have NAS devices that support that. So which ever you think is the least buggy or has the most support is fine by me. I only moved from RC6.2 to see if older versions worked.

Thanks for your time and opinion.

Eko wrote:
If you have allow policies, you must make last policy (e.g.10) to deny all /all times.
Dan
DD-WRT User


Joined: 05 Nov 2006
Posts: 399
Location: UK

PostPosted: Fri Jan 18, 2008 20:41    Post subject: Reply with quote
I have been using Timed Access restrictions for over 15 months now using MAC and IP mixed and have been able to make it work with well over 99% success.

12 months ago I could Allow a policy at EXACTLY the Same time as the BLOCK to make the policy work started to operate.

The later Version of DDWRT I am using does not seem to allow this.

Amplification:-

Policy 10 Blocks all IPs from ***.***.***.2 to ***.***.***.254 from 08.57 to 23.00hrs
(used to be 09.00 to 2300)
Policy 1 Allows IPs from ***.***.***.91 to 100 from 09.00 to 10.57
Policy 2 Allows IPs from ***.***.***.111 to 120 from 11.00 to 12.57
etc.

This works.

Notice the time gap between Finishing and Starting the new set. Any less and I had problems. Clients did not get switched out.

Policy 10 used to be:-

Block All IPs from ***.***.***.2 to ***.***.***.254 from 09.00 to 23.00hrs.

This no longer works as the Policy 1 Clients do not get switched in.

In the Allow Policies I have a mix of IPs and MAC addresses. I am now back in control. ( for the moment that is until I start making changes.)
zen_seeker
DD-WRT Novice


Joined: 16 Jan 2008
Posts: 23

PostPosted: Fri Jan 18, 2008 21:11    Post subject: Reply with quote
BTW - What router do you use?

Thanks for the confirmation that it DID work in the past.

I've only set rules 1 & 2 in place with rule 7 as a block just for the MAC I want to block.

Rule 1 - Allow, Mon. to Fri., between 5pm and 9pm by MAC
Rule 2 - Allow, Sat. & Sun., between noon and 5pm by MAC

Rule 7 - Deny, 24/7 by MAC

This is the older way I know and it sounds like it's the same thing you've done. I applied it early this moning remotely but need to test it at home tonight. It should work unless the section is screwed.

Regards!
zen_seeker
DD-WRT Novice


Joined: 16 Jan 2008
Posts: 23

PostPosted: Fri Jan 18, 2008 21:34    Post subject: Reply with quote
My daughter has confirmed that only the Deny is working with the above settings. The time I open to allow the MAC to connect does not work.
Dan
DD-WRT User


Joined: 05 Nov 2006
Posts: 399
Location: UK

PostPosted: Sat Jan 19, 2008 1:01    Post subject: Reply with quote
Try using IP address to Deny Access.

This works on WRT54GL and WRT54GSv1.1.

I have made the mistake in the past of not clicking the ENABLE button on the policy to give WEB access. Check this.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum