Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Feb 22, 2009 0:26 Post subject:
Post a screenshot of your access restrictions page.
Wait, before you do that, are you creating TWO policies...one for one time and policy 2 for the second one? How are you blocking computers? By IP, by Mac?
The reason was: For both rules, I have not touched the "Edit list of clients" window. Still, the first one was automatically filled with 192.168.0.100-110, and the 2nd one was 192.168.0.0-0. (I guess it is a feature not a bug )
This was the reason.
I want to block access to a specific IP address to all, but one comuputer 24/7. I've set it to 'Filter'. Under PCs I set the MAC address of the one computer that should have access. I leave times at 24/7. The status is enabled. Under website blocking I put 192.168.0.1/. I'm running V2.4 SP1 on a Linksys WRT54gs. It continues to allow access by other computers. What am I doing wrong?
Can you give me a tip on how to do this? Right now my computer is set to dynamic IP so I can't be sure of it's IP address at any given time. I also can't list all MAC addresses since that's unknown. The only solution I can think of is to give my PC a fixed IP and set a range of IPs that excludes mine. I much prefer to leave it dynamic, however, because ocassionally I use my laptop elsewhere where a dynamic IP is required. Thanks for your help.
Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Feb 22, 2009 14:34 Post subject:
flroots2 wrote:
Can you give me a tip on how to do this? Right now my computer is set to dynamic IP so I can't be sure of it's IP address at any given time. I also can't list all MAC addresses since that's unknown. The only solution I can think of is to give my PC a fixed IP and set a range of IPs that excludes mine. I much prefer to leave it dynamic, however, because ocassionally I use my laptop elsewhere where a dynamic IP is required. Thanks for your help.
Thanks again. When I say MAC addresses are unknown, I mean that unknown computers may be added to the LAN in the future and I don't want to have to add each MAC address as this happens. I need some type of global solution that allows only my computer access.
I need some type of global solution that allows only my computer access.
To manage this I use Builds of DDWRT prior to and including 10/06/2007 as Access Restrictions changed from Allow/Deny to Filter/Deny at some stage later.
If you look at the Wiki about Access Restrictions and go to the bottom of the page and look for previous instructions " older revision of this article" you will see exactly what you want.
However, I'm unsure what version of the WRT54GS you have as it may not be supported by the older DDWRT versions.
Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Feb 22, 2009 16:40 Post subject:
You could assign your computer to a specific IP address, so that it always gets that IP address, and then block the rest of the IP range. That is likely why allow was removed...it is not necessary. _________________ Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1
That is likely why allow was removed...it is not necessary
I totally disagree. I do not see how I could do the things I do, detailed earlier in this thread, without far more than 10 Policies and just using Filter/Deny.
For me it is necessary to have a hierarchical Allow/Deny set to the policies which existed in the beginning.
At some stage the Access Restrictions stopped working for MAC addressing and on WRT54GS v1.1s it was very unreliable when using same builds and the same setup on WRT 54GLs worked(?)
Maybe the fix was to change to Filter/Deny
or
the hierarchical Allow/Deny structure was too slow as the other features bloated the size of DDWRT and the change was implemented.
I may be wrong but I keep finding some people asking for this particular feature and I point them in the direction of a solution.
Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Feb 22, 2009 18:32 Post subject:
Dan wrote:
I may be wrong but I keep finding some people asking for this particular feature and I point them in the direction of a solution.
What I have suggested is a solution to the problem that was being asked about. And it beats the hell out of sending people back to old builds that, while they might be better for what you think they should do, have many other problems... _________________ Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1
Policy 1: Allow MAC addresses X, Y and Z access to the internet.
Policy 10: Deny IP address 192.168.1.0 - 192.168.1.254 access to the internet.
Works like clockwork switching selected IP addresses in and out at selected times of the day so that no more than 6/7 have Internet Connections at peak times of the day and Evening, out of a maximum of 36 PCs/IP addresses.
Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Feb 22, 2009 20:24 Post subject:
You have missed my point, and now are just arguing without really thinking. I have no interest in this; you apparently do. _________________ Warning: I'm "out of my element!"
http://www.youtube.com/watch?v=MjYJ7zZ9BRw&NR=1
(1) I am not arguing but putting the Facts straight as regards Access Restrictions.
(2) Not much thought required about that is there?
(3)Your point being?
[May I suggest an answer here that anyone NOT using the latest, all singing, all dancing version of DDWRT knows nothing and can be curtly dismissed]
(4) If you have no interest in this Topic can I suggest you do not bother commenting about something you have not fully researched.
(5) As you so rightly suggest I do have interest in Access Restrictions (and DDWRT which I have been using constructively for more than 2 years)
)
