tl-wr-841 for access limitation to main router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

tl-wr-841 for access limitation to main router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
tl-wr-841 for access limitation to main router
tl-wr-841 for access limitation to main router
2022-06-17 00:25:22
Model: TL-WR841N_EU  
Hardware Version: V14
Firmware Version: 0.9.1 4.17 v0001.0 Build 200903 Rel.58674n

I would like to use one of my tl-wr-841 (v10/v14) in the following way:

 

All connected Devices should be connected to Internet vi wlan (wisp Mode ?) with my telephone companies router (main router):

- the devices should only have acess to certain ip addresses and ports in the main routers network. (example: printer at the main router), the rest should be blocked.

 

What I managed to do with the v14 in wisp mode is the following:

- block any access to devices inside the main routers network by using an added advanced routing entry

- block access to single devices inside the main routers network vi access control

 

What I did not manage to do:

- block access to nearly all ports of the main router (example: configuration interface) while keeping one port open (example: 9100 for jet direct printer), and keep the connection to the Internet open - when I tried with access control, the Internet connection was broken too)

 

I think this is possible via linux iptables. Can it be done with the tl-wr-841. How ?

I only use ipv4 at the Moment. Thanks in advance.

 

ranalog

 

  0      
  0      
#1
Options
3 Reply
Re:tl-wr-841 for access limitation to main router
2022-06-17 07:52:37 - last edited 2022-06-17 09:36:31

  @ranalog 

 

Try using the Access Control on the WR841N to do that:

1. Configure Rule type like this:

 

 

Don't Enable Internet access control.

 

2. Configure target host (your main router IP address) and the printer port 9100:

 

 

3. Add two new rules:

 

One for Direction IN:

 

One for Direction OUT:

 

Then test if you have Internet on WR841N connected devices and can access your printer on port 9100.

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#2
Options
Re:tl-wr-841 for access limitation to main router
2022-06-17 13:06:27

  @terziyski

Your description will not solve the issue:

if I keep acess control disabled, the rules will not be effective (any device will be able to access any other) - if I enable access control, I only have access to port 9100 of the (main) router (in your example: test_target), (printing works) but no acess through the main router (in your example: test_target) to the internet.

 

For me it is important, that packets to/from the internet will be forwarded by the main router, but the main router itself will only be accessible at ports (in this example 9100) I allow

 

regards ranalog

  0  
  0  
#3
Options
Re:tl-wr-841 for access limitation to main router
2022-06-18 03:41:42 - last edited 2022-06-18 06:16:23

  @ranalog 

 

Yes, you're correct, this access control setup won't meet your needs.

Your best bet is to enable 'Enable Internet access control' and switch the default filtering rule to 'Allow'.

Then create two targets for your main router and set its IP address with port ranges '1-9099' (first one) and '9101-65535' (second one).

Create two rules that deny these targets in direction 'Out'.

If this was tested and described in your initial post (broken internet connection) then you don't have any other options.

 

To restrict access to devices in your main router's network you may try the following:

Add new targets (by their MAC address) for every device in your main router's network.

Then create a rule for every target with Rule 'deny' in Direction 'OUT'.

The downside of this approach is that if the number of devices connected to your main router are more than the rules WR841N can handle, this won't work either.

Or maybe better:

Let's say that the devices connected to your main router are in the IP address range 192.168.0.1 to 192.168.0.100.

Then you can restrict access to these with only one target and one rule:

 

If this was helpful click on the arrow pointing upward to make it blue. If this solves your issue, click the star to make it blue and mark the post as a "Recommended Solution".
  0  
  0  
#4
Options