prohibit access to the sharing of printers, files …

Home Page Forums Network Management Networking prohibit access to the sharing of printers, files …

This topic contains 5 replies, has 0 voices, and was last updated by  staifan13 6 years, 7 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #42347

    staifan13
    Member

    Hello,

    I share my home Internet with some members of my family who are in the same village a few hundred meters of each other thanks to a wireless acces point Connected to my PC with Zeroshell.

    I wonder if it is possible to block or to regulate the sharing networks so that some clients can not see each other thanks to the solution and therefore well-zeroshell on how to do it.

    I did some research here and there on the forum of Zeroshell but I found nothing that I understand. Nothing to do this …

    Stéphan

    #50114

    ppalias
    Member

    You could do that if you forced clients to communicate each other via the ZS, so that you can apply some firewall rules and block undesired traffic.

    #50115

    staifan13
    Member

    Thank you again to you,
    so if I understand it I must reject connections on port 137,138 and 445 on UDP and also 139 and 445 in TCP. Corect?
    I went to look in the firewall and I Zeroshell create a new chain that I call samba .
    Here the contents of which

    samba Rules
    Seq Input Output Description Log Active
    1 * * REJECT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp spts:137:138 dpts:137:138 reject-with icmp-port-unreachable yes
    2 * * REJECT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:139 dpt:139 reject-with icmp-port-unreachable yes
    3 * * REJECT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:445 dpt:445 reject-with icmp-port-unreachable yes
    4 * * REJECT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp spt:445 dpt:445 reject-with icmp-port-unreachable yes

    But this does not work. other hand there are a lot of parameter that I do not understand. For example, TCP flags and many other things.
    Am I already on the right path?
    cordially
    Stephan

    #50116

    ppalias
    Member

    Problem here is that since all your clients are on the same broadcast domain they won’t communicate via ZS, so these firewall rules are useless. You need to force your clients to communicate via ZS, which could mean setting for every wireless client a /30 subnet, so that they have to pass via ZS to communicate with other clients.

    #50117

    staifan13
    Member

    OK, so if I understand it I need to change the settings of my router. He is currently with with IP 192.168.1.2/255.255.255.0. I would have to configure for example : 192.168.1.2/255.255.255.252.
    So the DHCP server could assign only two IP on the same subnet . Is that?

    #50118

    ppalias
    Member

    First of all, I haven’t tried any of these, I am just giving you some tips.
    Having a netmask /30 is not very useful. What I would suggest is to use some kind of arp poisoning so that all packets are going to the destination after passing through ZS. As far as I know there is no such thing in the web interface and I seriously doubt if there is something in the cli. So you will have to work out a solution by hacking a little bit.

    #50119

    staifan13
    Member

    Hello ppalias,
    I don’t know if you are always here but 4 years ago i would like to thanks you for your help . as we say: Better late than never.
    since all this time I was much scattered. So far my slows down the rendering is no longer valid
    thank you again .
    Cordialy
    Stéphan

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.