April 13, 2010 at 7:00 am #42347
I share my home Internet with some members of my family who are in the same village a few hundred meters of each other thanks to a wireless acces point Connected to my PC with Zeroshell.
I wonder if it is possible to block or to regulate the sharing networks so that some clients can not see each other thanks to the solution and therefore well-zeroshell on how to do it.
I did some research here and there on the forum of Zeroshell but I found nothing that I understand. Nothing to do this …
StéphanApril 13, 2010 at 10:41 am #50114
You could do that if you forced clients to communicate each other via the ZS, so that you can apply some firewall rules and block undesired traffic.April 13, 2010 at 11:51 am #50115
Thank you again to you,
so if I understand it I must reject connections on port 137,138 and 445 on UDP and also 139 and 445 in TCP. Corect?
I went to look in the firewall and I Zeroshell create a new chain that I call samba .
Here the contents of which
Seq Input Output Description Log Active
1 * * REJECT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp spts:137:138 dpts:137:138 reject-with icmp-port-unreachable yes
2 * * REJECT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:139 dpt:139 reject-with icmp-port-unreachable yes
3 * * REJECT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp spt:445 dpt:445 reject-with icmp-port-unreachable yes
4 * * REJECT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 udp spt:445 dpt:445 reject-with icmp-port-unreachable yes
But this does not work. other hand there are a lot of parameter that I do not understand. For example, TCP flags and many other things.
Am I already on the right path?
StephanApril 13, 2010 at 1:24 pm #50116
Problem here is that since all your clients are on the same broadcast domain they won’t communicate via ZS, so these firewall rules are useless. You need to force your clients to communicate via ZS, which could mean setting for every wireless client a /30 subnet, so that they have to pass via ZS to communicate with other clients.April 14, 2010 at 2:01 pm #50117
OK, so if I understand it I need to change the settings of my router. He is currently with with IP 192.168.1.2/255.255.255.0. I would have to configure for example : 192.168.1.2/255.255.255.252.
So the DHCP server could assign only two IP on the same subnet . Is that?April 14, 2010 at 4:09 pm #50118
First of all, I haven’t tried any of these, I am just giving you some tips.
Having a netmask /30 is not very useful. What I would suggest is to use some kind of arp poisoning so that all packets are going to the destination after passing through ZS. As far as I know there is no such thing in the web interface and I seriously doubt if there is something in the cli. So you will have to work out a solution by hacking a little bit.June 28, 2012 at 4:46 pm #50119
I don’t know if you are always here but 4 years ago i would like to thanks you for your help . as we say: Better late than never.
since all this time I was much scattered. So far my slows down the rendering is no longer valid
thank you again .
You must be logged in to reply to this topic.