How to resrict voip/ATA box to internet communicaton only

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
student13
DD-WRT User


Joined: 17 Nov 2016
Posts: 95
PostPosted: Sun Jun 17, 2018 6:24    Post subject: How to resrict voip/ATA box to internet communicaton only Reply with quote
Hi, I have a voip / ATA box (Grandstream HT 812) hooked up to my Linksys WRT1900AC by Ethernet cable.

I wish to create an iptable rule to restrict communication of that voip box to the internet only, no communication to other devices on my network...(My intent is that someone will not be able to use my voip box to redirect traffic on the network or communicate /see other devices on the network).

Good to know:

-I did not know how to exactly search for this topic, and the results I got were confusing.

- I have a wireless virtual lan, a "guest network" that restricts my wifi android TV box to the net, on 192.168.20.1.

-HERE ARE my iptables rules, my printer is static ip on
192.168.1.110

iptables -I FORWARD -s 192.168.1.110 -o `get_wanface` -m state --state NEW -j REJECT
iptables -I FORWARD -p tcp --dport 20005 -j REJECT
iptables -I INPUT -p tcp --dport 20005 -j REJECT
iptables -I OUTPUT -p tcp --dport 20005 -j REJECT
iptables -I FORWARD -p tcp --dport 9100 -j DROP
iptables -I OUTPUT -p tcp --dport 9100 -j DROP

THANKS.
Back to top View user's profile Send private message
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Sun Jun 17, 2018 11:48    Post subject: Reply with quote
1) Separate the Voip box on a separate VLAN and IP sub-net.

2) VLAN does not work on the Marvell chip-set. Replace your Linksys WRT1900AC with a Linksys EA8500, Netgear R7800 or Broadcom based unit.

See the Marvell forum for the hardware capabilities for your router.
Back to top View user's profile Send private message
student13
DD-WRT User


Joined: 17 Nov 2016
Posts: 95
PostPosted: Thu Jun 21, 2018 4:39    Post subject: Reply with quote
Per Yngve Berg wrote:
1) Separate the Voip box on a separate VLAN and IP sub-net.

See the Marvell forum for the hardware capabilities for your router.


The wrt1900ac v1, does support wireless vlans on the stock firmware and so far following these instructions, I seems to allow me to make one :

http://tips.desipro.de/2013/12/06/guest-wifi-setup-dd-wrt/

IS there any command nmap that I can use to proove that my wireless vlan is not working. So far it seems to keep devices in (wirelessly) in a limited ip range , not being able to communicate outside that internal limited ip range. AS well it allow access to the internet.


Per Yngve Berg wrote:
1) Separate the Voip box on a separate VLAN and IP sub-net.

See the Marvell forum for the hardware capabilities for your router.


I know how to kind of do that by the insurrection on he website I listed above, but how do I do that with a wired Ethernet connection.
Back to top View user's profile Send private message
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6870
Location: Romerike, Norway
PostPosted: Thu Jun 21, 2018 7:38    Post subject: Reply with quote
You have mixed up the terminology.

VLAN = wired ports on a switch.

VAP = An extra SSID and sub-net on a wireless AP.


VLAN is cipset dependant. You have to post in the Marvell forum.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum