Posted: Sun Sep 12, 2021 15:10 Post subject: Trying to block WAN access, Help!
In July, we bought a new GE oven, which has a phone app to provide remote control and oven status over our wireless LAN. I wanted to block the oven from any WAN access.
I'm using a WRT1900ACS v2, with DD-WRT v3.0-r44715 std
In Access restrictions, I set:
Policy: 1 (NO WAN)
Status: Enable
Interface: Any (default, can't find documentation on this)
Policy Name: NO WAN
PCs: MAC address of the oven in the list of clients
Deny Internet access during selected days and hours selected.
Days: Everyday checked
Times: 24 Hours selected
I thought that would be sufficient.
A week or so later, I decided to turn off the oven's wireless since we were not really using the remote feature.
Two days after that I received an email that the oven had been disconnected for 48 hours. So apparently the oven had still been in contact with GE in spite of the access restriction.
Yesterday, I re-activated the oven's wireless, found I need to reconfigure/re-pair the app on the oven's own wireless access point, decided it was too much trouble and turned it off again. Four hours later, another email arrived from GE telling me that the oven lost connection.
We might use the remote to set timers or to know when a baking cycle is complete but I'd really prefer not to allow access to/from the internet.
What am I doing wrong?
EDIT:I added my laptop to the list of denied MAC address and immediately lost internet access, so I'm doing something right. There is no other wireless network in range, no unknown devices in the DHCP client list.
You should consider using a more recent release; there have been issues with Access Restrictions for quite some time and it's only recently been in focus to look into and fix.
Might be easier to use Wireless/MAC Filter and enable MAC filter for both radios, set for "Permit only clients listed to access the wireless network" add all your allowed device MAC's to the filter list via "Edit MAC Filter List" button . . . except for the stove?
Not forgetting to add any NEW device MAC's to the list as acquired in the future.
I'll try the beta firmware when I get some time. I usually prefer a stable release, but if it doesn't really do what it says it probably doesn't deserve to be called stable.
It's OK for the oven to use wi-fi and our LAN, letting a phone act as a remote, so the Wireless/MAC filter idea is not what I want. I can turn off the wi-fi radio on the oven to keep it off the LAN. I just want to block the oven's access to the internet.
I'll save the iptables idea for if/when the newer firmware fails me. Might be awhile before I can take the time to experiment.
Joined: 16 Nov 2015 Posts: 6440 Location: UK, London, just across the river..
Posted: Tue Sep 14, 2021 15:26 Post subject:
lkraus wrote:
I'll try the beta firmware when I get some time. I usually prefer a stable release, but if it doesn't really do what it says it probably doesn't deserve to be called stable.
It's OK for the oven to use wi-fi and our LAN, letting a phone act as a remote, so the Wireless/MAC filter idea is not what I want. I can turn off the wi-fi radio on the oven to keep it off the LAN. I just want to block the oven's access to the internet.
I'll save the iptables idea for if/when the newer firmware fails me. Might be awhile before I can take the time to experiment.
Thanks for the ideas.
Bear in mind all DDWRT firmwares are beta, no such a thing as a stable realize.
Classified as a 'stable' is a beta that works well on you and has all the necessary security updates...so known as the "last beta" currently 47381
As well we expect the upcoming beta, as it will contain some major fixes and security updates _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913