Page 2 of 2

Re: Loophole of quota function

Posted: Mon Nov 25, 2013 4:00 am
by sajjadhalai
u can block any mac and any IP, for which u dont want to access ur internet..

go to restriction add rule for and use "blockAllExcept", the list of MAC u want.

and similar function is in bottom "allow list" and use "allow only" for allow list..

u can use as vice versa.
u should use both simaltaneouly to make ur rule perfect..

Re: Loophole of quota function

Posted: Sun Dec 01, 2013 5:24 am
by Cachorro
To sajjadhalai

Thanks for you post, but I don't believe you understand the issue here.
Please re-read my post for Mon Aug 12, 2013 11:27 pm , that example should explain concept of the problem.

Re: Loophole of quota function

Posted: Fri Aug 01, 2014 4:40 am
by yc3948
Cachorro wrote:Hi Eric,
Yes, that would work. And has worked unless someone witty and willingly comes along to 'steal' someone else's Quota by setting their IP to a known IP that is allowed and has still quota available.

Mainly, what I have discovered is resolved by the DHCP tick of "Block MAC addresses assigned a static IP that connect from a different IP", which does not seem to want to work for me.

Say, as I have tested:
I have two computers with their MACs in the DHCP pool assigning them with an IP, say 1 and 2.
If I change the IP on computer #2, to the IP of #1, the router still happily allows traffic thru the gateway and it consumes #1's Quota.
Is this a known issue?
I am happy to send you any of my router's config and logs if you would like to have a look at them (on PM).

Thanks,
Cachorro./


this is why I post here

Re: Loophole of quota function

Posted: Fri Aug 01, 2014 5:59 am
by Cachorro
To Eric.
What do you mean?

Re: Loophole of quota function

Posted: Fri Aug 01, 2014 6:01 am
by Cachorro
Sorry, I didn't mean Eric. I meant YC3948.

Re: Loophole of quota function

Posted: Sun Sep 14, 2014 12:18 am
by Cachorro
Cachorro wrote:Hi,
Has anyone been able to resolve this? :?:
Thanks.

++++++++++
[quote="Postby Cachorro ยป Mon Aug 12, 2013 11:27 pm

Hi Eric,
Yes, that would work. And has worked unless someone witty and willingly comes along to 'steal' someone else's Quota by setting their IP to a known IP that is allowed and has still quota available.

Mainly, what I have discovered is resolved by the DHCP tick of "Block MAC addresses assigned a static IP that connect from a different IP", which does not seem to want to work for me.

Say, as I have tested:
I have two computers with their MACs in the DHCP pool assigning them with an IP, say 1 and 2.
If I change the IP on computer #2, to the IP of #1, the router still happily allows traffic thru the gateway and it consumes #1's Quota.
Is this a known issue?
I am happy to send you any of my router's config and logs if you would like to have a look at them (on PM).

Thanks,
Cachorro./[/quote]
++++++++++++++

Anyone been able to resolve this?
If I want to do it via command line, which file/files would I need to look at editing to achieve it?
And what command/syntax would I be looking at using?

Thanks.

Re: Loophole of quota function

Posted: Wed Nov 05, 2014 7:00 am
by ee6
If you don't need the switch, you can disable it:
http://wiki.openwrt.org/doc/uci/network/switch

You can also only allow certain MAC addresses by configuring the firewall
http://wiki.openwrt.org/doc/uci/firewall

Both of the above will have to be done via SSH.

HTH

Re: Loophole of quota function

Posted: Tue Dec 16, 2014 2:21 am
by Cachorro
In reply to ee6

Thank you ee6, I would have to do my reading on this then.
Just to make sure, this will allow me to block any IP address that is in my DHCP pool, and in my current allowed WAN-LAN firewall, to be blocked if trying to access Internet using a different IP than the one assigned by the DHCP service?

Thank you.

Re: Loophole of quota function

Posted: Sun Jun 07, 2015 11:25 pm
by sajjadhalai
Bloack static Ip wich use different IP
this option works in all routers but this wont work in those routers which have less memory and low Flash ROM..
i,e 2-4 flash rom and 16-32 Ram---that type of rtrs might have not work those options.. else post ur dhcp list full and explain in that and post snapshot for quoatas page also..