Hi I'm new on the forum so "Hi" everyone.
This looks like an excellent solution for the use for my intended use.
A friend has a share house with 5 students and, you guessed it, one of the students is using the whole month's downloads by the 3rd week on a regular basis.
Gargoyle can obviously resolve this - fixed DHCP addresses, fixed monthly allocation per IP, fixed total download per month, etc - but my issue is that the Gargoyle will be in a public area and I would like to disable the wired LAN ports.
Other firmwares have the ability to stop traffic through various ports with a little coding magic and I was wondering if a) this is possible with this firmware and b) if anyone on this forum has the knowledge and would be so kind as to guide me as to how to achieve this.
Also would it be undoable via wireless once done if I need to reflash or do some heavy maintainence?
Thanks in advance and thanks to all on the board offering help, it's already been a great source of knowledge for me.
Cheers
Gary
Possible to disable wired LAN ports?
Moderator: Moderators
Re: Possible to disable wired LAN ports?
Hi,
What is your reason for wanting to disable ethernet? All the restrictions can be applied to ethernet the same as wireless. You need to ensure you put restrictions in place for the entire network, then add minimal exceptions as required.
See my setup guide http://bikemike.webnode.com/guides/
However if they could unplug the router running Gargoyle and instead connect directly to your "internet feed" that would be a problem! It depends on whether the router is providing the login details (ie. PPoE). The only real solution to this is to prevent physical access by having the router in a locked location.
What is your reason for wanting to disable ethernet? All the restrictions can be applied to ethernet the same as wireless. You need to ensure you put restrictions in place for the entire network, then add minimal exceptions as required.
See my setup guide http://bikemike.webnode.com/guides/
However if they could unplug the router running Gargoyle and instead connect directly to your "internet feed" that would be a problem! It depends on whether the router is providing the login details (ie. PPoE). The only real solution to this is to prevent physical access by having the router in a locked location.
Re: Possible to disable wired LAN ports?
Hi BikeMike, I am going to restrict by IP and MAC address.
I only wanted to restrict the wired is so no one is even tempted to try and bypass the router by plugging in. I would make it known that that was the case. May be a pointless but ah well...
I only wanted to restrict the wired is so no one is even tempted to try and bypass the router by plugging in. I would make it known that that was the case. May be a pointless but ah well...
Re: Possible to disable wired LAN ports?
Why not set a static IP in the dhcp section for your own computer(s), and then deny all other IPs on the access restrictions page?
That should prevent anyone you don't want from connecting.
That should prevent anyone you don't want from connecting.
Re: Possible to disable wired LAN ports?
Hi Eric, nice to meet you (virtually).Eric wrote:Why not set a static IP in the dhcp section for your own computer(s), and then deny all other IPs on the access restrictions page?
That should prevent anyone you don't want from connecting.
That is a great idea. Do I have to have the DHCP section unticked for this to happen?
The reason I ask is I have assigned static ips based on MAC address for 5 users then turned off the DHCP server. The STATIC IPs section is now greyed. Does this mean the users will still receive these IPs even though the DHCP server is disabled?
Also could not someone bypass their quota by assigning themselves an IP address?
Sorry for all these probably stupid questions but I really want this to work for me.
I was tempted by a captive portal router but the issue is Australia is our cheapskate ISPs have a really dumb idea of on peak and off peak limits so your router firmware is the only product that seems to tick all the boxes for my use.
Thanks for the help and for all your efforts.
Gary
Re: Possible to disable wired LAN ports?
Actually, when I referred to assigning static IPs I meant that you should configure the DHCP server so that it would consistently assign a specific IP to a given MAC address. Don't disable the DHCP server -- just configure it so that it delivers a consistent, known IP to specific hosts.
Then tick the box to deny access to any mac given a static ip that connects from a different IP. If you combine this with restricting access to all IPs outside this range, you'll have a setup where only specific MAC/IP address combinations can connect.
Then tick the box to deny access to any mac given a static ip that connects from a different IP. If you combine this with restricting access to all IPs outside this range, you'll have a setup where only specific MAC/IP address combinations can connect.
Re: Possible to disable wired LAN ports?
Hi,Eric wrote:Actually, when I referred to assigning static IPs I meant that you should configure the DHCP server so that it would consistently assign a specific IP to a given MAC address. Don't disable the DHCP server -- just configure it so that it delivers a consistent, known IP to specific hosts.
Then tick the box to deny access to any mac given a static ip that connects from a different IP. If you combine this with restricting access to all IPs outside this range, you'll have a setup where only specific MAC/IP address combinations can connect.
I was wondering if a user then defines a static address outside the dhcp range, would that not allow access?
Thanks for great support and a great firmware!
Cheers
mcs
Re: Possible to disable wired LAN ports?
i manage a network with about 20users with the same problem.
i solved this by assigning static ip's to given mac addresses and blocking whole Internet access.
Then simply added some quota rules for given ip/mac combination. So everything works fine till someone reach his quota.
The only way to get around this is to apply a mac and ip address on one host which copies an accepted host.
i solved this by assigning static ip's to given mac addresses and blocking whole Internet access.
Then simply added some quota rules for given ip/mac combination. So everything works fine till someone reach his quota.
The only way to get around this is to apply a mac and ip address on one host which copies an accepted host.
Re: Possible to disable wired LAN ports?
Hi,
That is what I thought. You cannot just allow access for ip adressses outside the dhcp range. Then everybody can login wit a static address outside this range. As you say, one has to deny all access and make exceptions for the ip/mac addresses you want to allow. Lot of work if you have got a few users...
And everyone still can have access to the lan, which causes the issue with spoofing.
Thanks for that.
Cheers
mcs
That is what I thought. You cannot just allow access for ip adressses outside the dhcp range. Then everybody can login wit a static address outside this range. As you say, one has to deny all access and make exceptions for the ip/mac addresses you want to allow. Lot of work if you have got a few users...
And everyone still can have access to the lan, which causes the issue with spoofing.
Thanks for that.
Cheers
mcs