How to isolate IP/MAC to only see WAN
Posted: Tue Mar 15, 2011 6:47 am
I want to restrict one IP/Mac address to only have access to WAN and not internal network. Can this be achieved with firewall restrictions or do I need special vlan setup.
Existing network:
Separate non Gargoyle WiFi TP-Link router bridged to Linksys WRT54GL using wired port. WRT54GL is running Gargoyle 1.3.7 and WiFi disabled and provides DHCP (static mac addresses), DNS etc. WRT54GL WAN port provides internet.
Background: I have other trusted machines connected wireless, so I can't just restrict everything on bridged port. I want to allow one Windoze laptop machine to connect wirelessly and block it from seeing the rest of the network, only the WAN.
I'm open to suggestions guidance and all suggestions are appreciated. If isolating it across the current bridged port based on IP/Mac is too hard, it is not out of the question to enable WiFi on the WRT54GL and block based on that, if that would make life simpler ?
Existing network:
Separate non Gargoyle WiFi TP-Link router bridged to Linksys WRT54GL using wired port. WRT54GL is running Gargoyle 1.3.7 and WiFi disabled and provides DHCP (static mac addresses), DNS etc. WRT54GL WAN port provides internet.
Background: I have other trusted machines connected wireless, so I can't just restrict everything on bridged port. I want to allow one Windoze laptop machine to connect wirelessly and block it from seeing the rest of the network, only the WAN.
I'm open to suggestions guidance and all suggestions are appreciated. If isolating it across the current bridged port based on IP/Mac is too hard, it is not out of the question to enable WiFi on the WRT54GL and block based on that, if that would make life simpler ?