access restriction - can't get it working

[lumin]

Hi,

I'm trying to get an access restriction working without success.
I wanted to block internet access for the client with IP 10.0.0.199 from 21:00 to 23:00. You can see my config at the screenshots above.

20150914 Bild 001.png (22.48 KiB) Viewed 5585 times

This rule has set to active, but unfortunately with no effect. Maybe someone can give me a hint!?

thxs in advance,
lumin

[lumin]

Following the scenario "No facebook during homework time" it should be working. The only difference is, that I didn't assign static IP, which I will do after a successful integration test.

http://www.gargoyle-router.com/wiki/dok ... _scenarios

[lumin]

Hi again,

I trying hard to get it working. Thus I tried to dive deeper and established a ssh connection to the router. It's not that easy to read iptables - L output, but I'm wondering about die rule set anyway. I can't find any connection to my GUI configured rule!? No IP (10.0.0.199) , no time….

Any inputs to get a step further?
thx! – lumin

[nworbnhoj]

Can you provide a screen shot of your config page at:
Gargoyle - Connection - DHCP

[lumin]

hi nworbnhoj,

of course i can. I almost gave up hope getting any support here. thx you!

[lumin]

I just tested another scenario, which some other users reported as successful in older forum posts. First of all I added a restriction to block all traffic for all host. After that I added whitelist rule for my specific test host (10.0.0.199) to grant web access to a certain website (orf.at).

Again without results!
Please give me some hints!

[nworbnhoj]

On your screenshot of:
Gargoyle - Connection - DHCP
you are set-up to assign a range of IP addresses 10.0.0.190 thru 10.0.0.199 automatically as hosts connect to the network. The IP address assigned to a particular host may well change from day to day - and 10.0.0.199 may not even be used unless you have 10 hosts connected to your network.

On your screen shot of:
Gargoyle - Firewall - Restrictions
You are restricting the host with IP address 10.0.0.199 but that IP address may not even be in assigned! You could apply the restriction to the whole DHCP range 10.0.0.190 thru 10.0.0.199, but that is probably not what you want.

Following the scenario "No facebook during homework time" it should be working. The only difference is, that I didn't assign static IP, which I will do after a successful integration test.

You need to assign a static IP address (not in the range 10.0.0.190 thru 10.0.0.199) to the host that you want to restrict (say 10.0.0.150).

[lumin]

First of all, thank you for supporting me!

On your screenshot of:
Gargoyle - Connection - DHCP
you are set-up to assign a range of IP addresses 10.0.0.190 thru 10.0.0.199 automatically as hosts connect to the network. The IP address assigned to a particular host may well change from day to day - and 10.0.0.199 may not even be used unless you have 10 hosts connected to your network.

That’s quite clear, thus I assigned a static IP to my "nexus" host (10.0.0.199), as shown on the DHCP screenshot. I also proofed this via 'Connected Hosts' site. It worked perfectly.

My restrictions respectively whitelist config. still don't work!:-/

[nworbnhoj]

My apologies - I could only see the top half of your screenshot (Gargoyle - Connection - DHCP) the first time.

Could you try assigning a static IP address outside (10.0.0.210) of the DHCP range (10.0.0.190 - 10.0.0.199)

(also the MAC address in the restriction rules is a little weird (I did not even know you could do that) I have only used IP addresses in these fields.

[lumin]

Obviously TL-WR841ND doesn't fit gargoyle's (v1.71) hardware requirements. mybe to less RAM. Since my last trial-and-error-session getting restrictions up and running it's extremely instable. Thus I can’t try your advice up to now. Now I’m trying to downgrade to Version 1.6x…