Personal computing discussed

Moderators: renee, Steel, notfred

 
daveagn
Gerbil XP
Topic Author
Posts: 468
Joined: Wed Jun 02, 2004 5:44 pm

WRT54 Network Question

Sat Mar 25, 2006 1:08 pm

I have a WRT54 with the HyperWRT firmware acting as my router. I have DHCP enabled. How do I kick certain IP addresses off of the network?
 
Flying Fox
Gerbil God
Posts: 25629
Joined: Mon May 24, 2004 2:19 am
Contact:

Sat Mar 25, 2006 1:14 pm

Wired clients? Or wireless ones?

If it is wireless, change the keys. What? You mean you didn't have security turned on? :o

While I am no fan of MAC-address whitelisting, you may have to resort to that for now.
 
daveagn
Gerbil XP
Topic Author
Posts: 468
Joined: Wed Jun 02, 2004 5:44 pm

Sat Mar 25, 2006 1:37 pm

No, it's a wired connection. Pretty much I have a roommate who continues to kill the network with his filesharing, despite repeated requests to stop from myself and the other guys living here. So now we're just going to boot him when he turns it on.
 
SpotTheCat
Gerbilus Supremus
Posts: 12290
Joined: Wed Jan 29, 2003 12:47 am
Location: Minnesota

Sat Mar 25, 2006 1:58 pm

aside from unplugging him, I think you could disable the services he uses.
 
UberGerbil
Grand Admiral Gerbil
Posts: 10368
Joined: Thu Jun 19, 2003 3:11 pm

Sat Mar 25, 2006 2:09 pm

Well, I don't know about that particular firmware but every router I've used has support for blocking ports and/or IPs; in some you have to "fake" blocking by forwarding them to bogus ports/IPs

Edit: it looks like that firmware offers a specific firewall feature to "fliter P2P" but without knowing what that checkbox enables I can't comment on how effective it might be. From this review.
Double Edit: It looks like that feature is unique to the "Thibor" firmware...
 
Flying Fox
Gerbil God
Posts: 25629
Joined: Mon May 24, 2004 2:19 am
Contact:

Sat Mar 25, 2006 2:44 pm

Well, you can MAC-blacklist him if that feature is available on the wired side, until he finds out what is going on and swtich network cards. Hopefully he's cheap enough to not bother and learn his lesson.

My default Linksys WRT54GS firmware does not have MAC restrictions on the wired side, but I've found port blocking. So you may want to do that.
 
UberGerbil
Grand Admiral Gerbil
Posts: 10368
Joined: Thu Jun 19, 2003 3:11 pm

Sat Mar 25, 2006 4:23 pm

Flying Fox wrote:
Well, you can MAC-blacklist him if that feature is available on the wired side, until he finds out what is going on and swtich network cards. Hopefully he's cheap enough to not bother and learn his lesson.
Or he just spoofs his MAC. But I don't think they want to block his internet access completely, just restrict his ability to hog all the bandwidth. With an enterprise class router (or a PC configured as a router) you could actually throttle his bandwidth or set quotas, but you don't have such options with any SOHO equipment I know of. I wonder if there's a clever way to bump the jack he's connected on (and just that jack) down to 10Mbps -- like swapping that net cable with an old, crappy Cat4 one? (Assuming that 10Mbps is slower than your internet connection, which it probably isn't, so nevermind.)
My default Linksys WRT54GS firmware does not have MAC restrictions on the wired side, but I've found port blocking. So you may want to do that.
Yeah, though I think some of the torrent clients hop ports, don't they? But it's a start.
 
computron9000
Minister of Gerbil Affairs
Posts: 2420
Joined: Sun Oct 16, 2005 7:21 pm

Sat Mar 25, 2006 5:08 pm

Flying Fox wrote:
While I am no fan of MAC-address whitelisting, you may have to resort to that for now.


Just out of curiousity, what's your issue with MAC whitelists? I've used them before.
 
Flying Fox
Gerbil God
Posts: 25629
Joined: Mon May 24, 2004 2:19 am
Contact:

Sat Mar 25, 2006 5:57 pm

computron9000 wrote:
Flying Fox wrote:
While I am no fan of MAC-address whitelisting, you may have to resort to that for now.

Just out of curiousity, what's your issue with MAC whitelists? I've used them before.

It's hard to maintain, but easy to spoof. So that's not "worth it" IMO (what's with this worth it talk lately on the OC forum? :roll:).
 
computron9000
Minister of Gerbil Affairs
Posts: 2420
Joined: Sun Oct 16, 2005 7:21 pm

Sun Mar 26, 2006 1:57 am

That makes sense to me.

No idea about the 'worth it' discussions...

For me, there's something satisfying about buying a $400 processor, spending 3-5 hours tweaking some settings over a couple months, and having performance on par with a $1000+ processor. But I guess that's not everyone's thing.
 
excession
Graphmaster Gerbil
Posts: 1261
Joined: Fri Dec 31, 2004 3:19 pm
Location: Nottingham, UK

Sun Mar 26, 2006 4:04 am

For this exact reason, my router is an OpenBSD box. If someone does something antisocial with the connection, a quick edit to /etc/pf.conf and their intarweb is turned off.

Another good feature however is packet shaping and traffic priority. My router gives VoIP, DNS, and game traffic top priority, BT and eMule lowest priority, and everything else in between. Works an absolute CHARM. Also ti does some clever stuff with TCP ACKs which means that even if the upload on our ADSL (256Kbps) is saturated, it doesn't slow the download down all that much.

James
i5-4670 | Asus H87M-E | MSI GTX 960 | 8GB DDR3 @800 | WD Green 2TB | 850 EVO 250GB | CM Masterkeys Pro L White | MX518 (original!) | Hyper 212 Evo | 6TB Ubuntu/ZFS NAS
I was going to tell a Chemistry joke, but all the good ones argon.
 
SpotTheCat
Gerbilus Supremus
Posts: 12290
Joined: Wed Jan 29, 2003 12:47 am
Location: Minnesota

Sun Mar 26, 2006 1:15 pm

what kind of connection are you using? I share my connection with 5 people, and I use BT. If you have him set his max upload to 1/4-1/3 of the connection speed you won't have so much trouble with him killing the connectin. If he's not being reasonable about his internet use, you should just unplug him and tell him to quit being a douchebag. Have him run his p2p overnight like everyone else.
 
idchafee
His Holy Gerbilness
Posts: 14053
Joined: Thu Sep 25, 2003 8:39 am
Location: Chicago, IL
Contact:

Sun Mar 26, 2006 1:45 pm

Pull his damn plug, and lock the router either in your bedroom or another roommate's bedroom. Tell him that unless he respects his roommates wishes, he's welcome to go down to the internet cafe for his online needs.
YOU CAN RUPTURE SOMEONE'S SPLEEN WITH A WATER BALLOON!!!!
 
drsauced
Gerbil Jedi
Posts: 1543
Joined: Mon Apr 21, 2003 1:38 pm
Location: Here!

Tue Mar 28, 2006 11:59 am

Gee, welcome to the ISP business. It's been posted above, but you can do a lot with the WRTs, and the Thibor or Tofu firmwares. I think you want the Tofu firmware for the 54G, but don't quote me on that.

Could you not just use QoS to slow him down? HyperWRT uses iptables for the filtering, so I believe it is possible, with a little research, to set up an iptables rule (run it in the firewall script spot, or from a telnet session). I had to do this for my schools WAP to stem the tide of filesharing. Those RIAA letters are no fun, let me tell you.
Calm seas never made a skilled mariner. But, sadly I'm an A's fan.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On