LAN to WAN filter example

[adbeze]

I am trying to set up my wl500G in usch a way that between 1.00 a.m. and 6 a.m. no traffic is possible.
Does anyone have an expample how to set this up.
I tried the following
Enable filter yes
All days
Time 01:00 to 06:00
Packets not specifief: drop


When I try to configure this I find that the filter is active all day.
My firmware is 1.9.2.7

Any ideas or examples?

Thanks

[mao44]

Hi,

i have the same pb :
i have 4 PC on the Asus router. (192.168.1.100->104)
i want to authorize 2 PC on the Internet access each days except sunday, between 8:00 and 21:30. and the other all the time
i've enabled the LAN to WAN filter
check all days except Sunday
fill hours 8:00 to 21:30
Packets(LAN to WAN) not specified will be DROP
and :
SOURCE_IP PORT RANGE DESTINATION IP PORT RANGE PROTOCOL
192.168.1.101 *.*.*.* 80 TCP
192.168.1.102 *.*.*.* 80 TCP

the pb is in fact : all PCs can't access to Internet every days any hours !

can somebody can explain me how to configure the LAN to WAN Filter table ?

Thanks

[TheEagle]

i've enabled the LAN to WAN filter
check all days except Sunday
fill hours 8:00 to 21:30
Packets(LAN to WAN) not specified will be DROP
and :
SOURCE_IP PORT RANGE DESTINATION IP PORT RANGE PROTOCOL
192.168.1.101 *.*.*.* 80 TCP
192.168.1.102 *.*.*.* 80 TCP

the pb is in fact : all PCs can't access to Internet every days any hours !

can somebody can explain me how to configure the LAN to WAN Filter table ?

Thanks

What you want to do is not 100% possible with this webinterface. Or not in a "good" way. From what I understand enabling the filter only for a scheduled time means, that the filter DOES NOT WORK the rest of the time. So the rest of the time every PC should have FULL access. What you could do with the schedule then is activate the filter from 21:00-08:00 at certain days(!) to block internet acces during the night for the 2 PCs, OR you can block them ALL DAY on certain days. But the webinterface lacks the ability to combine those 2 ways.

Workaround (NOT good). Enable LAN/WAN filter >>AND<< WAN/LAN filter.

In LAN->WAN filter you do what I described first:
Enabled ALL days -> from 21:00 - 07:59
Packets not specified will be : DROP

Source IP / Port Range / Dest IP / Port Range / Protocol
==========================================
192.68.1.101 / <empty> / <emtpy> / 80 / TCP
192.68.1.102 / <empty> / <emtpy> / 80 / TCP

and now the trick:

In WAN->LAN (read carefully: WAN 2 LAN) filter you do that:
Enabled sunday -> from 00:00 - 23:59
Packets not specified will be : ACCEPT

Source IP / Port Range / Dest IP / Port Range / Protocol
==========================================
<emtpy> / <empty> / 192.68.1.101 / <empty> / TCP
<emtpy> / <empty> / 192.68.1.102 / <empty> / TCP

Thats blocks ALL incoming packets to those 2 IPs. So "somehow" they can't access the net. BUT BE WARNED: they still can SEND outgoing traffic on sundays from 8:00-20:59. Though they will never receive any answer and naturally can't do anything useful with the net that way, spyware/trojans for example might still send data from your pc to anywhere. (Actually I'd be ok with that, I just say this so afterwards you don't blame ME )

I hope i was right with all I wrote. If any1 knows better, please correct me.

[TheEagle]

I am trying to set up my wl500G in usch a way that between 1.00 a.m. and 6 a.m. no traffic is possible.
Does anyone have an expample how to set this up.
I tried the following
Enable filter yes
All days
Time 01:00 to 06:00
Packets not specifief: drop

Did you add any rules (entered IPs (and optionally Ports) ) ?

If so, just remove them. It then should work fine. If you didn't add any rules to the filters I have no idea why it shouldn't work.

[adbeze]

I tried a further test today (tuesday 6 pm).
LAN WAN filter with the following settings:

Enable filter
Days to enable: only sunday
Time of day: 1:30 to 2:00
Packets not specifed: drop

No further rules.

The logs shows WAN access is rejected by the filter.

A similar test with the WAN to LAN filter gave the same problem
A similar test with the url filter worked fine.

To me this looks like a firmware problem with the LAN WAN filter.

Is there anyone who has this function working with 1.9.2.7 firware or other firmware?

Thanks

[TheEagle]

I have the filters enabled, but all the time. Since I'm not 100% sure about the filter behavior during the times it's scheduled to be not active I'll test that later that day (requires my girlfriend going to bed so she doesn't need the internet anymore ) ... I'll report what I found out. Oh and which 1.9.2.7 are you using? Olegs? Or ASUS? I have Olegs 1.9.2.7-6c-pre5.

[mao44]

Hi TheEagle,
you said :
the filter only for a scheduled time means, that the filter DOES NOT WORK the rest of the time. So the rest of the time every PC should have FULL access

but i've filled In LAN->WAN filter
Enabled ALL days -> from 21:00 - 07:59
Packets not specified will be : DROP

Source IP / Port Range / Dest IP / Port Range / Protocol
==========================================
192.68.1.101 / <empty> / <emtpy> / 80 / TCP
192.68.1.102 / <empty> / <emtpy> / 80 / TCP

and at 22h30 for example, a 192.168.1.101 PC can't access to Internet
or at 20h00, a 192.168.1.100 PC can't access to internet

It's a pb into the firmware ?

i have the 1.9.2.7.6b firmware

[TheEagle]

Actually what I said was an assumption based on how I interprete the webinterface. Maybe thats not correct, and I want to test it in the next hours. Just can't reboot the router now, as my GF would kill me if I kick her out of the net now

[TheEagle]

OK ... >>NOW<< I >>KNOW<<

At the times when the filter is scheduled INACTIVE >>ALL<< traffic is blocked >>IF<<

Packets(LAN to WAN) not specified will be: DROP

BUT if you set

Packets(LAN to WAN) not specified will be: ACCEPT then ALL traffic is allowed in when filter is scheduled "INACTIVE".

So this gives a whole new perspective, I'm trying to find a solution now for both of you.

adbeze:
It allows all IPs from the given range full access to internet all day from 6am till 1am.
Of course if you don't have 192.168.0.* as your local IP range you have to enter your IPs. The * means all IPs from the subnet 192.168.0 so you don't have to enter each IP manually (what of course you can do). Also need to know for your self if you need the UDP rule (lot of software uses UDP, so I for sure need it) Oh and in your case I assume that WAN/LAN filter is completely disabled.

mao44:
As I said you may need to enable BOTH filters for my "workaround" ... here we go. I assume that 192.168.0.101 and 192.168.0.102 are the PCs that shall have access from Monday til Saturday , always from 8am till 9:30pm. On sundays those 2 are completely blocked. Hope that is what you wanted.
LAN/WAN!!!

WAN/LAN!!!



Please test this guys, if you get any problems I'll overlook it again. It's late here and I might have screwed it up

[TheEagle]

Good morning ... mao44 what I forgot: If you have Olegs firmware and want to play with iptables you can create rules set a schedule for each rule individually. At least I saw this somewhere in this forum ... I'm not yet deep enough into iptables to tell you how, just wanted to let you know that there seems to be a more professional way to solve your problem

[mao44]

Hi TheEagle,

i've written the same thing as you Web interface, and all PC have the Internet Access (192.168.0.100, 101, 102, 103) at all days and all times !

so i think the Filter rule doesn't work fine ... 8-((

[mao44]

Sorry, ...
i've fogoten to activate the filter !!!
the LANtoWAN rules seems to be working fine now.
i'll try the WAN to WAN filter this evening

Thanks very much

[TheEagle]

The more often I read your first post mao, the more I ask myself if I understood you right at all. Just to be sure I told you the right thing:

Do you want that PCs xxx.101 and xxx.102 DO NOT HAVE internet access on sundays? Or do you want them to have internet access from 00:00 to 23:59 on sundays? One could read both possibilities out of your first post

[adbeze]

Hi TheEagle,

Thank you for your reply.
I tried the configuration you specified, but it does not let any connection through anymore.
I am using the Asus firmware, so I will upgrade tot the oleg version and retry

thanks

[adbeze]

When upgrading to 1.9.2.7-6b from oleg I could define the filter rules.

Thanks