You are here

Restricting access to WAN Gateway

4 posts / 0 new
Last post
Ai6bx
Restricting access to WAN Gateway
I have a WAN gateway set up on my mesh both to provide broadband to my repeater site for IRLP and Echolink as well as to provide a tunnel. Is there a way to restrict the access on this to certain nodes and not others?

Keith
KE6MTO
Depends on your router
I would say it should depend on what options your router has. Basic "home" grade models will NAT out everything on the LAN interface (IE: 10.x.x.x/8). If you have one with more options, then you could only allow certain IPs or subnets outbound (IE: 10.x.x.y/32, 10.x.y.z/32, etc). 

Chris
KG6JEI
First off, all traffic
First off, all traffic leaving a mesh node is NATED to the mesh nodes IP address.

Secondly  this has been discussed before, there is no way to limit mesh gateway to only specific systems, that is because the way this feature works it tells EVERY NODE around it to connect through it.

http://www.aredn.org/content/firewall-wan-gateway

Filtering after the mesh node will break this feature and your local mesh networks access to gateways.

If you really need to get traffic through from only specific systems you can consider putting up a proxy server or unencrypted tunnel from the remote sites through to a system on your local home network which then has access out to the internet.
 
KE6MTO
My error
My mistake, was thinking the WAN interface was one of the interfaces that had a 10.x.x.x IP generated and relied on the next device upstream for NATing. 

Chris

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer