Sign in with
Sign up | Sign in
Your question

D-Link DIR-615 | Isolate one IP (computer) from the rest of the LAN

Last response: in Networking
Share
November 30, 2010 11:30:40 AM

Hi all.
So, my boss asked me to give internet access to one person that is not part of our company, I would like to isolate his computer from the rest of the LAN so he would not be able to access information from other computers. How it's possible to do this and which is the best method ?
Thank you in advance.

Product Page: DIR-615
Hardware Version: B2
Firmware Version: 2.26RU
a b X LAN
November 30, 2010 3:08:33 PM

have you tried placing the PC into the DMZ of the router?

I am not 100% sure if the PC will not be able to see the rest of the network or not.

you could also add a second router and connect its Internet/WAN port to the LAN port of the 615.
December 1, 2010 4:07:49 AM

Easiest solution would be to buy another cheap router for this user, put it in place with a firewall rule dropping any traffic with a destination that matches your current internal network.

I've frankly never understood the "DMZ" feature on home routers except that it seems pretty much worthless since it doesn't seem to normally subnet off or filter that exposed host from the internal (protected) segment... pretty much defeating the whole purpose of a real DMZ to begin with.
Related resources
Can't find your answer ? Ask !
December 1, 2010 11:54:27 AM

I added the IP to the DMZ but nothing changed, the computer still has access to the LAN, I actually don't understand what DMZ does, worthless. So what I did, just made a firewall rule on the clients machine denying access to 192.168.0.2-192.168.0.254 range, allowing only 192.168.0.1 (router).
btw is there a newer firmware version for my router ?

Product Page: DIR-615
Hardware Version: B2
Firmware Version: 2.26RU

Thank you.
December 1, 2010 1:19:14 PM

LittleX, you can put the machine on a separate subnet on the same network. If you change the Subnet Mask on the machine it won't be able to see the other computers on the network.

BTW, there is a newer firmware for that router, 2.27. You can get it here: http://www.dlink.co.uk/cs/Satellite?c=Product_C&childpa...
December 1, 2010 3:21:51 PM

retellect said:
LittleX, you can put the machine on a separate subnet on the same network. If you change the Subnet Mask on the machine it won't be able to see the other computers on the network.

BTW, there is a newer firmware for that router, 2.27. You can get it here: http://www.dlink.co.uk/cs/Satellite?c=Product_C&childpa...


I cannot set a specific IP for that computer because it is a Wireless connection.
About the firmware it is in german(DE) language ?

V 2.27DE, 01 01,2010/01/15, John Huang
1.Ubicom SDK 7.4.2 build 0056, 2009, Sep 15, UBICOM_7_4_2_B0056
2.Checksum: 042df5bf
3.HNAP security bug, could send set command in with "GetDeviceSettings" SoapAction.


December 7, 2010 7:23:47 PM

Does your company have a router that supports VLANs? If so, just throw him on a separate VLAN and be on your merry. :) 

EDIT: SWITCH!!! Not router. :p 
December 8, 2010 4:45:58 AM

Solved it this way:

Added a firewall rule on the clients machine that denies access to the 192.168.0.2 - 192.168.0.254 range, allowing only 192.168.0.1 (router), he only needs internet connection no LAN access, when he will leave from our office I'll remove the rule.
btw, he doesn't know anything about the firewall rules so he can't remove it and actually he doesn't want to see my network I just want to be sure nobody has access to our important files.
!