I just replaced my old DI-514 with a DI-655 Dlink router. I have three teenagers here at home, and operate a proxy using squid/squidGuard with a blacklist published by an educational association in Oregon. It's a pretty liberal list, and in general blocks only the worst porn and malware sites. It also enforces some basic time schedules.
An essential part of this was a MAC filter on the DI-514 that disallowed WAN access by the clients that the kids are using, based on MAC addresses. This forced those machines to access the WAN through squid. Well, not essential really, as the kids' clients are running restricted accounts and they can't change the proxy settings, but in the interest of completeness that's how I had it set up.
However I'll be damned if I can figure out how to replicate this on the DIR-655. There are access controls for blocking all network access (LAN/WAN) by MAC, and there are domain-based website filters. But I can't seem to find a straight-up interface to the firewall rules where I can deny all WAN access to certain MAC addies.
If anyone has one of these and some idea of how to go about this, I'd appreciate hearing about it. Thanks in advance.
~~~
Edit: figured this out tonight. It's a little counter-intuitive the way they have the interface set up. I wish they had an advanced mode that just let you write rules on the firewall, anyway, to block all WAN access from a given MAC address on the DIR-655, but maintain LAN access, do the following:
Log on as admin and click the Advanced tab.
Click the link for Website Filter on the left.
On the Website Filter page change the drop-down list to "ALLOW computers access to ONLY these sites". Leave the list of sites blank and click Save Settings, and then Reboot Later.
Click the link for Access Control on the left.
On the Access Control page check the Enable Access Control checkbox, then click Add Policy, and click through the next screen.
Enter a name for the policy and click Next.
Set the Schedule to Always and click Next.
On the Select Machine page click the radio button next to MAC, and then select the MAC address by picking the machine name from the list on the right, or type it in. Click ok.
Repeat for any other MAC address and then click Next.
On the Filtering Method screen set the Method choice to Block Some Access, then click the checkbox next to Apply Web Filter. Click Next.
On the next screen enable/disable logging as you like. Click Save. Reboot.
What it does: sets up a policy rule requiring these machines to abide by the website filter, which is set to allow only the domains on the list, which is blank.
I don't know yet whether it blocks all protocols or just http. I suspect it blocks them all. You can use other features of the router to punch particular ports through to allow applications that aren't supported through your proxy.
An essential part of this was a MAC filter on the DI-514 that disallowed WAN access by the clients that the kids are using, based on MAC addresses. This forced those machines to access the WAN through squid. Well, not essential really, as the kids' clients are running restricted accounts and they can't change the proxy settings, but in the interest of completeness that's how I had it set up.
However I'll be damned if I can figure out how to replicate this on the DIR-655. There are access controls for blocking all network access (LAN/WAN) by MAC, and there are domain-based website filters. But I can't seem to find a straight-up interface to the firewall rules where I can deny all WAN access to certain MAC addies.
If anyone has one of these and some idea of how to go about this, I'd appreciate hearing about it. Thanks in advance.
~~~
Edit: figured this out tonight. It's a little counter-intuitive the way they have the interface set up. I wish they had an advanced mode that just let you write rules on the firewall, anyway, to block all WAN access from a given MAC address on the DIR-655, but maintain LAN access, do the following:
Log on as admin and click the Advanced tab.
Click the link for Website Filter on the left.
On the Website Filter page change the drop-down list to "ALLOW computers access to ONLY these sites". Leave the list of sites blank and click Save Settings, and then Reboot Later.
Click the link for Access Control on the left.
On the Access Control page check the Enable Access Control checkbox, then click Add Policy, and click through the next screen.
Enter a name for the policy and click Next.
Set the Schedule to Always and click Next.
On the Select Machine page click the radio button next to MAC, and then select the MAC address by picking the machine name from the list on the right, or type it in. Click ok.
Repeat for any other MAC address and then click Next.
On the Filtering Method screen set the Method choice to Block Some Access, then click the checkbox next to Apply Web Filter. Click Next.
On the next screen enable/disable logging as you like. Click Save. Reboot.
What it does: sets up a policy rule requiring these machines to abide by the website filter, which is set to allow only the domains on the list, which is blank.
I don't know yet whether it blocks all protocols or just http. I suspect it blocks them all. You can use other features of the router to punch particular ports through to allow applications that aren't supported through your proxy.
Facebook
Twitter