main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal

Broadband connection

Router access control I wish to have devices on my home LAN but not able to access the internet.

Paul585
2: Seeker

I wish to have wi fi devices on my home LAN but not able to access the internet. Is there a way to do this? If I block device in the app it stops the device altogether.

There should be some easy way of doing this in the firewall settings vodafone!

View more options
14 REPLIES 14
KeithAlger
16: Advanced member

This is a feature that isn't present on all routers - including the VF supplied routers.  So you would need to use a third party router/+modem (you should be able to check for the feature in advance).

 

Before spending too much time and effort though, it's probably best to check that what you want to do is going to work.  Some smart devices for example absolutely require internet access and to be on the same subnet as other devices to work (common security idea move your smarts to their own subnet, great idea if it works).

 

Maybe a little more information about what you are trying to do, even maybe why might help.

View more options
Paul585
2: Seeker

Thanks keith,

Maybe I'm being paranoid but I have a wi fi security camera. I am happy for it to sit on my lan but I would like to deny it access to the internet. Whilst it's possible to use it with a mobile it's not a feature I want all the time..

Most routers have a firewall setup page where it's possible to assign individual permissions.

Pretty dissapointing that vodafone does not have this feature. It only has a blanket "block".

Removing the phone line is a good way of checking to see if it does require internet access. (It doesn't)

Asking here was easier than trying to speak to technical support who told me it was possible if only I downloaded the app!

Tks.

P.

View more options
KeithAlger
16: Advanced member

Okay, I'm not going to go into too great a detail, but it may be worthwhile checking on what security your camera has!

The cameras I have here use a P2P (peer to peer) protocol with the user and camera being authenticated by a server and a secure connection then being created between the two.  For this to work, both the user and the camera need internet access.  If I deny internet access to my cameras, I can't even access them on my home LAN!

 

Let us know how you get on with this!

View more options
Paul585
2: Seeker

mmm.. interesting. The camera data is encrypted but it's not that I'm worried about. more evesdropping on other traffic. Even though it's a popular make there's no guarantee that it doesn't contain spyware so just taking reasonable precautions.

View more options
gipjon
16: Advanced member

Yes, you can stop the camera from accessing the internet. To make your LAN network more secure, you can specify which devices are allowed to connect. The devices are identified by their MAC address. You can manage up to 32 devices. Just log into your router HTTP://192.168.1.1 goto setting mac filter . 

the password is under the router

View more options
Jayach
16: Advanced member

@gipjon wrote:

Yes, you can stop the camera from accessing the internet. To make your LAN network more secure, you can specify which devices are allowed to connect. The devices are identified by their MAC address. You can manage up to 32 devices. Just log into your router HTTP://192.168.1.1 goto setting mac filter . 

the password is under the router


If you block it's MAC address it won't work at all. It will have no access to the LAN or WAN. ( I must say blocking the MAC address was the first thing I though, but then I dismissed it)

View more options
Jayach
16: Advanced member

@Paul585 wrote:

I'm worried about. more evesdropping on other traffic. Even though it's a popular make there's no guarantee that it doesn't contain spyware so just taking reasonable precautions.


You could say that about almost any smart device you connect to your LAN. Most of it is made in China. Why do you think a camera is more suspect than anything else?

View more options
gipjon
16: Advanced member

Lol think I read that wrong. .  use a old second router not connected to the Internet 

And when you want to view the camera switch wifi on you phone 

View more options
KeithAlger
16: Advanced member

Regards devices snooping on your local traffic, it took a little hunting to find a balanced article on the subject: Warning: Encrypted WPA2 Wi-Fi Networks Are Still Vulnerable to Snooping

That one should do.  So next step, just how do I set up my own Radius server... (Joking sure it'd be more secure, but such a pita too).

View more options
Cynric
12: Established

Am I missing something, or couldn't the guest network be a solution?

View more options
Paul585
2: Seeker

That's true but since I have limited device connection and they are from reputable manufacturers I think it's ok to work on the precautionary principle.

View more options
Paul585
2: Seeker

Interesting solution and one I might experiment with when I get some time!

Thanks

View more options
Paul585
2: Seeker

Yep I think that's what the "b;ock" button does on the app. Stops everything.

View more options
KeithAlger
16: Advanced member

Regards using the Guest network for this purpose -it'll depend both on your cameras and on the specific properties of the router.

 

On the Asus router(s) here if I prevent the cameras from connecting to the internet, I cannot create a connection to the cameras - even from the LAN (tested).  Connection to an online verification service is not available to verify the P2P LINK.

 

If I allow the cameras internet access, but isolate them from other devices, again I cannot create a connection to the cameras.  Both client and camera can connect to the verification service (I can see this in the logs), but the P2P connection would be from a ringfenced camera on the LAN to the client.  Because the connection never leaves the LAN the ringfence around the camera prevents the connection from camera to client from being made!

 

*If you think about this there is a problem here!  If the company that provided my cameras were to disappear from the internet, I would no longer have any access to my cameras.

View more options