How to block client to client traffic?

infomate · May 27, 2005, 3:50am

Hi giys!

I hope someone can help me. I have MT Hotspot up and running with the log-on screen aprearing everytime a client logs in.

My question is about blocking peer-to-peer traffic. I dont want hotspot clients to see anybody else in their network neighborhood, so much so to have access to other clients machines. I have tired the example on the documentation on how to add an ip firewall rule to drop all-p2p, still doesnt fit my requirements.

I would be opening the wireless hotspot to the public soon so I dont want client complaining that their files are now open for everybody on the hotspot network to access!

Any help would be greatlly appreciated!

Robert

OrCAD · May 27, 2005, 12:31pm

Unchecked Default forwarding in wireless interface…in my RB not work..
Second way is to create firewall rule:
forwarding - src-adr=(gateway ip) - dst-adr=(gateway ip) - action=drop

with this rule you can block user p2p traffic.
bye.

infomate · May 30, 2005, 10:52pm

Thanks for the reply.

I have also been testing a new rule that I placed on the hotspot-temp.
I blocked ports 137, 138 and 139 on all protocols (action=drop)

So far, all windows clients can’t see anybody on the network neighborhood. Hope this will help others.

Im happy with it. I will test it for another week. Will update soon.

Thanks again

hzeid · July 21, 2005, 8:51am

I have also been testing a new rule that I placed on the hotspot-temp.
I blocked ports 137, 138 and 139 on all protocols (action=drop)

can u write the command lines pls cuase i did it and it didnt work with me. thanks man

infomate · July 21, 2005, 12:00pm

src-add=0.0.0.0 in-interface=all dst-addr=0.0.0.0/135-139 prot=tcp action=drop

do the same for udp.

apparentlly unchecking “default forwarding” only works on the wireless interface and not for an AP connected to a wired ether port on the MT.

do a little search on the archives, I seem to remember a few questions/resolutions posted before.

If you are offering your wireless system to the public, I would suggest that you inform users to turn off sharing under windows to prevent users appearing on their network neighborhood and oppening access to their system.

good luck.

Robert S.