• February 23, 2025, 01:29:49 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: How to block ports on DIR-882  (Read 5616 times)

Shimada

  • Level 1 Member
  • *
  • Posts: 1
How to block ports on DIR-882
« on: January 08, 2020, 05:19:56 AM »
Hi i need to block some ports to get solo lobby for Red Dead Online on my PS4 im using 1.20 firmware
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: How to block ports on DIR-882
« Reply #1 on: January 08, 2020, 12:38:01 PM »
Try setting a firewall rule? User manual on page 62 to begin with.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

go140point6

  • Level 1 Member
  • *
  • Posts: 15
Re: How to block ports on DIR-882
« Reply #2 on: June 11, 2020, 03:13:33 PM »
Quote from: FurryNutz on January 08, 2020, 12:38:01 PM
Try setting a firewall rule? User manual on page 62 to begin with.

But to expand on this, how do you deny a certain port on a specific client to anywhere on the intenet?  The manual isn't much help at all. I want to deny port 53 (DNS) from my LAN client (Roku) to anywhere on the internet, so it's forced to use my LAN DNS (pi-hole).  I suspect many of the Roku apps are using hard-coded DNS servers.  Is there a wild card option?  What "range" do you use to signify "everything" but still allow broadcasts, etc.?
Logged

me_iauras

  • Level 2 Member
  • **
  • Posts: 80
Re: How to block ports on DIR-882
« Reply #3 on: June 12, 2020, 08:48:44 AM »
This is the rule ( actually 1 of 2 as you have to make separate UDP TCP rules for it to work ) I've created for exactly the same reason ; to block any hardcoded DNS resolvers from being used via the WAN interface instead of my pihole located in my LAN .

https://imgur.com/lNJtDXw  >> Just make sure your pihole's IP is outside of the Source IP Address Range as otherwise it won't be able to make upstream DNS querries to your chosen upstream DNS resolver . (I have my pihole set up with a manual IP outside the usual 100-254 DHCP pool range of IPs)

I'm not sure why I can't block every public/outside IP and can only go only as high as you can see but that was the limitation in my EU firmware (I got to that value by trial & error going back in increments ); I'm not really worried though as most of the major DNS resolvers out there (Google , Cloudflare , IBM Quad9 , OpenDNS , etc. ) are within that range so they're blocked (in theory there might be an app or two who could reach some specific DNS resolver but for the vast majority my pihole is the sole resolver they can connect to )
« Last Edit: June 12, 2020, 08:54:18 AM by me_iauras »
Logged

go140point6

  • Level 1 Member
  • *
  • Posts: 15
Re: How to block ports on DIR-882
« Reply #4 on: June 12, 2020, 01:26:27 PM »
awesome! thank you!  yes that makes sense and is exactly what I was looking for:

The multicast addresses are in the range:
224.0.0.0 through 239.255.255.255
and these are "reserved for future use":
240.0.0.0–255.255.255.254

So unless they started giving out those "future use" ones, your range is probably correct.  I guess you could make multiple rules if you really wanted to block it tho.

In case your image goes dead at some point, here are the settings for others to find:

Source LAN : specific IP on your LAN (192.168.1.200) or your LAN range (i.e. 192.168.1.1-192.168.1.254)
Destination WAN: 1.1.1.1-223.255.255.254
Protocol and Port Range: Create one rule for TCP and one rule for UDP --> the port is 53.  Or a range of ports if you wanted to (21-53).

Since I'm only blocking a single IP address on the Roku for now, I didn't have to worry about moving the pi-holes off the DHCP range (yes I run 2... one on a Pi3 and one on a PiZeroW).

Thanks again for pointing me in the right direction!
« Last Edit: June 12, 2020, 01:28:54 PM by go140point6 »
Logged

me_iauras

  • Level 2 Member
  • **
  • Posts: 80
Re: How to block ports on DIR-882
« Reply #5 on: June 12, 2020, 02:10:50 PM »
Glad to be of service!
Now... regarding your decadence in wasting perfectly good resources ; why don't you use only the Pi Zero as a Pi-hole host ?
Isn't it reliable enough or you can't reasonably rely on it's  wireless connection to serve you as the main DNS resolver ; any USB NIC should be able to fix that and you could repurpose the Pi 3 to a role more befitting it ( it could be a PLEX server if you only use DirectPlay and don't do transcoding ) 
Logged

go140point6

  • Level 1 Member
  • *
  • Posts: 15
Re: How to block ports on DIR-882
« Reply #6 on: June 12, 2020, 02:49:20 PM »
Quote from: me_iauras on June 12, 2020, 02:10:50 PM
Glad to be of service!
Now... regarding your decadence in wasting perfectly good resources ; why don't you use only the Pi Zero as a Pi-hole host ?
Isn't it reliable enough or you can't reasonably rely on it's  wireless connection to serve you as the main DNS resolver ; any USB NIC should be able to fix that and you could repurpose the Pi 3 to a role more befitting it ( it could be a PLEX server if you only use DirectPlay and don't do transcoding )

LOL, yeah I actually have 1 PiZeroW, 2 Pi 3b, 1 Pi3b+, and 2 Pi4 4Gb.  The two Pi4's are my work-horses doing stuff (each with an SSD).  My "main" pi-hole is my Pi3 (wired) and I only set up the PiZeroW as a second pi-hole because I had nothing really to do with it after I did some direct compiling on it for a project that was not working for me trying to cross-compile.

And I kind of like having a back-up pi-hole... it makes it less likely the internet is going to stop working in the house (not a problem for me, but it makes the wife and kids a bit cranky if I'm not around to fix it)...  ::)

Logged