• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

[debian 9] Block WAN traffic but allow LAN traffic

Recommended Posts

fehuris    12

Hey guys,

 

I have a machine setup as a file server running OMV (on Debian 9) hooked to my wireless router which also is the gateway to internet. What I want to do is block my file server from sending/receiving WAN traffic but allow LAN traffic. I did find some guides on stackexchange to do this by using iptables, but I need this for nftables. I have recently started learning Linux but I'm not familiar with this level of configuration. Can this be done at the machine level? And if so, how would I go about it? Thanks in advance.

Share this post


Link to post
Share on other sites
+BudMan    3,537

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

  • Thanks 1

Share this post


Link to post
Share on other sites
fehuris    12
19 hours ago, BudMan said:

You do understand that ever single wifi router there is blocked inbound traffic from the internet out of the box... Unless you setup a port forward towards your file server on your wifi router no inbound traffic from the internet would be sent to your box.. Unless your running UPnP on your router (this really should be off by default on most wifi routers these days) And your box requested something be open to it.

 

I if you want your box to NOT talk to the internet at all - then just do give it a gateway when you setup its IP.. Without a gateway it would be impossible to talk to anything other than local IPs on the same network... This is zero reason to do anything with iptables on the box itself.

Thanks. Removing the default gateway did the trick. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.