• caglararli@hotmail.com
  • 05386281520

How to block 192.168.0.1 for connected clients?

Çağlar Arlı      -    21 Views
18Oca

How to block 192.168.0.1 for connected clients?

I installed Raspberry Pi OS on a RPi 3B, then I installed NetworkManager, set the Ethernet connection to "Shared to other computers" and connected an ethernet cable between the RPi and a normal desktop running Windows 11. The setup works, Windows has WiFi disabled and successfully gets internet over ethernet.

Now, I want the Windows machine to run malware and not be able to see or infect other devices on the network. I originally thought running a VPN on the RPi would make 192.168.0.1 be inaccessible. Additionally, I tried to block 192.168.0.1 in the firewall, but that still made it accessible for the Windows 11 machine.

1. First, I change the RPi DNS by modifying /etc/resolv.conf:

nameserver 8.8.8.8

Then I run:

sudo systemctl restart systemd-resolved

The result is that both 192.168.0.1 and stackoverflow.com load on both the RPi and Windows 11 machines. This step could have been skipped for my use case, I'm not sure. Edit: After step 3 or 4, I get a DNS error on the Windows machine if the value above is default (192.168.0.1).

2. Second, I disable the firewall on the RPi with a script:

#!/bin/bash 

sudo ufw reset 
sudo ufw default deny incoming 
sudo ufw default allow outgoing
sudo ufw enable

The result is both 192.168.0.1 and stackoverflow.com load on the RPi and Windows 11.

3. Third, I turn on OpenVPN (with Private Internet Access) on the RPi:

sudo openvpn --config belgium.ovpn --auth-user-pass auth.txt

The result is both 192.168.0.1 and stackoverflow.com load on the RPi and Windows 11.

4. Finally, I turn on the firewall on the RPi:

 #!/bin/bash

 sudo ufw reset
 sudo ufw default deny incoming
 sudo ufw default deny outgoing
 sudo ufw allow out on tun0 from any to any
 sudo ufw allow out from any to 8.8.8.8
 #sudo ufw deny out from any to 192.168.0.1 
 sudo ufw enable

The result is 192.168.0.1 doesn't load on the RPi, but loads on the Windows 11. Stackoverflow.com loads on both

If I repeat all of the previous steps, but uncomment this line:

 sudo ufw deny out from any to 192.168.0.1

Then nothing changes. 192.168.0.1 doesn't load on RPi, but it loads on Windows 11.

Again my goal is to not allow the Windows 11 machine to know about the other devices on my network.

Son Yazılar

Son Yorumlar