Blocking Internet-access for the DAWs (connected to LAN)

Well, till now I have the DAWs in a network which is basically a switch without any www access.

I now want to have one single network for all my computers, LAN and WLan - NAS storage etc - so basically I need to connect the DAWs to the network which provides internet access as well.

BUT I do not want the DAWs to have internet access in any way.

Is this possible?

I will/want to use an airport extreme

  • Notebooks connected via Wlan
  • NAS storage connected to one of the Gigabit-Ports
  • my old dlink Gigabit-switch (were all DAWs are connected) hooked up to another GBPotrt.

That way I would have a network with the DAWS, an NAS server and office PC/Notebooks.

Now I only need to avoid the DAWs to connect to the internet… I do not like to have windows-updates etc running on a solid offline system.

IS this possible?!

Thanks for any hint - I googled a lot but anybody basically explains “why the heck do you need to block internet access???” Usually dudes are asking because they did not want their kids to access the www…

Shouldn’t be too hard to do it from your router. Just set up the ‘client access’ page so the IP address of your DAW is blocked from Port 80.

(Not sure how to do this on Airport Extreme… even though this is primarily a Mac shop, we’re using a Belkin router.)

Well, thanks a lot! I will check this out - while I hope this is possible with the Airp Extreme, otherwise I might return it for something else. If I remember correctly I had years ago a cheap Allnet-Router were I was able to very simple disable internet for certain computers… This might be 10 years ago or something. Was not able to find something similar in the controlls for my current Netgear.

If you block port 80 you only block http. This doesn’t block the internet access.

I was curious about that as well… I checked my current router - I can block a lot of ports/services manually.

Maybe it would be fine to block ALL exept the one which is needed for accessing network attached storage… Is this possible?

To block the complete internet access, the simpliest way is to block the mac address of your daw.

Will I still be able to have the DAWs access each other then as well as the network storage?

First it depends how your daw is connected. Is it connected to the router or is it connected via a switch to the other network devices and the switch is connected to the router,

In the first case you have to block the mac address (of your daw) in your router. To do this you have to create a rule in your router that block’s the outgoing (to the internet) and ingoing (from the internet) data, but lets pass the other data.

In the second case you only block completely the mac address of your daw in your router.

Riwe, thanks a lot for the help!!

So - most likely I will just hook up the current switch with all DAWs to the router… like you described for the second way.

But I have no clue how I should connect the NAS (network accessed storrage) now… Currently it is connected to that switch as well and everything is fine EXEPT that I can not access the NAS from the WLAN.

Basically I am doing this redesign because I need to access to that NAS from ALL computers but I do not need to access the DAWs. Currently I have a dedicated computer with two network cards to manage the transfer from the DAWs (via shared folder on the NAS) to transfer files to the internet and vice versa.

Do you need to access the NAS from outside (internet)?

Well, a good question - I would say I do not need to access from the internet necessarily - I use dropbox and cloudstuff for that - but I need to access from internal LAN/WLan (via the router)…

So you can connect your NAS at the switch too.
If you cannot access your NAS from inside your LAN this can be a problem of the access rights from the NAS. If you can access the NAS from some computers and for others not, you can try to change the user access rights in the NAS. Another possiblitiy could be that your NAS have a built-in firewall. If so you can check it, if it blocks your computers.

Ah ok - I understand! So I basically will just block the DAWs MAC adresses completely in the router which will result in a blocked connection in any way - to the internet and to/from WLan connected internet-computers etc.

That would be what I want (for safety issues)

But in the same time I will NOT block the NAS in the router which will enable me to access it from all router-connected-internet computers AS WELL as from all the DAWS (because it is on the switch together with them).

Right?

If yes - than it is damn easy, but I was not aware of this easy solution because I am just a drummer :slight_smile:

Thanks a lot, riwe!

Brandy

Exactly!
So you use the router only for the internet access (and the wlan) and the router is connected to the switch. All other network devices are connected to the switch.

You’re welcome!

It always is easy when you know it :wink:

Great! Damn easy :slight_smile:

Thanks a lot! :stuck_out_tongue:

:slight_smile:

Well, I yesterday set up the new router and it is quite awesome at which speed a 5Ghz WLan with 802.11n works!

BTW - I am using this router: http://www.asus.com/Networks/Wireless_Routers/RTN66U

I returned that Apple Airport Extreme, I was not happy with the philosophy and options - I prefer a regular browser-GUI with all those options, even when I do not have a clue :wink:


BUT I am not able to block the DAW (s) from the internet like I want, I can block all kinds of ports and services, currently I blocked TCP Port 80 as well as I enabled that babysitter/safersurf feature and blocked the DAW over there as well.

Now I still can access the DAW via the network - not a bad thing, but is it safe enough to just block Port 80?

I do not know how to block it completely - I do not want to create dozens of rules in the firewall to block each port manually. I made a screenshot of that firewall menue. The device which is set up already is my DAW. I had to use some kind of MAC adress with fixed IP first so the router will give always the same ip to that MAC adress.

What should I type into those fields? It btw would be cool to have access via the internal LAN to the DAW though, but I want to minimize all kind of risks regarding the www / viruses etc because I am not running virus scanner as well as I am not using windows update on the DAW…
firewall.jpg

Just curious - why would you want to block it?

It depends on what you want:
Do you want that your DAW isn’t able to access the internet (from inside your LAN) or do you want that your DAW can’t be attacked from outside?
If you only want that your DAW isn’t able to access the internet you can close the ports 80 and 445. But remember that this disables your DAW only to access the WWW, not the internet.
In the other case you have to do something like that what I described in my previous posts.

My solution is to manually set the IP for each of my daws and simply don’t fill the DNS fields.
No internet but local network, NAS, shared printers still work.