Block all except my own router

Discussion in 'other firewalls' started by vail, Jan 4, 2015.

  1. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    I would like to use any firewall on my Windows 7 computer where I can specify that it
    will work only with Belkin routers. When I was using XP this was extremely easy.
    I was using Kerio 2.1.5 with the BZ Kerio 2x Default Replacement rule set. All I had
    to do was enter 192.168.2.1 in the Router Configuration. Then my desktop computer
    would not get on the internet without a Belkin router. Same for my notebook.
    This is what I want to do with Windows 7. I don't care what firewall that I need.
    I would just prefer it is anything other than the built in firewall.
    Obviously I'm no expert in this area or I wouldn't have to ask how to do this :(
    Thanks for assistance.
     
  2. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    What are you trying to accomplish doing this? Essentially router brand has nothing to do with this, and you cannot specify a specific 'brand' of router from a desktop. You can however specify what desktops connect to the router from (some) routers. You are basically attempting to make a PC connect ONLY through the gateway? I don't see what the point is, as it would grab DHCP from the router anyway, and be on the same subnet as the rest of your home. Sounds to me like you just want to assign a static gateway?

    There aren't any security advantages to doing this - by the way. I can see if you were segregating IP's on multiple branched subnets, but everything will be on the same subnet anyway.
     
  3. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    Actually I still have some XP computers. They are set up this way. And the Kerio 2.1.5 firewalls are password protected. So no one around messes with my own computers. If someone takes my XP
    notebook with them to another location it will not get on the internet unless there is a Belkin router
    there. Or at least one that's set to 192.168.2.1. The rule set I use is from here http://www.dslreports.com/forum/r8023708-BZ-Kerio-2x-Default-Replacement-Update

    I'm not trying to limit what computers connect to the router. I limit what routers my XP computers can
    connect to. This is what I want to do with Windows 7. I need a firewall and/or a rule like the one at
    the link above. Unfortunately Kerio 2.1.5 will not function on Windows 7. Thanks for your input.
     
  4. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    I have been experimenting with Pc Tools Firewall Plus version 7.0.0.123
    It is not doing what I want. I don't know how :(
     
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Router brand is meaningless. Your computer doesn't detect brand/model. To be honest, from a security point of view this offers no additional security. There are multiple ways even a novice can bypass this. Uninstalling/reinstalling the network adapter, killing the firewall service, even setting a new gateway on the IPv4 interface to bypass it. Also since non-static subnets will usually be .2.x or .1.x they can change the DHCP pool of any router to either one quite easily. If you really want to do this correctly I would set static subnets on the router, then point to that in the IPv4 setting on the individual computer. That should be the same as setting a static on a software firewall.

    The picture below should suffice to point to your router static gateway, with a subnet static for the laptop/desktop. Just use whatever DNS service you want below that.
     

    Attached Files:

  6. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
  7. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    Thanks. I realize that router brand is meaningless. Mine is Belkin so I have the 192.168.2.1 in the Router Configuration rule. When you speak of novices I'm referring to people who are far less knowledgeable
    than that. These people literally do not even know what Services are. So they don't know how to
    disable one. There are a few reasons why I need to be able to control this from each computer rather
    than changing router settings.

    So in essence what I'm asking is there a rule set for Windows 7 that's similar to the BZ Kerio 2x Default Replacement rule set? Or can anyone tell me how to make one? How would one for Windows 7 differ
    from this one http://www.dslreports.com/forum/r8023708-BZ-Kerio-2x-Default-Replacement-Update
     
  8. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Don't bother with a Firewall to do it, it's much more simple to assign statics to the COMPUTER. (Not router)

    Here are the steps;

    1) Run CMD, then IPCONFIG. Write down the numbers. They should appear like this;
    IPV4 Address xxx.xxx.xxx.xxx
    Subnet Mast xxx.xxx.xxx.xxx
    Default Gateway xxx.xxx.xxx.xxx

    I will assume your default gateway is 192.168.2.1 with DHCP handed out by your router. Above will be the IPV4 address of THAT machine.

    Now go into the adapter settings. Right click the network icon, then Open Network, then Change Adapter Settings, then highlight the network adapter, and right click to properties. Scroll down to Internet Protocol Version 4, highlight that, then properties.. There you will enter in the information as above, then whatever DNS server you want (Google Public for example). Click accept. Now you are done, THAT machine will only connect to 192.168.2.1 because it has a static IP range assigned to all aspects. You can verify by unplugging it, and plugging it into a different network.

    Does that make sense? No need at all to use a firewall to do this.
     
    Last edited: Jan 5, 2015
  9. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I have illustrated the steps to do this. If you assign a static to THAT desktop pointing to THAT router, then it will not connect to anything other than that router. Problem solved.
     

    Attached Files:

  10. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    When I run IPCONFIG the box in figure 1 just flashes open and then closes quickly.
    Could there be a disabled service causing this? I suppose the information listed in
    the router is the same? But I cannot locate the IPV4 Address. Is it under another name?
    Will this website https://www.opendns.com/ work like Google Public? The DNS Client is
    running. Is that all that's needed for a DNS server such as the above?
     
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Use Start, then type CMD. Once the CMD window is open, type Ipconfig. My thoughts are you typed Ipconfig on the run line, rather than CMD. Open a command prompt first.

    You can enter any DNS server you want, I recommend a known public one (Open/Comodo/Norton, etc). That will supercede any other DNS lookups within Windows.
     
  12. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Did this solve your issues?
     
  13. vail

    vail Registered Member

    Joined:
    Jan 4, 2015
    Posts:
    6
    Yes, that worked. Thanks. Still I've missed the old Kerio 2.1.5 for several years since it does not work on
    Windows 7. I do like the Blitzenzeus rule sets. Any idea if there are any Windows 7 compatible firewalls
    that can use a similar rule set? I even found a thread in this forum that says you can import the BZ rules
    directly into the Sunbelt Firewall 4.6.1861 and that it does work on Windows 7 32 bit. Unfortunately it
    would not install on mine :(
     
Loading...