In the previous section of this chapter, I showed you how to control access to your LAN, or private network. You should want to understand the mechanisms for controlling this access for security reasons. In addition, you might need to open access to your private network in some casesfor example, to make some of its services available over the Internet.
Be careful not to filter out the computer you are using to administer your access point. If you filter out your computer by mistake, you will be locked out of your network and must relog on to the access point's administrative utility using another device with a MAC filter allowed onto your network to undo your mistake.
This section explains a different kind of access controlthat is, limiting the access of computer on your network to the public Internet.
IP filtering is used to deny a specific IP, or range of IPs, on your private network the ability to access the Internet.
To open the IP Filtering interface, with the D-Link unit administrative program running, first click the Advanced tab. Next, click the Filters button on the left side. Finally, choose IP Filters (rather than MAC Filters) at the top of the pane. The IP Filters will look like that shown in Figure 15.23. (Of course, it will be different in its layout for different access point administration programs, but the gist is the same.)
Figure 15.23. The IP Filters interface is used to deny computers with specific IPs on your LAN the ability to access the Internet.
To use the IP Filter interface, you enter an IP range (which could just be a single IP), enter a port range (for example, 08080), schedule the IP block ("always" is a popular scheduling option), make sure that Enabled is selected, and click Apply. The IP Filter will be added to the IP Filter List at the bottom of the panel.
Here's an example of how you might want to use IP filtering in your home network. Let's say that you've given your 7-year-old son a computer. You want him to be able to access network resources so that, for example, he can use network printers and share files, but you do not want him to be able to surf the Internet. An IP filter fills the bill for this.
You should bear in mind that if you are blocking access by IP, you need to be sure that a device has the same IP each time it boots. This is not how dynamic IP addressing works. So, in the example I just gave, you'd need to open the Internet Protocol (TCP/IP) Properties window for the device connected to the LAN, shown in Figure 15.24.
Figure 15.24. If you use an IP filter to block a specific computer from accessing the Internet, you need to assign a static IP to that computer.
Make sure that the device is not set to obtain an IP address automatically, and select a static IP for it that is within the range of available IPs for your private network.
Another way to proceed, depending on your access point, is to use static DHCP from the access point to assign a specific IP using the MAC address of the network device that you want to use static IP addressing.
Parental Control filters are used to block all users of your private LAN from accessing Internet URLs depending on keywords contained in the URL, or entire domains.
To open the Parental Control interface, with the D-Link unit administrative program running, first click the Advanced tab. Next, click the Parental Control button on the left side.
To block URLs, or Web addresses, make sure that URL Blocking is selected as shown in Figure 15.25.
Figure 15.25. You can use keywords to block users of your network from accessing Web addresses that contain the keyword in their URLs.
Next, make sure that URL Blocking is enabled. Enter the keyword you want to block. Click Apply.
To block domains, select Domain Blocking as shown in Figure 15.26.
Figure 15.26. You can block users of your private net from accessing specific domains on the Internet.
Next, choose to allow users access to all domains except those specifically listed or to deny users access to all domains except those listed. Assuming that you are denying access to specific domains, enter them one by one, clicking Apply after each one is entered. Blocked domains will be added to the list shown in Figure 15.26.
If a user tries to open his Web browser to a blocked domain, or a domain containing a keyword forbidden by URL blocking, he will receive a message similar to that shown in Figure 15.27.
Figure 15.27. Users receive a message denying them access if they try to open a blocked URL or domain.