Hi to all, I want to have some wireless clients (2 Tapo cameras via motioneye ) only local LAN, not permited to see internet. What is the best way and how?
don't provide them with a gateway IP and DNSes.
or add a firewall rule to deny forwarding from lan to wan.
I guess I have to setup a dedicated wireless for the cameras. Any how via cli?
These ceras don't have to setup gateway and DNS, it's setting up automatically via it's Android app, then I will shut down the internet connection after everything is up
not necessary
Add a rule to deny forwarding for the MAC addresses of the cameras, to cover both ipv4 and ipv6.
I will as soon as I get home, but where to look for this option?
In the firewall, traffic rules.
This is correct. You might change protocol to "any".
How can I check confirm that the cameras don't have internet access;
Depends on how the cameras interact with the internet. You could add a computer to the list of IPs that in that rule (just temporarily for testing) and then you'll be able to verify the rule works as expected.
Or sniff the traffic, using tcpdump.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.