Restricting browsing to part of the LAN via IP Range

I have a 172.16.0.0 /21 network.

I’ve excluded all IP addresses from the DHCP server except the range 172.16.4.0 - 172.16.5.255. DHCP is running on a separate server, not the router.

I’m using a Balance 30 Router and would like the router to block any traffic on ports 80 and 443 (HTTP / HTTPS) ONLY to any devices within the above range.

Is this possible? I noticed the router doesn’t cater for filtering by IP Range the way some other routers do. I only have the options of Single Address, or Network denoted with the /x notation.

Any suggestions would be appreciated.

Hoping for a solution…

Hello,

Why don't you block against network 172.16.4.0/23 which covers your range ? Thats would be the simplest way to do it. What method are you looking for rather than address and network ?

-Jonan

I was hoping for IP range… being able to specify the start and end IP addresses in the selected range.

I’ve tried that network address but it blocked access to the whole network and I couldn’t log into the router since I use port 80 to manage. Not sure what happened there… had to reconnect from an external network to the WAN interface to regain access.

172.16.4.0/23 is equivelant to 172.16.4.0 - 172.16.5.255. To block this range from http/s access you would create outbound firewall rules blocking:

SRC: 172.16.4.0/24
DST: TCP port 80 and 443

Would need to see the exact rule you implemented to see whats happening.

-Jonan