How to block IP address that's outside router's DHCP IP range
First, note the "Helpful Hints" section of the page (top right). the NAPT page shows WAN->LAN connections, so most of the hosts on the list will be outside your network (and obiviously would not be assigned by your DHCP.). Also note, that each has a UDP Session count of 1. UDP is a connection-less protocol, so usually NAT treats each packet as a session, unless the packets are received in a timely manner on a port a packet was just sent out on.
The 192.168.x.y and 172.16.x.y addresses are likely your ISP network, since those are RFC1918 blocks and are not publicly routable. Many cable modems use the network 192.168.1.x. do a tracert to those hosts and see if they are on your providor network. they may be your ISPs DHCP and DNS servers since they are UDP streams.
since these connections are involving comms partners that are outside your network, you can block them at the firewall, by establishing a kill rule. check your router documentation for instructions as to how to set up the firewall, and kill those connections, even if they are solicited from inside your network. also make sure you don't have any ports forwarded in NAT.
Related videos on Youtube
12 : 05
![Block IP from entering the LAN (DHCP Snooping) [4K] | Mikrotik Vietnam](https://i.ytimg.com/vi/yijZoirlX-Q/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDsKJoDGhPlF_gg8JPDxDkzkaJBXQ)
13 : 44
06 : 35
12 : 18
11 : 28
Jonier
Updated on September 18, 2022Comments
-
Jonier over 1 year
I've found some ip address that's not in my DHCP range.. which is weird because I set my DHCP range 192.168.2.xxx but these ip have 172.xxx.x.xxx or 192.168.1.xxx range I want to block them, how? I'm using D-Link DIR-605L N 300 router.. Thanks.
-
Jonier over 11 yearsI found them in my router's active session. I want to block them from my router. There's someone who's been sucking my internet bandwidth, I've blocked his MAC address, but then these "fake" IP's show up.
-
David Schwartz over 11 yearsAssuming your router is also doing NAT, it won't matter, since it won't NAT an address outside its subnet. You need to fix the actual problem. How is someone connecting to your network? Are you using WPA?
-
Jonier over 11 yearsHere's a printscreen of my roter's active session list postimage.org/image/g7pd4ir3n
-
David Schwartz over 11 yearsEach has exactly one UDP session. It looks like DHCP. Are you sure this isn't just your own machines configuring themselves?
-
Jonier over 11 yearsThey can connect to my router either by WAN or LAN. I pay for internet each month, and I share it with some people who helped me pay the bill. One user start sucking all the bandwidth, even the router's traffic control couldn't stop him.
-
JoshP over 11 yearsAre you sure your DHCP pool is192.168.2.xxx? You're accessing the router at192.168.9.99. Or perhaps you're using a/16subnet, in which case static IPs in a great many ranges will have access. -
Jonier over 11 yearsI'm sure because they were not there when I was deciding what to do with the MAC address
-
Jonier over 11 yearsThanks David, I guess there's nothing I can do about the "fairness". My question has come to this, how come when I 'm not blocking his MAC address, I set up the traffic rules, he still can brutally download like that? Secondly, Why the "fake" IP only show up after I've blocked his MAC address?
-
-
Jonier over 11 yearsNot 100% understand the terminology you use here, but I'm gonna follow your instructions, do the router's firewall.. thanks
