Block a device from accessing the Internet

The Internet of Things (IoT) may introduce ‘wholes’ in your home LAN. If you are concerned about this, you may opt to block the access of those devices to the Internet, provided that the management software is supporting alternate ways to control the devices, like Synology Surveillance Station. Here is how you can proceed with DD-WRT (v3.0-r39960M kongac (06/08/19)):
Login to the DD-WRT router and select Access Restrictions. In the WAN Access Tab, edit the Access Policy.

  • Edit the “List of Clients” and enter the MAC Address of each device you want to block. Alternatively, you can use the IP Addresses. Save the list before closing.
  • Enable the Status
  • Select PCs Deny

Save and Apply settings.

Block a group of IP addresses from accessing the Internet

Source: reddit.com
You can verify your vlan2 by typing the “ifconfig” in the commands box and clicking “run commands” under Admin->Commands. Search through the output (hint: use your browser’s find/search feature!) for your WAN IP as shown in the top-right of the page. Verify the interface with that IP address is “vlan2” (interface names are the left column). If it is not, you’ll need to replace “vlan2” with the name of the interface bearing that address.

Now, Paste the following into the “commands” text box, then alter it to match your needs:
iptables -I FORWARD -s <camera1_ip> -o vlan2 -j DROP
iptables -I FORWARD -s <camera2_ip> -o vlan2 -j DROP
Then, click “Save Firewall” at the bottom.

Furthermore, it is worth mentioning that you needn’t use a separate rule for each camera/IP address unless you need to apply different rules to each. As /u/mlt- mentions, there are ways to include multiple source IPs with each rule. However, most DD-WRT builds that I have used do not include an iptables binary that has all the options/extensions that it can support. However, subnets are a fairly effective way to specify a range of IPs and should work in every version.
Given devices with IP addresses (assuming all are on 192.168.1.xxx): 201, 202, 203, 206

iptables -I FORWARD -s 192.168.1.200/29 -o vlan2 -j REJECT

This subnet (/29 is CIDR notation, the decimal netmask would be written as /255.255.255.248) would cover 192.168.1.200192.168.1.207 with a single rule. For filtering rules like this, you don’t need to worry about the network number, usable hosts, or broadcast address; we’re only concerned with how many addresses get hit with this mask, which is 8. This subnet starts at 192.168.1.200, which is NOT something we directly control; subnets break a network block into smaller, equally-sized pieces. Here’s a handy reference, if desired. The idea behind subnet masks is fairly straightfoward, but does require some getting used to.

  • -I : Insert at beginning of rules set of following table to ensure that the rule isn’t superseded by some previously defined rule.
  • FORWARD : Which “chain” to add the rule to. “FORWARD” applies to any traffic whose source and destination are both NOT the router itself.
  • -s <camera1_ip> : Specifies which source IP address to which the rule should be applied (eg. -s 192.168.1.240).
  • -o vlan2 : Specifies that the rule only applies to traffic that is being sent out through vlan2. Vlan2 is the WAN interface in dd-wrt, by default. You can check this through telnet/ssh by using “ifconfig”, or through the web interface as at the beginning of this post.
  • -j DROP : When the rule matches, perform the DROP action. The packet is lost in transit, never to reach its destination (the internet).

Wi-Fi signals interference

Wi-Fi congestion is a very complex issue where it is not only a matter of neighbouring wifi networks but also other devices like bluetooth, microwave etc. Bluetooth shares the 2.4 GHz ISM band with other household devices such as cordless telephones, wireless networks, baby monitors, and microwave ovens.
Initial video and or audio transmission delays may occur because of error correction but if it persists you may have wifi interference. Airplay 2 users on a wifi network may read this article on macworld for help.
If you have a strong signal but bad response times then you may have wifi interference or conflicting wifi neighbouring channels and need to change the wifi channel on your router or access point. You may opt to use Auto Wireless Channel, if this is supported by your router configuration, and perform a reboot of your router to determine the free channels.

Read also my recommendations where to put your wifi access point.

R7000 LED Control

Use the ‘Administration’ -> ‘Commands’ feature to run the LED controls commands.


LED Control on my R7000 (build 39960M) was successful with the following commands:

# Disable WAN and LAN LEDs
et robowr 0x0 0x18 0x1ff
et robowr 0x0 0x18 0x0
et robowr 0x0 0x1a 0x0

# disable WPS button LED
gpio disable 14

# disable WLAN button LED
gpio disable 15
gpio disable 16

# turn off 2.4GHz LED
gpio enable 13

# turn off 5GHz LED
gpio enable 12

# turn off power LED white
gpio enable 2

Configure a Guest WiFi network

Configure a Guest WiFi network with dd-wrt firmware
Refer to the the tutorials:
Guest Network on the DD-WRT Wiki‘ and
Guest WiFi + abuse control for beginners

My objective of a guest network is to offer isolated, yet protected, access to the Internet. Guest users should not have access to my private LAN. This can be achieved with the following settings:
Wireless Basic Settings (‘Virtual Interfaces’): AP isolation enabled.
Network Configuration: Unbridged, NAT enabled.
You will need to assign a dedicated network range and enable DHCP.

dd-wrt wireless settings

Wireless settings used, based on other user’s recommendations.
Read also the dd-wrt.com wiki.

Basic Settings:
Regulatory Domain
– BE (obviously change this to your country’s setting)
Regulatory Mode – off
TPC Mitigation Factor – 0

(2.4ghz)
Wireless Mode – AP
Wireless Network Mode – NG-Mixed
Wireless Channel – 1, 6, or 11 (use the least crowded in your area, see note1)
Channel Width – 20mhz
Optimize Multicast Traffic – enabled
TurboQAM – enabled
Explicit Beamforming – enabled
Implicit Beamforming – enabled
Airtime Fairness – disabled (this currently causes wireless dropouts over time)

(5 ghz)
Wireless Mode – AP
Wireless Network Mode – AC/N-Mixed (unless you have only AC clients or are still relying on wireless-A)
Wireless Channel – Auto (or the least crowded. DD-wrt exposes the middle frequencies under 149 and above 48 as selectable [per DFS preemption], see note1)
Channel Width – 80mhz
Extension Channel – Upper Lower (depends on the channel you use. lower lower for above 149, upper upper for below 48 )
Optimize Multicast Traffic – enabled
Explicit Beamforming – enabled
Implicit Beamforming – enabled
Airtime Fairness – disabled (this currently causes wireless dropouts over time)

note1:
In the 2.4 GHz band, 1, 6, and 11 are the only non-overlapping channels. However, I use Auto Wireless Channel and weekly reboot the router to determine the free channels.
Read also the recommended settings by Apple.
Read also my recommendations where to put your wifi access point.

Wireless Security:
WPA2 Personal with AES only (unless you run a RADIUS server or something, in which case choose enterprise..)

Advanced Settings (both bands):
Basic Rate
– All
Transmission Rate – Auto
CTS Protection Mode – Auto
Frame Burst – Disabled

Advanced Settings (5ghz):
Beacon Interval – 100 (set this a bit higher to save mobile clients some battery. Not too high so that wireless client’s don’t drop out from missed beacons)
DTIM interval – 1 (can be set higher for battery saving of mobile clients, but since it works in tandem with beacon interval, it can cause drop outs if set too high as well, use 1 if beacon interval is set to 100)
Fragmentation Threshold – 2346
RTS Threshold – 2347
Max Associated Clients – 128 (Personal preference. Say you want to restrict a certain number of IP’s for wired clients only. This setting would prevent wireless clients from taking all the IP addresses in the address range from the DHCP server)
AP Isolation – Disabled
TX Antenna – Auto
RX Antenna – auto
Preamble – Short (Long is for compatibility with older wireless devices. Most everything within 15 years works with short)
Shortslot Override – Short (another compatiblity setting that affects G-clients in relation to older B-clients. Reduces the time in between sending packets to clients after collisions)
TX Power– Auto (This will change as needed for the client while obeying regulatory domain)
Bluetooth Coexistence Mode – Preempt (tells a bluetooth client which 2.4ghz channel the router is using to avoid transmitting on that frequency)
Wireless GUI access – enabled (else your wireless clients can’t configure the router)
Radio Time Restrictions – Disabled (personal preference)
WMM Support – enabled (Wireless-N and newer require this for higher transmission rates)
No-Acknowledgement – enabled (I use disable to avoid frequent throughput drops from a noisy wireless environment)

SONOS

SONOS & macOS Catalina

Apple has removed iTunes on macOS Catalina and replaced the music library part by a Music app. The iTunes ‘backend’ files like the Library.itl file to keep track of play counts, star ratings, and other metadata and a couple of .itdb database files to keep track of Genius playlists are no longer used. Moreover, album artwork is no longer kept, like the songs, in its own folder. If you store your music library on a (Synology) NAS you may run into issues since Music no longer creates automatically the .xml files where your playlists are recorded. You can manually export the library and playlists and store it in the music folder on the NAS, however SONOS is unable to read the content and extract the playlists. Other applications like VLC and Logitech Media Player (LMS) are still able to read these XML files, generated by the new Music app. It looks like Apple is drifting apart and is only focusing on its Apple Music streaming service. iPhone synchronisation within the Music app is missing (unless you subscribe to Apple Music) and done with Finder. Users like me, who want to listen to their locally (NAS) stored files without any need for an Internet connection will need to think about a plan B (i.e. no Apple Music).

Plan B for me is to use the ‘Export for iTunes‘ tool. This macOS Catalina compatible programme is able to read the Music app playlists and copies all files to the Synology NAS and exports the playlists to .m3u type playlists. SONOS version 10.6 software is able to read these playlists and to find all files on the NAS. You will find the content in the SONOS controller’s Imported Playlists. Once the playlists are displayed in the Imported Playlists, you can add them to the SONOS playlists. The ‘Export for iTunes‘ (Version 1.9.73 (1.9.733)) tool has many features to rename and convert your music files and allows you to copy the files in a new folder structure by artist, by album etc.

The main settings that do the job for me are:

ASCII encoding to make sure that SONOS can read all Artist and Song names with accents.

Windows path separator.

SONOS

SONOS & Synology

Synology DSM 6.2.2. settings that do the job for me

File Services settings:
Minimum SMB protocol: SMB1

Login settings:
Guest account with only read permissions to the music library folder(s).

SONOS Music Library settings:
Music folder path: \\synologyNASname\SharedfolderName\MusicLibraryFolderName
SONOS will convert the path name to //synologyNASname/SharedfolderName/MusicLibraryFolderName

Synology DiskStation DS1019+

Synology DiskStation DS1019+
  • Quad Core 1.5 (base) / 2.3 (burst) GHz
  • CPU Model – Intel Celeron J3455 – 64-bit – 8 GB DDR3L
  • Hardware Encryption Engine (AES-NI)
  • Dual LAN with failover and link aggregation support
  • Five Drive Bays
  • Two USB 3.0 Ports – 1 front and 1 rear
  • One eSATA Port
  • Current version: DSM 6.2-23739

MacOS Best of Breed (Freeware) Software

Who said the best things in life come for free? They do, check out my favourite FREEWARE list below. The list is built of applications and tools that I am using or I have deployed. While many alternatives may exist, these are the ones that do the job for me. There is no such thing as a free lunch, so you will need to tolerate some advertising or constraints in functionality. If you are willing to ‘pay that price’, you have a good deal. Enjoy the free ride!

Virus and Spam Protection

  • Trend Micro Antivirus is a FREE virus scanner that works well for MacOS.
  • VIRA is a FREE virus scanner that works well for MacOS.

Backup Tools

  • FreeFileSync is a FREE backup and file synchronisation tool that works well for MacOS.
  • KeePassX is a FREE password manager that works well for MacOS. Use MiniKeepass for iOS.

System Cleaning and Filing Tools

  • Dr. Cleaner is a FREE system optimization tool that works well for MacOS.
  • Dr. Unarchiver is a FREE file compression tool that works well for MacOS.
  • FileZilla is a FREE file transfer client and server that works well for MacOS

Media Library and Conversion Tools

  • VLC is a FREE mediaplayer with great video codec support that works well for MacOS
  • iTunes is a FREE mediaplayer and library tool that works well for MacOS
  • calibre is an ebook management tool that works well for MacOS
  • Mixxx is free, open source DJ software that works well for MacOS,

Remote Assistance Tools

  • TeamViewer is a FREE Remote Assistance Client that works well for Windows XP, Vista and 7 to 10 and MacOS

Note: check out my posts on Remote Assistance support

Browsers

  • Google Chrome is a FREE web browser that works well for Windows XP, Vista and Windows 7 to 10 as well as for MacOS.
  • Safari is a FREE web browser that works well for MacOS, Windows XP, Vista 7 & Windows 10.
  • Mozilla Firefox is a FREE web browser that works well for MacOS, Windows XP, Vista and Windows 7 to 10.

Note 1: Internet Explorer and Firefox have different implementation of ‘standards’ which causes unsimilar display results when you design web pages – (check out my posts on Mozilla Firefox).

Note 2: Mozilla performs better than Safari when it comes to file downloads and display of some web pages at particular websites.

SONOS

SONOS One

Sonos One

One mid-woofer and one tweeter ensures you’ll hear the faithful playback of mid-range vocal frequencies plus deep, rich bass.

Two Class-D digital amplifiers perfectly tuned to match the speaker drivers and acoustic architecture.

One 10/100 Mbps Ethernet port. Wi-Fi network with any 802.11 b/g, 2.4 GHz router.

AUDIO STREAMER supports MP3, WMA Internet radio streams and iTunes libraries (Apple Protected audio files are not supported).

AirPlay 2 compatible. Amazon Alexa voice control built-in.

For help on radio streams read my post on streaming URLs.

Superior sound quality. Easy set up. Works well with Spotify and iTunes libraries.

No native Bluetooth® support. Needs use of Tablet, Smartphone, PC or Mac Applet to operate. Automatic update of MacOS Sonos Controler App may not work properly.

mysqueezebox.com

Here is a compilation of my logitech squeezebox resources and posts related to the devices and software I am currently using (ano 2018):

Squeezebox devices in use:

Logitech Media Servers (LMS) in use:

LMS on Synology DiskStation DS1511+

LMS on Synology DiskStation DS416

LMS on Synology DiskStation DS213+ (discontinued)

Apps in use:

iPAD SqueezePad remote control app

iPhone iPeng remote control app

Internet access

Android smartphone or tablet Logitech Squeezebox™ Controller App

Support posts:

Logitech Squeezebox™ iTunes integration

Radio streaming URLs

Squeezebox Community Forum