The Internet of Things (IoT) may introduce ‘wholes’ in your home LAN. If you are concerned about this, you may opt to block the access of those devices to the Internet, provided that the management software is supporting alternate ways to control the devices, like Synology Surveillance Station. Here is how you can proceed with DD-WRT (v3.0-r39960M kongac (06/08/19)): Login to the DD-WRT router and select Access Restrictions. In the WAN Access Tab, edit the Access Policy.
Edit the “List of Clients” and enter the MAC Address of each device you want to block. Alternatively, you can use the IP Addresses. Save the list before closing.
Source: reddit.com You can verify your vlan2 by typing the “ifconfig” in the commands box and clicking “run commands” under Admin->Commands. Search through the output (hint: use your browser’s find/search feature!) for your WAN IP as shown in the top-right of the page. Verify the interface with that IP address is “vlan2” (interface names are the left column). If it is not, you’ll need to replace “vlan2” with the name of the interface bearing that address.
Now, Paste the following into the “commands” text box, then alter it to match your needs: iptables -I FORWARD -s <camera1_ip> -o vlan2 -j DROP iptables -I FORWARD -s <camera2_ip> -o vlan2 -j DROP Then, click “Save Firewall” at the bottom.
Furthermore, it is worth mentioning that you needn’t use a separate rule for each camera/IP address unless you need to apply different rules to each. As /u/mlt- mentions, there are ways to include multiple source IPs with each rule. However, most DD-WRT builds that I have used do not include an iptables binary that has all the options/extensions that it can support. However, subnets are a fairly effective way to specify a range of IPs and should work in every version. Given devices with IP addresses (assuming all are on 192.168.1.xxx): 201, 202, 203, 206
This subnet (/29 is CIDR notation, the decimal netmask would be written as /255.255.255.248) would cover 192.168.1.200 – 192.168.1.207 with a single rule. For filtering rules like this, you don’t need to worry about the network number, usable hosts, or broadcast address; we’re only concerned with how many addresses get hit with this mask, which is 8. This subnet starts at 192.168.1.200, which is NOT something we directly control; subnets break a network block into smaller, equally-sized pieces. Here’s a handy reference, if desired. The idea behind subnet masks is fairly straightfoward, but does require some getting used to.
-I : Insert at beginning of rules set of following table to ensure that the rule isn’t superseded by some previously defined rule.
FORWARD : Which “chain” to add the rule to. “FORWARD” applies to any traffic whose source and destination are both NOT the router itself.
-s<camera1_ip> : Specifies which source IP address to which the rule should be applied (eg. -s 192.168.1.240).
-o vlan2 : Specifies that the rule only applies to traffic that is being sent out through vlan2. Vlan2 is the WAN interface in dd-wrt, by default. You can check this through telnet/ssh by using “ifconfig”, or through the web interface as at the beginning of this post.
-j DROP : When the rule matches, perform the DROP action. The packet is lost in transit, never to reach its destination (the internet).
Wi-Fi congestion is a very complex issue where it is not only a matter of neighbouring wifi networks but also other devices like bluetooth, microwave etc. Bluetooth shares the 2.4 GHz ISM band with other household devices such as cordless telephones, wireless networks, baby monitors, and microwave ovens. Initial video and or audio transmission delays may occur because of error correction but if it persists you may have wifi interference. Airplay 2 users on a wifi network may read this article on macworld for help. If you have a strong signal but bad response times then you may have wifi interference or conflicting wifi neighbouring channels and need to change the wifi channel on your router or access point. You may opt to use Auto Wireless Channel, if this is supported by your router configuration, and perform a reboot of your router to determine the free channels.
My objective of a guest network is to offer isolated, yet protected, access to the Internet. Guest users should not have access to my private LAN. This can be achieved with the following settings: Wireless Basic Settings (‘Virtual Interfaces’): AP isolation enabled. Network Configuration: Unbridged, NAT enabled. You will need to assign a dedicated network range and enable DHCP.
Basic Settings: Regulatory Domain – BE (obviously change this to your country’s setting) Regulatory Mode – off TPC Mitigation Factor – 0
(2.4ghz) Wireless Mode – AP Wireless Network Mode – NG-Mixed Wireless Channel – 1, 6, or 11 (use the least crowded in your area, see note1) Channel Width – 20mhz Optimize Multicast Traffic – enabled TurboQAM – enabled Explicit Beamforming – enabled Implicit Beamforming – enabled Airtime Fairness – disabled (this currently causes wireless dropouts over time)
(5 ghz) Wireless Mode – AP Wireless Network Mode – AC/N-Mixed (unless you have only AC clients or are still relying on wireless-A) Wireless Channel – Auto (or the least crowded. DD-wrt exposes the middle frequencies under 149 and above 48 as selectable [per DFS preemption], see note1) Channel Width – 80mhz Extension Channel – Upper Lower (depends on the channel you use. lower lower for above 149, upper upper for below 48 ) Optimize Multicast Traffic – enabled Explicit Beamforming – enabled Implicit Beamforming – enabled Airtime Fairness – disabled (this currently causes wireless dropouts over time)
Wireless Security: WPA2 Personal with AES only (unless you run a RADIUS server or something, in which case choose enterprise..)
Advanced Settings (both bands): Basic Rate – All Transmission Rate – Auto CTS Protection Mode – Auto Frame Burst – Disabled
Advanced Settings (5ghz): Beacon Interval – 100 (set this a bit higher to save mobile clients some battery. Not too high so that wireless client’s don’t drop out from missed beacons) DTIM interval – 1 (can be set higher for battery saving of mobile clients, but since it works in tandem with beacon interval, it can cause drop outs if set too high as well, use 1 if beacon interval is set to 100) Fragmentation Threshold – 2346 RTS Threshold – 2347 Max Associated Clients – 128 (Personal preference. Say you want to restrict a certain number of IP’s for wired clients only. This setting would prevent wireless clients from taking all the IP addresses in the address range from the DHCP server) AP Isolation – Disabled TX Antenna – Auto RX Antenna – auto Preamble – Short (Long is for compatibility with older wireless devices. Most everything within 15 years works with short) Shortslot Override – Short (another compatiblity setting that affects G-clients in relation to older B-clients. Reduces the time in between sending packets to clients after collisions) TX Power– Auto (This will change as needed for the client while obeying regulatory domain) Bluetooth Coexistence Mode – Preempt (tells a bluetooth client which 2.4ghz channel the router is using to avoid transmitting on that frequency) Wireless GUI access – enabled (else your wireless clients can’t configure the router) Radio Time Restrictions – Disabled (personal preference) WMM Support – enabled (Wireless-N and newer require this for higher transmission rates) No-Acknowledgement – enabled (I use disable to avoid frequent throughput drops from a noisy wireless environment)
Apple has removed iTunes on macOS Catalina and replaced the music library part by a Music app. The iTunes ‘backend’ files like the Library.itl file to keep track of play counts, star ratings, and other metadata and a couple of .itdb database files to keep track of Genius playlists are no longer used. Moreover, album artwork is no longer kept, like the songs, in its own folder. If you store your music library on a (Synology) NAS you may run into issues since Music no longer creates automatically the .xml files where your playlists are recorded. You can manually export the library and playlists and store it in the music folder on the NAS, however SONOS is unable to read the content and extract the playlists. Other applications like VLC and Logitech Media Player (LMS) are still able to read these XML files, generated by the new Music app. It looks like Apple is drifting apart and is only focusing on its Apple Music streaming service. iPhone synchronisation within the Music app is missing (unless you subscribe to Apple Music) and done with Finder. Users like me, who want to listen to their locally (NAS) stored files without any need for an Internet connection will need to think about a plan B (i.e. no Apple Music).
Plan B for me is to use the ‘Export for iTunes‘ tool. This macOS Catalina compatible programme is able to read the Music app playlists and copies all files to the Synology NAS and exports the playlists to .m3u type playlists. SONOS version 10.6 software is able to read these playlists and to find all files on the NAS. You will find the content in the SONOS controller’s Imported Playlists. Once the playlists are displayed in the Imported Playlists, you can add them to the SONOS playlists. The ‘Export for iTunes‘ (Version 1.9.73 (1.9.733)) tool has many features to rename and convert your music files and allows you to copy the files in a new folder structure by artist, by album etc.
The main settings that do the job for me are:
ASCII encoding to make sure that SONOS can read all Artist and Song names with accents.
Who said the best things in life come for free? They do, check out my favourite FREEWARE list below. The list is built of applications and tools that I am using or I have deployed. While many alternatives may exist, these are the ones that do the job for me. There is no such thing as a free lunch, so you will need to tolerate some advertising or constraints in functionality. If you are willing to ‘pay that price’, you have a good deal. Enjoy the free ride!