Setting up media content on network?

DrunkCookies · May 13, 2014, 5:42pm

Don't know exactly how to word all of this. I am basically trying to connect my small LAN/HTPC PC to our home router so that my PS3/360 can stream movies off of it without letting the PC connect to the Internet.

I live out in the country (horrible for a tech guy) and my home Internet is using Verizon's HomeFusion 4G Broadband. My mother and little brother use this for their needs, but has a 10GB cap. I use my iPhone 5 as a hotspot (unlimited data). I want to be able to connect my LAN/HTPC to the router for the ability to stream all my movies to the PS3/360 downstairs, but I do not want the PC to connect to the Internet.

Is there a way to set this up? I have a Netgear WNR2000 v3 with DD-WRT installed on it, but not being used. I also want to be able to connect my main gaming rig to the LAN/HTPC for transferring files between the two.

Example of how I want everything to work:

I want to rip and encode the movies on my gaming rig. Once that is down, I want to transfer the files over to the LAN/HTPC (preferably via Ethernet). I do not want either of these computers accessing the Internet through the HomeFusion router (due to the data cap). The LAN/HTPC has a WiFi card installed, and both computers sit in my room upstairs. The PS3 is connected downstairs to the HomeFusion router for game updates and stuff like that. I want to use the HomeFusion router as a hub between the LAN/HTPC and PS3.

I don't know if its possible to do so, or how to do it. If anyone could help me out, that would be great!

Freq_Labs · May 13, 2014, 6:50pm

So in other words, you have two internet connections, and you want all of your machines to have access to each other, while having individual control of which uplink each device uses, and with the option of blocking the internet entirely on certain machines?

Durasara · May 13, 2014, 6:59pm

sounds like a job for a vlan.

Durasara · May 13, 2014, 7:01pm

or maybe a set of iptables rules on that ddwrt router. That'll also get it done.

DrunkCookies · May 13, 2014, 7:13pm

When I'm home, my gaming rig is plugged into my phone for constant Internet, I only connect the LAN/HTPC to my phone when I need to update something for a game. I was thinking there might be a way to connect both PCs to the Netgear router, then bridge the routers together (somehow), but not let them access the Internet via the HomeFusion, only to steam movies

DrunkCookies · May 13, 2014, 7:13pm

explain?

DrunkCookies · May 13, 2014, 8:22pm

Is there a way to connect all 3 devices to my Netgear router, then somehow bridge a connection between the Netgear and the HomeFusion? Then block all Internet access to the 2 PCs on the Netgear?

Durasara · May 14, 2014, 9:08am

Ok iptables crash course here hang on to your cookie.

So, you only want one box to be unable to access the internet, but allow it to access other computers on the network. With iptables, you can deny traffic on a certain set of ports for certain ip addresses. So, for example, your media server has an IP address of 192.168.1.12, statically assigned (and make sure it stays static). On dd-wrt side, you can go to administration>commands and enter in an iptables command, adding a rule that will block all web traffic, defined by ports. Example would be:

iptables -I FORWARD -p tcp -d 192.168.1.12 -m multiport --dports 80,8080,443 -j REJECT

Which, if I did it right, should block all http and https,destined to that one ip address.(A list of ports you can block can be found here: http://www.webopedia.com/quick_ref/portnumbers.asp)

You can also block all traffic, if you like, like so:

iptables -I FORWARD -d 192.168.1.12 -j DROP

Which, again if I did it right, would block all traffic destined for that address, but since it's a forward rule it should only block all traffic from your wan to that ip, not from the other computers on the network.

To test the rules is simple, at that same command page click "run commands". That will keep that rule active until you power off the router. So, if something goes wrong, just reboot the router, no harm done. If you are satisfied with the result, reboot the router, enter the commands again, and click "save firewall". Then, it's permanent and after that to reset it you would need to edit the iptables config file via ssh, recover from backup, or reset the router to factory defaults.

To read more about what you can do with iptables, ddwrt has a wiki on it. http://www.dd-wrt.com/wiki/index.php/Iptables_command

A different thing you can do is edit some vlans, which most dd-wrt installations support, but is device dependant. Go to setup > vlan and there you can make another vlan. You should have 2, one for lan, one for wan. You can make a third one by unchecking port 4 on vlan 1, moving it to vlan 3, and click save. After you reboot the router, go into setup > networking > port setup and set vlan3 to unbridged, and set the ip addresses as necessary. Then, go back into your command page and add the following commands.

iptables -I FORWARD -i vlan2 -o vlan3 -j DROP
iptables -I FORWARD -i vlan1 -o vlan3 -j ACCEPT

This, again, if I did it correctly, should allow communication from your media server's vlan to the rest of the lan, but block any traffic from your media server's vlan to the wan.

I hope this made sense. I took waaaay too long trying to explain.

Durasara · May 14, 2014, 9:16am

Aaaaand reading your post again I realized that the solution I gave does not really solve much. I should stop commenting on threads when I'm sleep deprived. -_-

DrunkCookies · May 14, 2014, 12:39pm

sleep is for the weak