Allow specific LAN client to only access AnyDesk while blocking all internet access

Hi all,

Router: I am using RUTX50.
Objective: There is a PC connected to the wired local network and I need to block its internet access and only allow AnyDesk connection.

I tried to implement this via Traffic Rules by blocking all outbound traffics and only allowing ports mentioned in the AnyDesk webpage but that did not work.

I may be wrong but I think I need to implement using Web Filter Proxy Based Allow-List. However, it looks like the Web Filter, if configured and enabled, applies to all the LAN interfaces.

Can someone advise how I can implement Web Filter only to the specific device connected in the wired LAN?
Alternatively, is there a better way to implement what I am trying to achieve?

Best regards,
ARai

I believed you are in the right track. On the traffic rule you’ve created, make sure you drag it up to the top. Last time I remember (based on my previous experience as well) traffic rules priority is based from top to bottom.

The Gato is right, traffic rule is probably better for this use case. Anydesk uses ports 80, 443 and 6568 according to their publicly published information here:

What you could do is:

  1. Reserve an IP address for a PC using its NIC MAC address (i.e. reserve 192.168.1.50 for MAC AA:BB:CC:11:22:33). Reboot the PC (or refresh lease manually via CMD “ipconfig /release” and “ipconfig /renew” if PC is running Windows-based OS)
  2. Make a traffic rule that allows communication from source IP 192.168.1.50 to any host in WAN zone when destination port is set to 6568 (TCP protocol only)
  3. Below that rule, add another traffic rule to block all IP-based communication from LAN zone, source IP 192.168.1.50 to any destination (0.0.0.0/0) to WAN firewall zone. (and as the Gato mentioned, put it almost at the top of rule list, but make sure it’s below the initial allow rule)
  4. Try to boot up the PC with 192.168.1.50 IP address and attempt to access any website - it should not be possible. However, if you attempt to connect to something via Anydesk, it should work. Make sure to verify whether PC has obtained 192.168.1.50 IP, by the way.

Also, it seems that Anydesk recommends to whitelist any hostname resolution starting with ".net.anydesk.com. You can throw that in your web filter if you notice any issues specifically with Anydesk connectivity.

In this case you’ve essentially configured Layer 4 firewall. Hopefully it’ll be enough, but do note that you might have to fiddle with firewall settings a little bit more to make things work properly.

Hello,

It should work with the traffic rules. Please try following the suggestions other users have mentioned here, and let me know if it helps. If not, we will proceed with further troubleshooting.

Best Regards,

Thanks Gato, I have already implement the ways you have suggested, that is block internet access for the IP address of the PC and only allow TCP-Ports 80, 443, and 6568. I also allowed the UDP port with the range of 50001-50003 as advised in the AnyDesk website but no success.
The only thing I have not tested is whiting .net.anydesk.com as I am not sure how I can do this on the Teltonika router.

This topic was automatically closed after 15 days. New replies are no longer allowed.