Block access to the internet for one device, but still use home network

dubster · 4 Dec 2021 at 12:37

Hi folks

I've got a synology diskstation, and a media player (Mi TV Box 3) I want to use with it.
But I want to prevent the TV Box from accessing the internet, or being accessed from the internet yet still access the diskstation on the home network.

Does anyone know - On my Sky router, if I add an Inbound and Outband firewall rule which says block access to Any - it will achieve what I'm after?

Only reason I'm asking and not giving it a go is that it's imperative that the Tv Box doesnt get to the net - if it does the first thing it will do is update its firmware and lose a feature I don't want to lose.

Any advice would be gratefully received.

Thanks all

dubster · 4 Dec 2021 at 17:40

Basically it's on Android 6 which still allows for Dolby TrueHD and DTS-HD Master.
It uses something called IEC61937 which gets removed with Android 7 onward for some reason.
Youve got no way of blocking the auto update either.

I even tried writing to Xiaomi to tell them I wasn't giving them permission to update my box and they said there's nothing they can do about it.

Sure enough as soon as it touches the internet it jumps to "installing update".

dubster · 4 Dec 2021 at 17:49

pepp77 said:
Might be easiest to statically give it an IP address but not a gateway. Will be able to communicate with devices locally but never get to the internet.

Is that something you can do via your router?? It's currently on a static IP and I was thinking of adding that into the firewall rules as block everything inbound and outbound.

dubster · 6 Dec 2021 at 08:01

Nah sadly the Sky router doesnt let you block based on Mac or I would've gone down that route.
Also the TV Box doesnt let you set gateways etc, its similar to a Firestick - you just pick your network, that's your lot.

So the route I was thinking was set IP using Mac on the router.
Block the IP I set in the DHCP screen in the firewall rules.

dubster · 6 Dec 2021 at 08:18

I've not seen a way of doing it on the box but I'll double check.
I've given it a static IP on the router up til now.

I don't think setting it on the box itself would make any difference in terms of what I need though as I'm pretty confident the internal update process on the box contacts the Xiaomi server using IP address as people have tried blocking Xiaomi using hostnames in the past and their boxes still get upgraded.

Rats if it blocks local network too I guess I'm going to have to buy a new router just for internal use only then. Thanks for the info though.

dubster · 8 Dec 2021 at 16:31

Awesome, thanks folks. Im back home tomorrow so I will double check the TV Box and see if I can set the gateway on it - Im 99% sure though that all you can do is pick a wireless network and thats it. If not then I'm looking for an asus router that supports merlin firmware. I'm guessing this is custom firmware I'd have to flash or something?

dubster · 8 Dec 2021 at 16:47

No I'm fairly sure it uses IP to get the updates.
Loads of people have tried blocking services and it always gets around it. Even down to disabling the android update service and still.. persistent bloody thing.

It was mentioned above about not providing a gateway. Is that something I could do at router level?

I.e. buy any old router, give that router no gateway, plug my TV box into that router and that router into my existing one. That way anything going via the new router (and from there into the existing one) won't have a gateway? Or would it then pick up the gateway once it gets to my existing sky router?

dubster · 8 Dec 2021 at 21:34

ahh yeh course you're right. sounds like asus router is gonna be the only option then. (unless by luck the box static ip lets me specify a non existant gateway

dubster · 14 Dec 2021 at 20:29

AtaRo said:
This can be easily be done using asuswrt router that supports merlin firmware,
don't know if the asus stock firmware supports the MER option.

Just wanted to say a big thank you for the suggestion.

I managed to pick a 2nd hand asus router off ebay for 35 quid, just put merlin firmware on and have access to the very screen you've put above.
Gonna try hooking it up to the existing router tomorrow to give the asus router access to the internet and hopefully the tv box will be blocked from the net and the rest will work as before.