Blocking Internet-access for the DAWs (connected to LAN)

General discussions on songwriting, mixing, music business and other music related topics.
Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 12:31 am

Well, till now I have the DAWs in a network which is basically a switch without any www access.

I now want to have one single network for all my computers, LAN and WLan - NAS storage etc - so basically I need to connect the DAWs to the network which provides internet access as well.

BUT I do not want the DAWs to have internet access in any way.

Is this possible?

I will/want to use an airport extreme
- Notebooks connected via Wlan
- NAS storage connected to one of the Gigabit-Ports
- my old dlink Gigabit-switch (were all DAWs are connected) hooked up to another GBPotrt.

That way I would have a network with the DAWS, an NAS server and office PC/Notebooks.

Now I only need to avoid the DAWs to connect to the internet.. I do not like to have windows-updates etc running on a solid offline system.

IS this possible?!

Thanks for any hint - I googled a lot but anybody basically explains "why the heck do you need to block internet access?!??" Usually dudes are asking because they did not want their kids to access the www...
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

JayRoseCAS
Junior Member
Posts: 81
Joined: Mon Apr 30, 2012 8:51 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by JayRoseCAS » Thu Jul 12, 2012 3:20 am

Shouldn't be too hard to do it from your router. Just set up the 'client access' page so the IP address of your DAW is blocked from Port 80.

(Not sure how to do this on Airport Extreme... even though this is primarily a Mac shop, we're using a Belkin router.)
Lots of useful stuff......and info on my studio...
at http://www.jayrose.com
(Nuendo setup: 7+..., Mac 10.8+ on 3.2GHzQuad 8GB, MOTU 2408, Blackmagic Intensity, TC Powercore, MCP plus expander, Steinberg mini control panels, lots of plugins, SoundMiner.)

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 6:44 am

Well, thanks a lot! I will check this out - while I hope this is possible with the Airp Extreme, otherwise I might return it for something else. If I remember correctly I had years ago a cheap Allnet-Router were I was able to very simple disable internet for certain computers... This might be 10 years ago or something. Was not able to find something similar in the controlls for my current Netgear.
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 3:34 pm

JayRoseCAS wrote:Shouldn't be too hard to do it from your router. Just set up the 'client access' page so the IP address of your DAW is blocked from Port 80.
If you block port 80 you only block http. This doesn't block the internet access.
Last edited by riwe on Thu Jul 12, 2012 3:38 pm, edited 2 times in total.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 3:37 pm

I was curious about that as well.. I checked my current router - I can block a lot of ports/services manually.

Maybe it would be fine to block ALL exept the one which is needed for accessing network attached storage... Is this possible?
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 3:38 pm

To block the complete internet access, the simpliest way is to block the mac address of your daw.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 3:41 pm

Will I still be able to have the DAWs access each other then as well as the network storage?
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 3:47 pm

First it depends how your daw is connected. Is it connected to the router or is it connected via a switch to the other network devices and the switch is connected to the router,

In the first case you have to block the mac address (of your daw) in your router. To do this you have to create a rule in your router that block's the outgoing (to the internet) and ingoing (from the internet) data, but lets pass the other data.

In the second case you only block completely the mac address of your daw in your router.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 3:57 pm

Riwe, thanks a lot for the help!!

So - most likely I will just hook up the current switch with all DAWs to the router... like you described for the second way.

But I have no clue how I should connect the NAS (network accessed storrage) now.. Currently it is connected to that switch as well and everything is fine EXEPT that I can not access the NAS from the WLAN.

Basically I am doing this redesign because I need to access to that NAS from ALL computers but I do not need to access the DAWs. Currently I have a dedicated computer with two network cards to manage the transfer from the DAWs (via shared folder on the NAS) to transfer files to the internet and vice versa.
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 3:58 pm

Do you need to access the NAS from outside (internet)?
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 4:06 pm

Well, a good question - I would say I do not need to access from the internet necessarily - I use dropbox and cloudstuff for that - but I need to access from internal LAN/WLan (via the router)..
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 4:22 pm

So you can connect your NAS at the switch too.
If you cannot access your NAS from inside your LAN this can be a problem of the access rights from the NAS. If you can access the NAS from some computers and for others not, you can try to change the user access rights in the NAS. Another possiblitiy could be that your NAS have a built-in firewall. If so you can check it, if it blocks your computers.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 4:29 pm

Ah ok - I understand! So I basically will just block the DAWs MAC adresses completely in the router which will result in a blocked connection in any way - to the internet and to/from WLan connected internet-computers etc.

That would be what I want (for safety issues)

But in the same time I will NOT block the NAS in the router which will enable me to access it from all router-connected-internet computers AS WELL as from all the DAWS (because it is on the switch together with them).

Right?

If yes - than it is damn easy, but I was not aware of this easy solution because I am just a drummer :-)

Thanks a lot, riwe!

Brandy
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 4:34 pm

Exactly!
So you use the router only for the internet access (and the wlan) and the router is connected to the switch. All other network devices are connected to the switch.

You're welcome!

It always is easy when you know it ;)
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Thu Jul 12, 2012 4:42 pm

Great! Damn easy :-)

Thanks a lot! :P
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Thu Jul 12, 2012 6:01 pm

:)
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Wed Jul 18, 2012 6:51 pm

Well, I yesterday set up the new router and it is quite awesome at which speed a 5Ghz WLan with 802.11n works!

BTW - I am using this router: http://www.asus.com/Networks/Wireless_Routers/RTN66U

I returned that Apple Airport Extreme, I was not happy with the philosophy and options - I prefer a regular browser-GUI with all those options, even when I do not have a clue ;)


BUT I am not able to block the DAW (s) from the internet like I want, I can block all kinds of ports and services, currently I blocked TCP Port 80 as well as I enabled that babysitter/safersurf feature and blocked the DAW over there as well.

Now I still can access the DAW via the network - not a bad thing, but is it safe enough to just block Port 80?

I do not know how to block it completely - I do not want to create dozens of rules in the firewall to block each port manually. I made a screenshot of that firewall menue. The device which is set up already is my DAW. I had to use some kind of MAC adress with fixed IP first so the router will give always the same ip to that MAC adress.

What should I type into those fields? It btw would be cool to have access via the internal LAN to the DAW though, but I want to minimize all kind of risks regarding the www / viruses etc because I am not running virus scanner as well as I am not using windows update on the DAW..
firewall.jpg
(78.06 KiB) Not downloaded yet
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

twelvetwelve
Member
Posts: 722
Joined: Wed Dec 15, 2010 9:35 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by twelvetwelve » Fri Jul 20, 2012 12:29 am

Just curious - why would you want to block it?

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Fri Jul 20, 2012 6:23 am

It depends on what you want:
Do you want that your DAW isn't able to access the internet (from inside your LAN) or do you want that your DAW can't be attacked from outside?
If you only want that your DAW isn't able to access the internet you can close the ports 80 and 445. But remember that this disables your DAW only to access the WWW, not the internet.
In the other case you have to do something like that what I described in my previous posts.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

User avatar
Bifop
Member
Posts: 292
Joined: Thu Dec 16, 2010 4:28 am
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Bifop » Sat Jul 21, 2012 3:29 pm

My solution is to manually set the IP for each of my daws and simply don't fill the DNS fields.
No internet but local network, NAS, shared printers still work.
Personal setup : Nuendo 8.2 on ASUS PRIME Z270-A -I7 7700K - Win10 pro 64bits- SSD - 4 x LCD screens + 40" on Blackmagic intensity. Steinberg UR824 + MR816 - 2 X Avid Artist Mix + Artist control + Euphonix transport. LCR Focal Twin.

Nuage 32 faders on Mac Pro 12 cores. 5.1 Focal twin. Ssl Xlogic Alpha link Madi at workplace.

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Sat Jul 21, 2012 3:53 pm

likelystory wrote:Just curious - why would you want to block it?
I don't have virus scanner and stuff on the DAWs, no windows updates etc. I have in mind that it was never a good idea to have your DAWs access the internet. It always was a big NO go.

Maybe if you have a Mac it would be fine, OR if you use a computer which is always up to date and stuff....
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

twelvetwelve
Member
Posts: 722
Joined: Wed Dec 15, 2010 9:35 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by twelvetwelve » Sat Jul 21, 2012 6:42 pm

Brandy wrote:
likelystory wrote:Just curious - why would you want to block it?
I don't have virus scanner and stuff on the DAWs, no windows updates etc. I have in mind that it was never a good idea to have your DAWs access the internet. It always was a big NO go.

Maybe if you have a Mac it would be fine, OR if you use a computer which is always up to date and stuff....
Use Microsoft Security Essentials or Avast as they have very little system overhead (I don't even notice them). I think these days it's perfectly fine to have your DAW connected to the internet - I know mine is connected and I've never had an issue related to being online.

riwe
Junior Member
Posts: 137
Joined: Wed Dec 15, 2010 5:11 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by riwe » Sat Jul 21, 2012 7:23 pm

likelystory wrote: Use Microsoft Security Essentials or Avast as they have very little system overhead (I don't even notice them). I think these days it's perfectly fine to have your DAW connected to the internet - I know mine is connected and I've never had an issue related to being online.
Me too. Never had problems with my DAW connected to the internet. But I would not recommand any AV on a DAW because it slows down the file access. And the MS security essentials aren't so good because it has no behavioral surveillance.
N 6.5.35 (32Bit & 64Bit) + NEK | WL 8.5.20 (64Bit) | W7 Pro x64 | 16 GB RAM | RME HDSP MADI | RME Firefcae 800 | UAD-2

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Sun Jul 22, 2012 6:00 pm

Mh, well - I head about issues regarding "autoupdates" - I do not like the idea to have my system changed in any way while in session... Ok, I have autoupdates disables, but now I have to fear regarding security things... or not?

Is it safe to have a DAW connected to the www - without using a browser or any other kind of websurfing ? Of course behind a router-firewall.

I dislike the idea to install any kind of anti virus stuff.
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

Brandy
Member
Posts: 999
Joined: Sat Dec 18, 2010 4:59 pm
Contact:

Re: Blocking Internet-access for the DAWs (connected to LAN)

Post by Brandy » Sun Jul 22, 2012 6:06 pm

Maybe I am just too oldschool. As I said - it always was a big No Go to have a studio computer connected to something else. But that was Win 98 se days...?
Christoph Brandes | Iguana Studios | Freiburg/Germany | Facebook | C8 - N6.5 - WL8 and lots of stuff like that | still originally registered in deepest 2001

Post Reply

Return to “Steinberg Lounge”

Who is online

Users browsing this forum: No registered users and 0 guests