Port forwarding - only allow specific MAC

Pergola Fabio

Senior Member
Hi,

I'm setting up an PBX, need to open some ports for my VOIP phones/softphones....

But i only want to allow specific MAC addresses to use that specific port forward... can i do that?
How?

thnx in advance
 

eibgrad

Part of the Furniture
MAC addresses of remote clients are NOT known beyond their own respective local networks! All you know on the device being remotely accessed is the client's public IP. And you can always add that information using the Source IP field of the port forward.
 

eibgrad

Part of the Furniture
Oh, so that's not an option then :-(

No. MAC addresses are only known to the local ethernet network on which the device is running. It's strictly *local* information. When you communicate across the internet between any two devices, all either side knows is the public IP of the other. That's it.

However, as I said, you can use the public IP in the port forward.
 

eibgrad

Part of the Furniture
Yeah, but the public IP can change, for instance my mobile device, I also need more public ip's ..

I can't do much about the fact the public IP may change. But you can always create additional port forwards that only differ by the Source IP. Or if it happens the public IP is always within the same subnet (e.g., 199.199.199.0/24), you can specify that instead of a specific IP.
 

Pergola Fabio

Senior Member
Ok I can do that indeed...

Can you also specify multiple subnets like
199.199.199.0/24
And
200.199.199.0/24

And so one?

I can indeed lookup IP ranges of the ISP provider from the mobiles
 

eibgrad

Part of the Furniture
The port forwarding GUI only supports *one* Source IP (or subnet) per rule, but you can create multiple rules.
 

RMerlin

Asuswrt-Merlin dev
The port forwarding GUI only supports *one* Source IP (or subnet) per rule, but you can create multiple rules.
CIDR notation is also supported for the source IP. I actually use that to open a port for my accountant's ISP. So, 24.10.20.0/24 would work.
 

eibgrad

Part of the Furniture
CIDR notation is also supported for the source IP. I actually use that to open a port for my accountant's ISP. So, 24.10.20.0/24 would work.

Thanks. That's what I meant by subnet, but CIDR does make it clearer.
 

Pergola Fabio

Senior Member
I had a look at list for ISP providers for my country, where a mobile can have a connection...

But that list is huge, just impossible to create so many rules in port forwarding...

A few years ago, I had a Synology router, I remember a setting in the firewall, where I could only allow regions in the port forwarding... Is this also possible on Asus?

So I could for example only allow my country...

 

eibgrad

Part of the Furniture
There is a netfilter called geoip that is supposed to provide this type of functionality.


As you can see, that's an old reference (2006). It *may* be how your Synology managed this problem. But most routers don't support it because by its very nature, it consumes a lot of storage, esp. on what are typically resource limited embedded devices. Even if the feature was available, I have no idea how well the database is maintained. There's nothing within a given IP address that binds it to a specific location. Such information is a "best guess" based on the knowledge gathered by those most interested. Inaccuracies are highly probable.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top