What's new

Port forwarding - only allow specific MAC

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pergola Fabio

Senior Member
Hi,

I'm setting up an PBX, need to open some ports for my VOIP phones/softphones....

But i only want to allow specific MAC addresses to use that specific port forward... can i do that?
How?

thnx in advance
 
MAC addresses of remote clients are NOT known beyond their own respective local networks! All you know on the device being remotely accessed is the client's public IP. And you can always add that information using the Source IP field of the port forward.
 
Oh, so that's not an option then :-(

No. MAC addresses are only known to the local ethernet network on which the device is running. It's strictly *local* information. When you communicate across the internet between any two devices, all either side knows is the public IP of the other. That's it.

However, as I said, you can use the public IP in the port forward.
 
Yeah, but the public IP can change, for instance my mobile device, I also need more public ip's ..

I can't do much about the fact the public IP may change. But you can always create additional port forwards that only differ by the Source IP. Or if it happens the public IP is always within the same subnet (e.g., 199.199.199.0/24), you can specify that instead of a specific IP.
 
Ok I can do that indeed...

Can you also specify multiple subnets like
199.199.199.0/24
And
200.199.199.0/24

And so one?

I can indeed lookup IP ranges of the ISP provider from the mobiles
 
The port forwarding GUI only supports *one* Source IP (or subnet) per rule, but you can create multiple rules.
 
The port forwarding GUI only supports *one* Source IP (or subnet) per rule, but you can create multiple rules.
CIDR notation is also supported for the source IP. I actually use that to open a port for my accountant's ISP. So, 24.10.20.0/24 would work.
 
CIDR notation is also supported for the source IP. I actually use that to open a port for my accountant's ISP. So, 24.10.20.0/24 would work.

Thanks. That's what I meant by subnet, but CIDR does make it clearer.
 
I had a look at list for ISP providers for my country, where a mobile can have a connection...

But that list is huge, just impossible to create so many rules in port forwarding...

A few years ago, I had a Synology router, I remember a setting in the firewall, where I could only allow regions in the port forwarding... Is this also possible on Asus?

So I could for example only allow my country...

 
There is a netfilter called geoip that is supposed to provide this type of functionality.


As you can see, that's an old reference (2006). It *may* be how your Synology managed this problem. But most routers don't support it because by its very nature, it consumes a lot of storage, esp. on what are typically resource limited embedded devices. Even if the feature was available, I have no idea how well the database is maintained. There's nothing within a given IP address that binds it to a specific location. Such information is a "best guess" based on the knowledge gathered by those most interested. Inaccuracies are highly probable.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top