I have 2 ISP connection and all my servers and client connected with Mikrotik Router. I have a webserver and some other server like print and CCTV.
I have fwd some ip to my File Server and others
Like
xxx.XXX.XX.118 to 192.168.3.1
If I try to access xxx.XXX.XX.118 it will fwd to 192.168.3.1 and it’s my file server.
XXX.XXX.XX.117 to 192.168.3.248 (camera).
192.168.3.1 is my web server
What I need I want to give access only with some mac. (Mac filtering) None will be able to access without permission (MAC).
I can access my web server from outside of office with mobile or laptop. But I want to secure the access. So i need MAC filtering which will allow only the listed mac to access my servers.
What you want is impossible.
MAC addresses do not travel across the Internet.
If you were to do a sniffer capture on your WAN interface, you’d notice that 100% of the packets coming in from the Internet will have exactly the same MAC address.
That MAC address will be the one on your ISP’s router.
What if you setup a VPN connection that allowed you to tunnel into your inside network, and instead disabled all other forms of outside access from the public IPs?
Solutions to block access except from known clients:
password-protect the site and use SSL so that the passwords aren’t captured. (should probably do this regardless of the other security measures implemented)
employ port knocking to temporarily open pinholes for incoming clients
use client-side SSL certificates
require VPN connectivity to reach the server (i.e. don’t map ports 80/443 to the server from the public Internet at all)
(#4 is terminal205’s suggestion, and it’s a good one)
Indeed a good recommendation. Those devices are like swiss cheese w.r.t. security, and a VPN allows you to put an extra authentication in front of them.