Greetings everyone,
Im doing some experiments on my lab, and i cant get to an acceptable result yet, now i have the following scenario:
4G antenna → rb750GR3/eth1 → server on internal network(eth2-5)
THE GOAL: get information from some internal servers outside the network.
IMPEDIMENTS:
I cannot use a VPN
I cannot add authentication (user & pass) to the servers, because i dont have acess to the software
MY SOLUTION (incomplete):
- I have done a port forward (dst-nat) to the servers, but now i want to filter the MACs that can communicate with them
- Created an Address List name:allowedGroup with the MAC addrs that i want to do the communication
- Added the first filter rule: action:accept , chain:forward , in.interface:eth1, dst.addresses:allowedGroup
- Added the second filter rule: action:drop , chain:forward , in.interface:eth1, dst.addresses:!allowedGroup
but the filter rules are not working
There is any way of restrict the acess to this servers, and still use the port forwarding ?