Hello,
I need yours help & suggestion.
I want port forward rule work after check device’s MAC, I will store some device’s MAC in router. if device’s MAC same then Mikrotik apply port forwarding rule otherwise denied.
Pl help me is it possible.
Best regards,
Nishadul
You mean port forwarding on NAT?
If yes, on nat rue, on advanced tad, there are src-mac-address field
OPS....
If yes, when you create new NAT rule, on Advanced tab, there is the src-mac-address field
While matching on src-mac-address does work in /ip firewall if some other pre-requisites are met, it only makes sense to use it if the packets come from a device in the same L2 segment, which sounds unusual in combination with port forwarding.
If the packets arrive via other routers, they do not contain the MAC address of the source device.
My present port forwarding rule is
add chain: dstnat
dst. Address: 112.000.000.000
protocol: 6(tcp)
dst. Port: 8383
Action: dst-nat
To Address 192.168.50.50
To Ports: 80
its work from other router from others ISP, but I want when request send from other router of other ISP then my router check sender MAC address, if sender MAC same then work forwarding rule.
Sender MAC address is not present in incoming packets, it will always be the MAC address of the router, not of the sender.
So this is impossible to do! (no matter if MikroTik or not)
Perhaps some form of “port-knocking” is the second best thing you can do ?
Agree with the remote side they should for contact your WAN IP on some specific port(s) (at least 1 , but it can be a “sequence” to make it much more secure & complex to guess)
After the “port-knock” the remote IP is added to the desired ACL and you can “open up” the services you want. Eg the DNAT on 8383
(and you can leave it on the ACL list for a specific amount of time too)