Community discussions

MikroTik App
 
nishadul
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Thu Dec 13, 2012 12:04 pm
Location: Bangladesh

MAC based port forwarding rule

Fri Apr 30, 2021 1:51 pm

Hello,

I need yours help & suggestion.

I want port forward rule work after check device's MAC, I will store some device's MAC in router. if device's MAC same then Mikrotik apply port forwarding rule otherwise denied.
Pl help me is it possible.

Best regards,
Nishadul
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: MAC based port forwarding rule

Fri Apr 30, 2021 1:57 pm

You mean port forwarding on NAT?

If yes, on nat rue, on advanced tad, there are src-mac-address field
 
Guscht
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Jul 01, 2010 5:32 pm

Re: MAC based port forwarding rule

Fri Apr 30, 2021 2:15 pm

Unbenannt-1.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: MAC based port forwarding rule

Fri Apr 30, 2021 2:20 pm

You mean port forwarding on NAT?

If yes, on nat rue, on advanced tad, there are src-mac-address field
OPS....

If yes, when you create new NAT rule, on Advanced tab, there is the src-mac-address field
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: MAC based port forwarding rule

Fri Apr 30, 2021 8:46 pm

I want port forward rule work after check device's MAC, I will store some device's MAC in router. if device's MAC same then Mikrotik apply port forwarding rule otherwise denied.
While matching on src-mac-address does work in /ip firewall if some other pre-requisites are met, it only makes sense to use it if the packets come from a device in the same L2 segment, which sounds unusual in combination with port forwarding.

If the packets arrive via other routers, they do not contain the MAC address of the source device.
 
nishadul
Member Candidate
Member Candidate
Topic Author
Posts: 161
Joined: Thu Dec 13, 2012 12:04 pm
Location: Bangladesh

Re: MAC based port forwarding rule

Sun May 02, 2021 12:04 pm

My present port forwarding rule is
add chain: dstnat
dst. Address: 112.000.000.000
protocol: 6(tcp)
dst. Port: 8383

Action: dst-nat
To Address 192.168.50.50
To Ports: 80

its work from other router from others ISP, but I want when request send from other router of other ISP then my router check sender MAC address, if sender MAC same then work forwarding rule.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: MAC based port forwarding rule

Sun May 02, 2021 12:18 pm

Sender MAC address is not present in incoming packets, it will always be the MAC address of the router, not of the sender.
So this is impossible to do! (no matter if MikroTik or not)
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: MAC based port forwarding rule

Sun May 02, 2021 12:31 pm

its work from other router from others ISP, but I want when request send from other router of other ISP then my router check sender MAC address, if sender MAC same then work forwarding rule.
Perhaps some form of "port-knocking" is the second best thing you can do ?
Agree with the remote side they should for contact your WAN IP on some specific port(s) (at least 1 , but it can be a "sequence" to make it much more secure & complex to guess)
After the "port-knock" the remote IP is added to the desired ACL and you can "open up" the services you want. Eg the DNAT on 8383
(and you can leave it on the ACL list for a specific amount of time too)

Who is online

Users browsing this forum: norepto, svh79 and 73 guests