Hello.
I have a list of MAC addresses which I would like to log when they connect to WAN from Internet.
Is this possible, and how ?
Thank You in advance.
Re: Log when a specific MAC connect ?
My take:
Depends on the size of your list.
Firewall raw rule, prerouting, and then 1 rule per src MAC address with action log.
Not sure you can use a list for MAC addresses ... but this creation process can be made easier a bit with some smart scripting.
Isn't it more logical to log simply all connections from WAN (should be done anyhow for monitoring, I think ?) and then only filter out those MAC addresses you specifically need for your purpose ?
Depends on the size of your list.
Firewall raw rule, prerouting, and then 1 rule per src MAC address with action log.
Not sure you can use a list for MAC addresses ... but this creation process can be made easier a bit with some smart scripting.
Isn't it more logical to log simply all connections from WAN (should be done anyhow for monitoring, I think ?) and then only filter out those MAC addresses you specifically need for your purpose ?
Re: Log when a specific MAC connect ?
If the connections are to your WAN from the Internet MAC addresses will not available.
Re: Log when a specific MAC connect ?
Damn, didn't know that.If the connections are to your WAN from the Internet MAC addresses will not available.
Re: Log when a specific MAC connect ?
Oh not to worry, there will be far too many opportunities to re-live that reality.Damn, didn't know that.If the connections are to your WAN from the Internet MAC addresses will not available.
Re: Log when a specific MAC connect ?
Oh not to worry, there will be far too many opportunities to re-live that reality.Damn, didn't know that.
Re: Log when a specific MAC connect ?
O.. well.. So it is not possible ? :'(
Pity.
Actually I maybe made the question too general.
The situation is as follow :
- I have a Dahua NVR, and when someone connect to it - I need to log it's MAC address, and if the MAC is not in a specific list - to deny access.
( if this give a better options )
Pity.
Actually I maybe made the question too general.
The situation is as follow :
- I have a Dahua NVR, and when someone connect to it - I need to log it's MAC address, and if the MAC is not in a specific list - to deny access.
( if this give a better options )
Re: Log when a specific MAC connect ?
MAC addresses are only relevant within an ethernet / layer-2 network, once the IP contents a router and forwarded elsewhere the originating MAC address is no longer known.
Within any individual router the MAC-to-IP mappings are known for the locally-attached ethernet networks, if you wish to control access to your NVR from devices on a local network you can use MAC source addresses, but not for remote devices as the information is just not available.
Using MAC addresses for authorisation is generally a bad idea - they are easily spoofed allowing other to impersonate a 'trusted' device, and more recently Android & iOS have introduced random fake MAC addresses when you connect to a WiFi network to prevent your MAC address from being tracked.
The correct way of setting up limited remote access would be to create a VPN server on your Mikrotik, and provide credentials and/or certificates to remote users.
Within any individual router the MAC-to-IP mappings are known for the locally-attached ethernet networks, if you wish to control access to your NVR from devices on a local network you can use MAC source addresses, but not for remote devices as the information is just not available.
Using MAC addresses for authorisation is generally a bad idea - they are easily spoofed allowing other to impersonate a 'trusted' device, and more recently Android & iOS have introduced random fake MAC addresses when you connect to a WiFi network to prevent your MAC address from being tracked.
The correct way of setting up limited remote access would be to create a VPN server on your Mikrotik, and provide credentials and/or certificates to remote users.
Re: Log when a specific MAC connect ?
Now as You wrote this and I did a research on it, seems like You are right on this.
Thank You guys !
Who is online
Users browsing this forum: No registered users and 28 guests