feature request: WAN/DMZ to mac address

[cameos]

I'd like to put a computer in DMZ by its MAC address (not by its IP). Since MAC address is fixed even when DHCP server assigns the computer with a different IP.

 

[L&LD]

A mac address is not fixed, it can be spoofed. Better to use reserved DHCP list and give that computer a fixed IP.

 

[cameos]

A mac address is not fixed, it can be spoofed. Better to use reserved DHCP list and give that computer a fixed IP.

All connected devices are mine, and I don't spoof mac address, thanks.

 

[eddiez]

All connected devices are mine, and I don't spoof mac address, thanks.

Wat he is saying is that it is a security risk to use MAC because it is easily spoofable. By a rogue program inside your LAN for example. It will open up your network completely. Whether or not all the connections are yours is not of importance, it will still cause a security risk.

Just make the IP static or reserved for that specific client. That's what those functions are there for...

 

[Calisro]

lol.So its a security risk because he may spoof his mac? It isn't a risk to use a mac address. Anything is spoofable on an internal lan. If you use a IP for the dmz, you can easily change an IP as well.

While I LOL @ the security "risk", I do agree that it is just easier to assign an consistent IP to that client and be done with it.

 

[cameos]

Wat he is saying is that it is a security risk to use MAC because it is easily spoofable. By a rogue program inside your LAN for example. It will open up your network completely. Whether or not all the connections are yours is not of importance, it will still cause a security risk.

My LAN is secure, I don't share my LAN with friends (they connect to a separate network).

And really, I don't buy your "security risk" theory.

 

[Prevok]

lol.So its a security risk because he may spoof his mac? It isn't a risk to use a mac address. Anything is spoofable on an internal lan. If you use a IP for the dmz, you can easily change an IP as well.

While I LOL @ the security "risk", I do agree that it is just easier to assign an consistent IP to that client and be done with it.

How is this funny? Regardless of how right or wrong he is (even thought it's not accurate) I fail to see how this is funny. Your profile says you are 40 years, act like it.

As for the question asked by the OP, what you are asking is technically not possible. The MAC address operates at the Data Link layer, while the IP operates at the Network layer. The DMZ really is just a setting on the firewall and unless I am mistaken, it operates on the Network layer. In order to achieve what you ask, you have to use DHCP reservations (which are assigned based on the MAC address).

Cheers.

 

[Calisro]

How is this funny? Regardless of how right or wrong he is (even thought it's not accurate) I fail to see how this is funny. Your profile says you are 40 years, act like it.
Cheers.

It is very funny how people say "security risk" when they have no F'n clue what they are talking about. I find it LOL funny. If you're going to act like an authority on the matter at least be close to right.

As for my age... 40 year olds can't find ignorance funny? I find you funny. All starting "seriousness" on an internet forum. Get a life.

 

[Calisro]

As for the question asked by the OP, what you are asking is technically not possible. The MAC address operates at the Data Link layer, while the IP operates at the Network layer. The DMZ really is just a setting on the firewall and unless I am mistaken, it operates on the Network layer. In order to achieve what you ask, you have to use DHCP reservations (which are assigned based on the MAC address).

Cheers.

Yet anothet network expert. It possible just not applicable to this firmware. Other routers do it...

http://www.linksys.com/gb/support-article?articleNum=140747

 

[gatorback]

Hopefully, the OP has pinned the MAC to an LAN IP, so that particular device can be addressed. This has been solved and should be closed out.

 

[kvic]

Yet anothet network expert. It possible just not applicable to this firmware. Other routers do it...

http://www.linksys.com/gb/support-article?articleNum=140747

Nice finding. I found somewhat enlightening. I thought someone will jump out and claim such feature is available on a thousand dollar router... Seems this feature is available to consumers for many years. lol

 

[Prevok]

Yet anothet network expert. It possible just not applicable to this firmware. Other routers do it...

http://www.linksys.com/gb/support-article?articleNum=140747

This is nothing. At best Linksys put an abstraction layer on the functionality, which would translate in a re-engineering of the firmware, which Merlin will never do and which is fine. For all I know, Linksys reserved an IP or a range for that functionality to work. I am happy to be wrong, but I don't think DMZ straight from a MAC is possible.

 

[Calisro]

This is nothing. At best Linksys put an abstraction layer on the functionality, which would translate in a re-engineering of the firmware, which Merlin will never do and which is fine. For all I know, Linksys reserved an IP or a range for that functionality to work. I am happy to be wrong, but I don't think DMZ straight from a MAC is possible.

Of course they did some abstraction. Does it matter? The OP didn't say he wanted this to be done a specific way (natively in iptables) nor does he care. Is it possible? yes. Is it unneccessary? probably. dmz mode itself is unneccessary but that is just an opinion so it doesn't matter.

 

[Zirescu]

I'd like to put a computer in DMZ by its MAC address (not by its IP). Since MAC address is fixed even when DHCP server assigns the computer with a different IP.

If you haven't already, you can do a manual IP assignment inside your DHCP scope under the LAN section so that the device you want in the DMZ always gets the same IP address.

LAN-> DHCP Server
Enable Manual Assignment: Yes
From the Drop Down list under: Manually Assigned IP around the DHCP list (Max Limit : 128)
Select the MAC or device name, or manually enter it, enter the IP, name, and then click the + button.
Then click Apply.

 

[eddiez]

It is very funny how people say "security risk" when they have no F'n clue what they are talking about. I find it LOL funny. If you're going to act like an authority on the matter at least be close to right.

As for my age... 40 year olds can't find ignorance funny? I find you funny. All starting "seriousness" on an internet forum. Get a life.

Respect and good manners don't come with age, that's for sure. Just provide the citation in which the claim of being an authority was provided. I am sure it only exist in your complacent mind.

 

[Calisro]

Respect and good manners don't come with age, that's for sure. Just provide the citation in which the claim of being an authority was provided. I am sure it only exist in your complacent mind.

Were your feelings hurt? If you don't know the answer then don't answer and spread bad information. The only thing worse than no information is .....

And you talk about respect and manners? Sounds like your my age?
http://www.snbforums.com/threads/problem-with-my-rt-ac68u.26617/#post-200077

 

[RMerlin]

Guys, back on topic please, or I'll put the hammer down on this thread.

 

[cameos]

If you haven't already, you can do a manual IP assignment inside your DHCP scope under the LAN section so that the device you want in the DMZ always gets the same IP address.

LAN-> DHCP Server
Enable Manual Assignment: Yes
From the Drop Down list under: Manually Assigned IP around the DHCP list (Max Limit : 128)
Select the MAC or device name, or manually enter it, enter the IP, name, and then click the + button.
Then click Apply.

I can and actually do use DMZ to static IP but I think DMZ to MAC is easier. My old Linksys router has this feature and I like it.