What's new

How to restrict open port access to certain MAC addresses?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SamS

Regular Contributor
Hi guys,

I've been meaning to do this for a while, so here goes:

I've got an open port on my router, to access a music server program from my iPhone/iPad via 3G or WiFi outside my home. I use a DNS address to reach my IP. My router is the AT&T U-verse HGV3801.

Although this port is open, and the program that uses it is not set up for a password, the exposure (to me) is somewhat limited, as there are no files that can really be modified via the program that you could access. Still, it is technically open, if you know where to look.

So, I'd like to limit devices that can access this one UDP port to just a handful of MAC addresses, i.e. my iPhone and iPad. I realize that MACs can be spoofed, but that would be way to much effort for someone to go through. What kind of device or software can facilitate this? My router does not seem to allow for it. I only tell it which MAC ID behind my router uses that port, not which devices can actually access it.

Sorry for the noob questions, and maybe I'm not even fully grasping the concepts. But I appreciate any tips.
 
Hi guys,

I've been meaning to do this for a while, so here goes:

I've got an open port on my router, to access a music server program from my iPhone/iPad via 3G or WiFi outside my home. I use a DNS address to reach my IP. My router is the AT&T U-verse HGV3801.

Although this port is open, and the program that uses it is not set up for a password, the exposure (to me) is somewhat limited, as there are no files that can really be modified via the program that you could access. Still, it is technically open, if you know where to look.

So, I'd like to limit devices that can access this one UDP port to just a handful of MAC addresses, i.e. my iPhone and iPad. I realize that MACs can be spoofed, but that would be way to much effort for someone to go through. What kind of device or software can facilitate this? My router does not seem to allow for it. I only tell it which MAC ID behind my router uses that port, not which devices can actually access it.

Sorry for the noob questions, and maybe I'm not even fully grasping the concepts. But I appreciate any tips.
Most consumer routers support MAC address authentication for the wireless and wired LANs. From the WAN side (since you said "outside the home", taken to mean via the Internet rather than WiFi outside your house)... then the MAC address "Access Control List/ACL)" is N/A.

I guess you need username/password authentication - and that's available for the PC hosting the files, and/or the NAS hosting the media files.

Or upload them to a low cost/free cloud storage server.
 
I may not have explained my situation clearly.

I don't need p/w protection for the PC, the NAS, the files, etc. I don't need to host files via a cloud solution. I need a p/w or MAC-approved list for only the specific port that I access. I access this port via iPhone (3G or WiFi outside of the house), or iPad (WiFi while traveling).
 
MAC addresses can't be routed, they are removed when a packet goes through a router, to be replaced by the router's MAC (and this happens at each router), which means it can't be used as an authentication method outside from your LAN. So, you can not have a list of "approved" MACs for a certain port when accessing it from the internet (the WAN port). Like Stevech said, the authentication (password protection) should be on the service that provides access to your files. Otherwise, the only way a MAC can be used for remote authentication is through a VPN, but then, the VPN is normally secure enough, removing the need for a MAC filter...
 
Thank you for that explanation. I guess I'm back to my dilemma. Secure the port with a password (a pain because I have to login constantly whenever I'm at home), or risk someone sniffing out that open port. You can't access files or data via that port, just the program settings.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top