MAC address to IP address filter


#1

I really like being able to give names to machines in the client list. I would request there be a way to lock/filter/bond a MAC address to an IP Address. It would be great in the Client List to able to click something for that entry and it becomes bonded and only that MAC address can use that IP address.

Just a thought.

Thanks.


#2

If you mean traffic filtering based on MAC address , it would be a good recommendation.


#3

I am aware of the fact that MAC addresses are not immutable but they are good enough for most cases.

So, yes, I too would like to be able to control/filter Internet access based on client’s MAC address.

In fact, I also would like an option in the GUI to specify a general rule to the effect of “deny external network access to all MAC addresses unless explicitly allowed”.


#4

I like to name all my LAN clients too, and I do this under Network > LAN > DHCP Reservation on the Balance web admin page.

And now that IP address is bound to client MAC address, we could define firewall access rule for certain IP/subnet from there on?

Hope it helps.


#5

‘Network > LAN > DHCP Server Settings > DHCP Reservation’ is good… except that the name I assigned to the client doesn’t seem to show up anywhere else.

It would be a lot more useful if, for example, those names showed up (as another column, preferably) under ‘Status > Client List’ page or any such reports.

And, now the second part of my feature request:

Currently, the default behavior is that any new client that just connected to the LAN gets automatic access to the external network.

This doesn’t help much if you need to keep a tab on who gets to share the precious bandwidth to the outside world (IOW, not as a security measure per se, but purely as a solution to bandwidth allocation problem.)

To solve this problem, I need a way to flag whether a client has a right to access to the external network --and unless I have explicitly authorized it so, it shouldn’t be able to.

The best place, it appears to me, is to put an option (checkbox, default unchecked) labeled something like “External Access” in ‘Status > Client List’. This would, then, cover the non-DHCP clients too.

Or, is there any other way I can do this sort of thing with the current firmware?


#6

Maybe a little late in replying, but hopefully others can find this useful too :slight_smile:

The work-around we use is to allocate internal addresses into specific ranges. For example:

PC’s that need Internet access go into the range 10.0.0.32/27 (10.0.0.32 - 10.0.0.64). These addresses are allocated by DHCP reservations (and now are also enforced by a managed switch). The default DHCP range puts clients into a larger block (10.0.0.128/26) by default.
We then define firewall rules for each block, so that certain ranges are allowed out, with finally the default rule being Deny.


#7

This is actually pretty easy to set up using the User Groups and Bandwidth Control features available on the Balance 380 and higher:


You can then use the sliding scale to reserve or limit the bandwidth for the three User Groups:


Hope this helps…