Filtered Port Forwarding by Source MAC address. Now can't reach remote machine. Is there a way to feed the router the MAC over internet?

777funk · September 26, 2018, 4:43am

See title... I made the mistake of filtering by MAC and now I can't get to my remote machine. Is there a way to somehow feed the router the correct MAC (the one I gave it) over an SSH or the like?

lleachii · September 26, 2018, 2:40pm

Please be more clear, as MAC addresses are Layer 2 and are not seen over the Internet. You can only use IPs to filter devices not directly connected to the router (Layer 3).

All Global IP addresses possess the MAC address of the ISP equipment you connect the WAN port to.

777funk · September 26, 2018, 3:31pm

Screenshot_2018-09-26_10-28-30

Sure. Does this clarify? (Screen shot from LuCi >> Firewall >> Port Forwards)

And yes, MAC addresses are not seen over the internet.

This is for port forwarding (over the internet) so how is this filter meant to be applied?

vgaetera · September 26, 2018, 3:49pm

This is meant to be applied when your want the router to forward traffic between 2 LAN or to the host in the same LAN filtered by MAC-address.

lleachii · September 26, 2018, 4:00pm

Not necessarily. It depends if the other devices are Layer 2 (switch) or Layer 3 (router).

No, it didn't

LIKELY, IT SHOULD NOT BE APPLIED. IGNORE IT. YOU DO NOT HAVE A SITUATION WHERE THIS IS RELEVANT. I already noted that you cannot apply MAC filtering from IPs address coming via your WAN interface. You only see the MAC of your upstream ISP device (cable modem, fiber ONT, etc.).

777funk · September 26, 2018, 4:06pm

Right. I realized that you can't use it in a WAN situation (learned this by applying the shown LuCi MAC filter remotely and becoming locked out). My question in the first post was inquiring of a way to feed the router a MAC address in some way in order to get back in.

As far as clarification lleachii, let me know what you're wanting clarified and I will do my best.
thank you!

vgaetera · September 26, 2018, 4:24pm

The only way is obtaining link-layer access to WAN interface.
So your ISP can do it, or you can do it connecting to WAN interface directly.
If your router is remote host, you can ask somebody to run VPN/TeamViewer and connect to the router from LAN.

eduperez · September 26, 2018, 7:55pm

You need to convince your ISP to change the MAC address on the device at the other end of your WAN connection... good luck with that.

system · February 4, 2019, 11:54am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.