Redirect clients based on MAC address - OpenWrt/LEDE

on OpenWrt (LEDE) router I have the following rederiction:

config redirect
    option proto 'tcp'
    option target 'DNAT'
    option dest 'lan'
    option _name 'Proxy for HTTP'
    option src 'lan'
    option dest_port '3128'
    option src_dport '443'
    option dest_ip ''
    option src_dip '!'
    list src_mac '!XX:XX:XX:XX:XX:XX'
    list src_mac '!XX:XX:XX:XX:XX:XX'

This code redirects all the clients to the proxy server. The rederiction works fine. But I would like to add some devices by MAC address should not be redirected to proxy. In the above code if there is only one MAC address then it works but if there are more than one it does not and the devices with listed MAC addresses are redirected to proxy. The MAC addresses are correct so it can't be the problem I think.

Do you have any idea what is the problem?

If you need more detailed information please ask.

Thank you!

1 Like

Just a guess:
Try to set up one single config redirect for each single MAC adress

I think the rule will only work if all conditions (here: two or more MAC adresses) match for the current Data-Package to be tested. And no Data-Package has more than one MAC , so the conditons will never match and all devices pass this rule.

Hope that helped

Anything based on MAC addresses can be trivially spoofed, if it is security related. If it's for convenience, you can either set up static IP addresses for the devices you want to route differently, or host reservations in DHCP. Much easier to route based on source IP and no less "secure" than MAC address.