Secure Access via ports

Hi, I am new to OpenWRT and this forum. i googled but maybe wrong. anyways. I just installed OpenWRT on my Router TPlink Archer C7v5 and have one usecase:
I have a Synology and it is available through different ports for different apps.
Right now everybody with the adress can try to login. I want to secure this via the router so that only specific devices wil be forwarded to the port.
E.g. devices with white listed mac addresses. or a fingerprint (ios)
Must - via vpn/wifi without this security; limit attempts;
Nice2have: email notification if a device is being blocked

is this even possible? :slight_smile:

BR Raffael

if you want access control, you need to put a firewall (could be in the shape of a router) between
the clients and the NAS.
you have one, if we're talking access from outside your LAN - internet, but there's no such thing
if the clients are all on the same LAN as the NAS.

Unless you can get the same kind of functionality from the NAS itself.

  • Is this on WAN (i.e. the Internet) or LAN?
    • If WAN, cannot use MACs, as you only see the MAC of the other end (i.e. the ISP upstream connection)
  • If LAN, are these devices directly connected to the OpenWrt?
  • What different fingerprint would they make?
  • Is this before or after they make already made an IP connection (which is above Layer 2 - or MACs)? :wink: