1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restrict remote admin access from WAN to specific MAC address?

Discussion in 'Tomato Firmware' started by mvsgeek, Feb 7, 2012.

  1. mvsgeek

    mvsgeek Addicted to LI Member

    I want to restrict remote admin access on port 8080 to only my Droid phone, which has a known MAC address. Can this be done in the firewall script, with something like this?

    iptables -A INPUT -p tcp --dport 8080 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
    iptables -A OUTPUT -p tcp --sport 8080 -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
    iptables -A INPUT -p tcp --dport 8080 -j DROP

    Tried the above, but I can still connect from a different MAC address. FWIW I'm a complete iptables newbie, so be gentle with me. Is the Droid's MAC address even passed to the router if it's coming from a Verizon 3G connection?

    Is there a better way to accomplish this?
  2. humba

    humba Network Guru Member

    No, and therein lies your problem.
    I'd recomment disabling management via WAN, load an OpenVPN client to your droid, set up OpenVPN on Tomato, then connect to your router using OpenVPN and manage the router via the LAN interface (your OpenVPN connection will terminate on your LAN).
  3. mvsgeek

    mvsgeek Addicted to LI Member

    Thanks Humba, I've disabled WAN admin access, and I'll look into the VPN method you suggested. In the meantime I found a neat little SSH client for the Droid called ConnectBot, which lets me reboot my main router remotely when I've lost WDS connectivity to it. That's really all I was looking to do for now.

Share This Page