Solved Block mac address within LAN for NAS

Currently reading
Solved Block mac address within LAN for NAS

78
11
NAS
DS412+
DSM's firewall setting can block LAN IP address for access to NAS, but DHCP can always assign that PC a new IP, so ...
could anyone tell me if possible or how to block a PC with its mac address ( this can be obtained from router interface)

thanks!
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
What's the real-world problem you're trying to solve?
 
1,678
716
NAS
DS220+ : DS1019+ : DS216+II : DS118 : DS120j : APC Back UPS ES 700 — Mac/iOS user
I believe it’s not possible with DSM’s firewall. This is usually done at the switch.

However, you can do it with IP addresses if the situation permits, by assigning the clients that you want to allow access a static or a fixed IP address (allow them in DSM’s firewall) and block everything else.

Of course this doesn’t fully prevent a user from changing the blocked client’s IP address manually if they’re determined.
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
thanks you 2 for stepping by.

Case is explained in OP. I am afraid this can only be manipulated by SSH access into iptable .

/regards
The sort of thing I was wondering...
  • Is this a home or business environment?
  • Are you looking for a one-person hack to implement and maintain the 'fix', or a process that can be followed by an operations team?
  • Why is the device the problem and not the user of the device? What's the security posture being combatted?
  • Is the device to be blocked running as a client device (users) or a server (headless/ Insecure of Things type)?
  • Is all access to the NAS to be blocked? Or just some services?
  • Is the NAS accessible from the Internet? Wouldn't the device just get loopback access to the NAS via the router?
  • Why is this device on the LAN/WLAN if it's not trusted?

MAC addressed can be spoofed too.
 
78
11
NAS
DS412+
During Corona period, I have a person temporarily resident in my home, who uses the WiFi is OK, but don't NAS shares.
 
1,199
397
NAS
DS418play, DS213j, DS3621+, DSM 7.0.4-11091
How would there be NAS access w/o NAS account, wi-fi, or otherwise?
 

fredbert

Moderator
NAS Support
Subscriber
1,838
750
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
OK. I don't permit guest access to NAS shares and UPNP for Media Server is set to only allow a few devices (MAC list allow/block list).

Sorry about the questions, wasn't obvious how a device needed blocking when there's user account access for the NAS services.

If you're using a WiFi router that can block LAN access to guest WiFi devices then that would be what you might be looking for. The SRM routers do this.
 
335
131
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
If your router doesn't have an isolated guest network, just get another cheap wireless router, connect its WAN port to a LAN port of your existing router, and put him on the new wireless router. Then he can get all the internet he wants, but Router #1's network should be isolated from him.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top