MAC addresses are not preserved through IP routing, and are not preserved through IPSec IP.
If the MACs you want to filter on are the ones at "me", then in order to have them reach "MAC filter", you would have to use a Layer 2 VPN, which is not available on the BEFSR41 itself.
Do you all have static IP addresses? I note you have a cable modem in the mix; in these parts, unless you pay extra, you do not receive a static IP on residental broadband connections. (The cable IPs here don't change all that often, but do change; the DSL connections here change IPs at least once a week.)
I don't know what the filtering capabilities of the BEFSR41 are. The filters on the BEFVP41 have to do with blocking -outgoing- access; if I recall correctly the filters on the BEFW11S4 are very similar (I don't have mine plugged in right at the moment.) My understanding is that the BEFSR41 is very similar to the BEFW11S4 except with no wireless.
The easiest place to put in the IP filters would likely be the FTP server... but first you have to be sure that the IPs aren't going to vary (and that there isn't any legitimate reason to reach the FTP server when, for example, you are visiting your folks for the holidays.)
True, we have "dynamic" IP addresses, but mine has not changed in 6 months and since our region is not in active buildout further changes are unanticipated - we'll just cross that bridge when we come to it. No, there's no need to access the server from Aunt Nettie's house.
Unfortunately the Linux server is '3rd party' and inaccessible, at least not without voiding the warranty :-) or should that be :-{ Now maybe someone can tell me how to block IP with Linux ...
Can any router or firewall block IP addresses for incoming traffic?
I was going to say that "any firewall can do it", but these days what are sold as "firewalls" to the consumer are not necessarily very configurable.
Selective service by IP is very common in real firewalls, and not uncommon in real routers. For example, as best I recall, it can be done with all of the routers sold under the Cisco brand name (except perhaps some of the early SOHO series); I am not familiar with the newer Linksys-branded Cisco devices to know if any of them support it.
I see I deluded myself about the Linksys capabilities. Thanks for putting me straight!
I "spoke with" the Indian/Packistani at the Linksys/Cisco support group and he said I could block IP, but now I see that there was a misunderstanding of which direction I was talking about!
Is there any s/w that could run on the "bridge" above that could block all traffic that did not match a list of IP addresses?
Not without major pains, and it would be rather pointless anyway, because MAC addresses can be spoofed most easily. If you want to approve users: use proper authentication.
How did you configure briding on the XP? The most natural way to configure that connection would be to use routing instead of briding. The way to configure bridging on XP doesn't spring to my mind at the moment.
You could possibly use something a simple as Windows XP Firewall.
The way to put on ip filters on Linux depends on the Linux version, I believe. These pages might help:
I want to block any IP that's not pre-approved or is unauthenticated. I want to use hardware or WinXP-pro-sp2 software I would rather Not use a VPN. I want something that is bonehead simple (even if I have a degree from MIT)
What about FTPS with proper user authentication? Just let all the connections from unapproved IP come through, as long as they can't authenticate your server should deny every access.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.