Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

Question

We use an external service that requires ports to be open and redirected to internal printers, to be able to receive and print. &nbsp;Hackers are scanning for open port and sending "improper" printouts to our printers. &nbsp;Is there a way to "whitelist" an IP range so ONLY the IP addresses in that range are allowed access to those ports?

CrimpOn · Answer

You did not say what brand/model of printers are involved.&nbsp; In addition to trying to block the most common types of port scanning (ping, etc.), it might be worth a few minutes to Google "how to block IP addresses from printing."&nbsp; For example, there is thread on an HP help site:
https://h30434.www3.hp.com/t5/LaserJet-Printing/Restrict-printing-by-IP/td-p/5981470
&nbsp;
At message 4, "John" talks about setting up an old Windows PC as a print server, which enables all of the capabilities of Windows Firewall.&nbsp; He also talks about capabilities inherent in the specific HP print server they were discussing.&nbsp; A PC is certainly more expensive than a ream of dirty pictures, but also less costly than a hostile workplace lawsuit.
&nbsp;
Their specific problem was related to the print server being able to block access to port 80, but not blocking access "directly to the printer."&nbsp; What IP port(s) are being used remotely to access your printers?

FURRYe38 · Answer

What is the Mfr and model# of the ISP modem the NG router is connected too?
&nbsp;&nbsp;
Is Port Scan and DoS Protection Enabled and Respond to ping requests on internet port Disabled?&nbsp;
https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do

Owen6936 · Answer

We use several ports, like 9001, 9002, 9003, 9004, 9005, 9100. &nbsp;They are mapped to an internal IP address on the internal port of 9100, using the "gaming" section of the router.
&nbsp;
port: 9001, redirected to 192.168.1.42 port 9100 (as an example).
&nbsp;
There is only one outside range of IP addresses that I want to Allow access (passage) to and through these ports. &nbsp;I want to deny every other attempt/access.
&nbsp;
The ISP is Sudden Link, they provided a ARRIS Touchstone SB6183. Modem.

CrimpOn · Answer

Do you have the consumer Orbi or the corporate Orbi?
&nbsp;
(I don't know that this matters.&nbsp; I have no knowledge of how the corporate Orbi differs except that people claim in the forums that it is more stable.&nbsp; Maybe the corporate model has more "corporate features"?)

CrimpOn · Answer

Let me guess, a VPN is not under consideration because the external service connects to printers for numerous clients and needs to treat them all alike?&nbsp; Have you asked the service if any of their other clients experience the same sort of unauthorized use of printers?&nbsp; (Maybe some have andn have implemented solutions.)

Forum Discussion

Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

7 Replies