- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
We use an external service that requires ports to be open and redirected to internal printers, to be able to receive and print. Hackers are scanning for open port and sending "improper" printouts to our printers. Is there a way to "whitelist" an IP range so ONLY the IP addresses in that range are allowed access to those ports?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
What is the Mfr and model# of the ISP modem the NG router is connected too?
Is Port Scan and DoS Protection Enabled and Respond to ping requests on internet port Disabled?
https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
You did not say what brand/model of printers are involved. In addition to trying to block the most common types of port scanning (ping, etc.), it might be worth a few minutes to Google "how to block IP addresses from printing." For example, there is thread on an HP help site:
https://h30434.www3.hp.com/t5/LaserJet-Printing/Restrict-printing-by-IP/td-p/5981470
At message 4, "John" talks about setting up an old Windows PC as a print server, which enables all of the capabilities of Windows Firewall. He also talks about capabilities inherent in the specific HP print server they were discussing. A PC is certainly more expensive than a ream of dirty pictures, but also less costly than a hostile workplace lawsuit.
Their specific problem was related to the print server being able to block access to port 80, but not blocking access "directly to the printer." What IP port(s) are being used remotely to access your printers?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
We use several ports, like 9001, 9002, 9003, 9004, 9005, 9100. They are mapped to an internal IP address on the internal port of 9100, using the "gaming" section of the router.
port: 9001, redirected to 192.168.1.42 port 9100 (as an example).
There is only one outside range of IP addresses that I want to Allow access (passage) to and through these ports. I want to deny every other attempt/access.
The ISP is Sudden Link, they provided a ARRIS Touchstone SB6183. Modem.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
Do you have the consumer Orbi or the corporate Orbi?
(I don't know that this matters. I have no knowledge of how the corporate Orbi differs except that people claim in the forums that it is more stable. Maybe the corporate model has more "corporate features"?)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
Let me guess, a VPN is not under consideration because the external service connects to printers for numerous clients and needs to treat them all alike? Have you asked the service if any of their other clients experience the same sort of unauthorized use of printers? (Maybe some have andn have implemented solutions.)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
Correct, we are just one of their many clients.
Yes I have asked, they are they are the ones that said "add a white list to your router" but did not offer any further instructions nor have the expertise to advise where (in the router settings). In other words, they CONCEPTUALLY know how to fix the problem but not in Real Life.
I'm fairly good with IT and Routers but I have looked at every corner of the router setup and do not see anywere where I can add an "approved IP range" for Forwarding.
In short I need to open those ports for ONLY one range of external IPs.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -
I have Googled to no avail, but finally found products that appear to address this situation without being ghastly expensive.
Take a look at draytek.com. Amazon has their Vigor 2926 router at $250. I found examples on Google for how to set up filtering on their routers that restrict inbound traffic to certain external IP's.
Disclaimer: I have no idea whether DrayTek is any good (or not), or whether there are other brands that are better and cheaper. I also have no idea exactly HOW you would integrate it into your network. (Probably sit between the modem and the Orbi, with the modem connected to the WAN port and Orbi to one of the LAN ports?) The "firewall device" would probably get the IP address that the Orbi is currently getting from the modem and would assign a different IP to the Orbi. Would not have an effect on user devices in the 192.168.1.x space.
I don't know if I'm helping or wasting your time. Good Luck!
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more