× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

Owen6936
Aspirant

Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

We use an external service that requires ports to be open and redirected to internal printers, to be able to receive and print.  Hackers are scanning for open port and sending "improper" printouts to our printers.  Is there a way to "whitelist" an IP range so ONLY the IP addresses in that range are allowed access to those ports?

Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 1 of 8
FURRYe38
Guru

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

What is the Mfr and model# of the ISP modem the NG router is connected too?

  

Is Port Scan and DoS Protection Enabled and Respond to ping requests on internet port Disabled? 

https://kb.netgear.com/19957/What-does-Disable-Port-Scan-and-DoS-Protection-do

Message 2 of 8
CrimpOn
Guru

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

You did not say what brand/model of printers are involved.  In addition to trying to block the most common types of port scanning (ping, etc.), it might be worth a few minutes to Google "how to block IP addresses from printing."  For example, there is thread on an HP help site:

https://h30434.www3.hp.com/t5/LaserJet-Printing/Restrict-printing-by-IP/td-p/5981470

 

At message 4, "John" talks about setting up an old Windows PC as a print server, which enables all of the capabilities of Windows Firewall.  He also talks about capabilities inherent in the specific HP print server they were discussing.  A PC is certainly more expensive than a ream of dirty pictures, but also less costly than a hostile workplace lawsuit.

 

Their specific problem was related to the print server being able to block access to port 80, but not blocking access "directly to the printer."  What IP port(s) are being used remotely to access your printers?

Message 3 of 8
Owen6936
Aspirant

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

We use several ports, like 9001, 9002, 9003, 9004, 9005, 9100.  They are mapped to an internal IP address on the internal port of 9100, using the "gaming" section of the router.

 

port: 9001, redirected to 192.168.1.42 port 9100 (as an example).

 

There is only one outside range of IP addresses that I want to Allow access (passage) to and through these ports.  I want to deny every other attempt/access.

 

The ISP is Sudden Link, they provided a ARRIS Touchstone SB6183. Modem.

Message 4 of 8
CrimpOn
Guru

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

Do you have the consumer Orbi or the corporate Orbi?

 

(I don't know that this matters.  I have no knowledge of how the corporate Orbi differs except that people claim in the forums that it is more stable.  Maybe the corporate model has more "corporate features"?)

Message 5 of 8
CrimpOn
Guru

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

Let me guess, a VPN is not under consideration because the external service connects to printers for numerous clients and needs to treat them all alike?  Have you asked the service if any of their other clients experience the same sort of unauthorized use of printers?  (Maybe some have andn have implemented solutions.)

Message 6 of 8
Owen6936
Aspirant

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

Correct, we are just one of their many clients.

 

Yes I have asked, they are they are the ones that said "add a white list to your router" but did not offer any further instructions nor have the expertise to advise where (in the router settings).  In other words, they CONCEPTUALLY know how to fix the problem but not in Real Life.

 

I'm fairly good with IT and Routers but I have looked at every corner of the router setup and do not see anywere where I can add an "approved IP range" for Forwarding.

 

In short I need to open those ports for ONLY one range of external IPs.

Message 7 of 8
CrimpOn
Guru

Re: Whitelist external IP Range for Port Forwarding - ORBI RBR50 -

I have Googled to no avail, but finally found products that appear to address this situation without being ghastly expensive.

Take a look at draytek.com.  Amazon has their Vigor 2926 router at $250.  I found examples on Google for how to set up filtering on their routers that restrict inbound traffic to certain external IP's.

 

Disclaimer: I have no idea whether DrayTek is any good (or not), or whether there are other brands that are better and cheaper.  I also have no idea exactly HOW you would integrate it into your network.  (Probably sit between the modem and the Orbi, with the modem connected to the WAN port and Orbi to one of the LAN ports?)  The "firewall device" would probably get the IP address that the Orbi is currently getting from the modem and would assign a different IP to the Orbi.  Would not have an effect on user devices in the 192.168.1.x space.

 

I don't know if I'm helping or wasting your time.  Good Luck!

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 4744 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 7