IP address blocked by MSE

AndyPix

onomatopoeia99 wrote: »

Having a public IPv4 address does not mean that it is not behind a firewall .

Errm - yes it does - that's exactly what it means

debitcardmayhem

This morning I am getting plagued by Captchas on this site (MSE), and they(cloudfare) are trying to point me to add PrivacyPass add-on for Firefox/Chrome ... as if :eek:..

• Access your data for all websites
• Access browser tabs
• Access browser activity during navigation

Smells of invasion of privacy in a big way

debitcardmayhem

AndyPix wrote: »

Errm - yes it does - that's exactly what it means

No it doesn't, the printer is not necessarily directly connected to the internet.

arciere

debitcardmayhem wrote: »

No it doesn't, the printer is not necessarily directly connected to the internet.

You can access a device from the internet if it's behind a firewall and everything is set up to allow access (port forwarding, etc...).
BUT, if you set up the public IP address directly on your device, then there can't be any firewall, simply because a public IP address is unique, if it goes to device A it can't go to device B at the same time.

To clarify further, many HP printers have something like this in their web interface:
http://IP_OF_PRINTER/hp/device/this.LCDispatcher
Do a Google search with the 'hp/device/this.LCDispatcher' string and see how many printers you get with a public IP address assigned to them.

AndyPix

debitcardmayhem wrote: »

No it doesn't, the printer is not necessarily directly connected to the internet.

So if its behind a firewall then it will be accessed via the firewall IP with a port forward, not its own public IP


Come on Debit - put your thinking cap on - you cant have a public IP inside a subnet on your network .. It doesnt work like that !

Slithery

arciere wrote: »

BUT, if you set up the public IP address directly on your device, then there can't be any firewall, simply because a public IP address is unique, if it goes to device A it can't go to device B at the same time.

AndyPix wrote: »

So if its behind a firewall then it will be accessed via the firewall IP with a port forward, not its own public IP!

Neither of these are true. You could either have a firewall on the printer, or use a firewall on the subnets gateway that performs filtering without providing NAT.

arciere

Slithery wrote: »

Neither of these are true. You could either have a firewall on the printer, or use a firewall on the subnets gateway that performs filtering without providing NAT.

I'm not sure why this discussion is going all over the place.
If you set up a public IP address on your printer, then your printer will have DIRECT ACCESS to the internet (and vice-versa). If the printer has an integrated firewall (??) or can make decaf lattes, doesn't concern me. The fact is that you have a printer which is directly facing the internet (which is something that, 99% of the cases is useless, a security flaw and unnecessary).
Firewall on the subnets gateway? If I understand what you mean, then what's got the public IP address is the gateway, NOT the printer.

AndyPix

Slithery wrote: »

Neither of these are true. You could either have a firewall on the printer, or use a firewall on the subnets gateway that performs filtering without providing NAT.

^^ OK so some printers have a very basic firewall built in that can restrict access to certain IP addresses but that is being really pedantic as it is one in the same device ..


As for your other comment, what subnet's gateway would that be ??
You have access to internet infrastructure do you ?


You have clearly either misunderstood - or have no clue of what you are talking about


edited to include original quote

Slithery

It seems to work OK on my network

I run a few servers at home for which I've purchased a /29 block of addresses, for this example lets call it 1.1.1.0/29. This gives me 8 different addresses (1.1.1.0-7), 6 of which are usable (.0 and .7 are reserved for the subnet ID and broadcast addresses respectively).

As the 1.1.1.1 machine which I use as the gateway for the rest of the subnet is the only one physically connected to a WAN connection then all inbound traffic hitting machines .{2-6} has to pass through it, meaning it can perform firewall functions for the rest of the subnet.

As I say, it's worked for me blocking inbound requests to my public IP's for years now.

arciere

Slithery wrote: »

It seems to work OK on my network

I run a few servers at home for which I've purchased a /29 block of addresses, for this example lets call it 1.1.1.0/29. This gives me 8 different addresses (1.1.1.0-7), 6 of which are usable (.0 and .7 are reserved for the subnet ID and broadcast addresses respectively).

As the 1.1.1.1 machine which I use as the gateway for the rest of the subnet is the only one physically connected to a WAN connection then all inbound traffic hitting machines .{2-6} has to pass through it, meaning it can perform firewall functions for the rest of the subnet.

As I say, it's worked for me blocking inbound requests to my public IP's for years now.

What you are describing is a NAT. What's using those IP addresses is your (only) device connected to the external network. Then you can decide to forward (NAT, bridge, whatever) traffic directed to one of those IP addresses to a specific device. In this case, your printer does not have any access to a public address. If you set up a public IP address on it, nothing will happen.
You can get a similar set up with one IP only, if you move one device to the DMZ. All the connections to your (public) IP address will go to that device, but that's not because that device is using your public IP, rather the firewall is forwarding all the traffic to that (internal) address.