[Discuss] printer issue vs Lan Isolation

jbk jbk at kjkelra.com
Sat Jun 25 08:52:49 EDT 2022


On 6/24/22 20:46, Jerry Feldman wrote:
> IMHO the printer should be on the LAN. Connecting it to the computer means
> that the computer needs to be running for the printer to be accessible to
> other systems.
>
> --
> Jerry Feldman<gaf.linux at gmail.com>
> Boston Linux and Unixhttp://www.blu.org
> PGP key id: 6F6BB6E7
> PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6
> B B6E7
>
> On Fri, Jun 24, 2022, 8:38 PM<epp at null.net>  wrote:
>
>> Another issue with the Asus - when it was functioning as a standard
>> router, was that it would not enable IPv6. The only way it could be used
>> for both IPv4 and 6, was to configure it as an AP. There are settings in
>> its firmware to enable IPv6 when used as a standard router, but none of
>> the settings worked.
>>
>> Is it the general opinion that a printer should be directly connected to
>> the computer, rather than via Ethernet/WiFi?
>>
>>
>> On 6/24/22 20:16, Jerry Feldman wrote:
>>> The issue you raise is privacy. If you use the isp provided gateway or
>> your
>>> own replacement, devices will get up addresses from that gateway's nat.
>> If
>>> you get a router, and set it up to manage your lan, you are insulating
>> your
>>> devices from the network. Of course, if you want a device accessible from
>>> the outside, that is a different story.
>>>
>>> --
>>> Jerry Feldman<gaf.linux at gmail.com>
>>> Boston Linux and Unixhttp://www.blu.org
>>> PGP key id: 6F6BB6E7
>>> PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6
>>> B B6E7
>>>
>>> On Fri, Jun 24, 2022, 7:51 PM<epp at null.net>  wrote:
>>>
>>>> Comcast will allow a customer to use a personally-owned modem, if this
>>>> is what you're referring to. They have a list online of the approved
>>>> modems, that I presume were tested to ensure they work.
>>>>
>>>> I have an Asus router that is configured as an access point, which I
>>>> have used in the past. As an AP, the devices on the internal network
>>>> would pull IP's from the Comcast gateway, but are physically/WiFi
>>>> connected to the AP. A negative to this, is that (unlike the Comcast
>>>> gateway) the router/AP will not allow the same SSID to be used for both
>>>> 2.4 and 5.0 GHz WiFI.
>>>>
>>>>
>>>> On 6/24/22 19:04, John Abreau wrote:
>>>>> I generally recommend minimizing the amount of trust you give to your
>>>>> ISP. I've switched between different ISPs over the years, and if the
>>>>> ISP insists on providing its own wifi router, I would connect only one
>>>>> device to that router: my own personal wifi router.
>>>>>
>>>>> My internal home network is always under my personal administrative
>>>>> control, and I only use the ISP to transport bits back and forth
>>>>> between my private network and the public Internet.
>>>>>
>>>>>

I was a bit concerned after I got cable (Comcast) and 
discovered that they had complete access to my internal 
network. So I decided with the help of another blu member to 
make the comcast router a pass-thru device to my own router 
that I flashed with a known linux router software, in my 
case it is dd-wrt. The important thing here is to get an 
actively maintained router OS so that you can get security 
updates on a periodic basis. dd-wrt provides new builds 
every 3 days or so. Now no-one has direct access to my 
internal network. I have no open ports to the www side. The 
weak link is now the wifi vulnerability to local attack via 
password cracking.

The printer is on the lan and is so old that I doubt there 
is any recent updates for it.


-- 
Jim Kelly-Rand
jbk at kjkelra.com


More information about the Discuss mailing list