An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 2 of 3 1 2 3
Re: Wireless Security
slolerner #37487 11/28/15 10:06 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
My IP range is 192.000… and I have a static IP on the range extender connected to the printer otherwise if I reboot the router, I have to find the printer again by having the print server print a page 'telling me' where it is and have to reset the print control panel. (note: if the Internet is slow or not working it doesn't effect my printer right now and I don't want to change that.)

If your range extender's IP address is actually 192.000.xxx.xxx then it is outside of the "reserved" range recognized by standards compliant routers and can be distributed to the internet at large. To reiterate the IP addresses "reserved" for use on Local area networks are:

Code:
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
169.254.0.0 to 169.254.255.255


LAN IP addresses are assigned (leased) by your router via DHCP (Dynamic Host Configuration Protocol). You can assign fixed IP addresses within the range 192.168.0.0 to 192.168.255.255 but unless you limit your router to a subset of the range there is a possibility the router may assign your fixed IP address to a device other than your printer creating a network conflict. For example configure the router to assign IP addresses in the range 192.168.255.0 to 192.168.255.100 and assign your printer a fixed IP address above that range, say 192.168.255.101 and there will be no possibility of conflict and the printer address will not be routed outside of your LAN. However, even if you do not limit the range of assigned IP addresses, if you choose an address for the printer near the top of the range, say 192.168.255.254 a conflict is still possible but unlikely to occur.

Originally Posted By: slolerner
Note: On the link you gave, it appears there is not a DNSCrypt version for OSX 7.5. Is OpenDNS something that will run well without it?

Yes. While DNSCrypt was OpenDNS project, it has been spun off into a separate open source project DNSCrypt.org and there are now in addition to OpenDNS there are a number of other DNS servers throughout the world that have DNSCypt resolvers.

Originally Posted By: slolerner
Does DNSCrypt encrypt your browsing history, I mean, is it just for privacy or is it for security, or just to assist openDNS?

DNSCrypt does not encrypt anything within your computer rather it encrypts the DNS queries — requests for IP addresses. It does not assistOpenDNS per.se. rather it protects DNS requests as they travel between your computer or other internet device and the DNS server and as alluded to previously there are now a number of DNS servers that have DNSCrypt resolver capability other than OpenDNS.

Originally Posted By: slolerner
And, does using OpenDNS make it difficult for someone who comes over to connect to my network? And am I right that DNSCrypt lives on my computer and OpenDNS lives on the router?

DNSCrypt has nothing to do with logging onto your network or for that matter any network traffic on your LAN. As I said previously LAN IP addresses are resolved by your router and do not go outside of the LAN. The DNS server and DNSCrypt are only used for internet traffic outside of the LAN.

NAT (Network Address Translation) — which you indicated is turned off on your router — acts a bit like a firewall between your LAN and the internet by hiding device addresses on the LAN from the internet.

edited by MacManiac to fix a small typo in the printer address example for JoeMikeB...192.xxx -v- 1925.xxx.....

Last edited by MacManiac; 11/29/15 03:01 PM. Reason: Fixed a TYPO on the example IP address for Joe...

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37488 11/29/15 12:06 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I was wrong, the printer IP is 192.168.1.128

I turned on the NAT filter.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
MacManiac #37490 11/29/15 08:05 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: MacManiac
Artie, let's try to stay with troubleshooting in the non-lounge arena please....this comment doesn't lead the topic forward and in fact seems to be leading the topic sideways.

Sorry about that; I thought it was apparent that my cynicism wasn't meant to be the start of a dialog. (Yeah...I know. crazy )

Last edited by artie505; 11/29/15 08:31 AM. Reason: Better

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #37493 11/29/15 02:54 PM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
Thanks Artie, happens to me too.....


Freedom is never free....thank a Service member today.
Re: Wireless Security
joemikeb #37497 11/29/15 10:03 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: joemikeb
...but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values.

For now, can I just do this and forget about installing anything? This would make my network more secure, possibly faster, without having to change any LAN addresses? (I appreciate the explanations and have a better grasp of it now but I am dealing with issues from my recent second back surgery and can't sit at my computer for extended periods of time.)


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #37498 11/29/15 11:11 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
For now, can I just do this and forget about installing anything? This would make my network more secure, possibly faster, without having to change any LAN addresses? (I appreciate the explanations and have a better grasp of it now but I am dealing with issues from my recent second back surgery and can't sit at my computer for extended periods of time.)

Sure! But don't expect a speed increase in anything but the initial contact with a web site. Your LAN speed is hardware limited and internet download and upload are limited by your ISP, internet traffic load, and the site's servers.

If it is available for your OS X version DNSCrypt offers a modicum of extra network security but it is a small modicum. Since Artie505 brought up Trusteer Rapport, if it is available for your financial institution it provides more secure communications with that bank, but not anything else. Both are quick downloads, cost nothing, and require little or no setup or configuration. (You may have to quit and restart your browser.) Personally I put both products in the category of nice to have, but definitely not essential


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37501 11/30/15 12:44 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: joemikeb
...but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values.

Ok, so I'll do this for now and then maybe explore some other options later. (I'm in a painkiller haze.)


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
joemikeb #37504 11/30/15 06:00 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
If it is available for your OS X version DNSCrypt offers a modicum of extra network security but it is a small modicum. Since Artie505 brought up Trusteer Rapport, if it is available for your financial institution it provides more secure communications with that bank, but not anything else. Both are quick downloads, cost nothing, and require little or no setup or configuration. (You may have to quit and restart your browser.) Personally I put both products in the category of nice to have, but definitely not essential

Thanks for the perspective.

(Some of Trusteer's functionality actually is [was, anyhow] available for non-client banks, but I was never certain of its precise nature or usefulness.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #37512 11/30/15 05:49 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: artie505
(Some of Trusteer's functionality actually is [was, anyhow] available for non-client banks, but I was never certain of its precise nature or usefulness.)

That is interesting because as I understand it Trusteer Rapport is dependent on software running on both ends of the connection. Otherwise why would any bank pay for the service?


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
slolerner #37514 11/30/15 06:05 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
my go-to for DNS when I'm in the field is quick n dirty, and easy to remember

primary: 8.8.8.8
alternate: 8.8.4.4


I work for the Department of Redundancy Department
Re: Wireless Security
joemikeb #37531 12/01/15 07:29 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
Originally Posted By: artie505
(Some of Trusteer's functionality actually is [was, anyhow] available for non-client banks, but I was never certain of its precise nature or usefulness.)

That is interesting because as I understand it Trusteer Rapport is dependent on software running on both ends of the connection. Otherwise why would any bank pay for the service?

Responded to here.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #38071 12/31/15 10:33 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: joemikeb
I drank too many caffeinated beverages at the Thanksgiving feed today and now i can't sleep so i looked up your router manual to find out how to configure it to disburse the OpenDNS servers to devices on your network. Too bad your router is not compatible with Apple's Airport Utility, or it would be a lot easier, but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values.

I havent been able to sit at my laptop for awhile and am getting around to this now. Page 27 of the manual doesn't seem to give DCHP instructions, but my devices do have separate DCHP addresses.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #38079 01/01/16 12:27 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
I havent been able to sit at my laptop for awhile and am getting around to this now. Page 27 of the manual doesn't seem to give DCHP instructions, but my devices do have separate DCHP addresses.

Your devices have different DHCP addresses? confused

DHCP is not a device, it is a service provided by your network router so there is no DHCP address per se other than the IP address of your router.

DHCP service is used to simplify the process for devices joining a network. This Wikipedia article explains how DHCP works and the contents of the DHCP service message.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #38093 01/02/16 05:46 PM
Joined: Sep 2009
Offline

Joined: Sep 2009
I recommend the ebooks by Joe Kissell, Take Control of Mac Security and Take Control of Privacy at Take Control Books.

My understanding is that the IP address is dynamic, i.e. it changes periodically by the ISP, rather than static.

Re: Wireless Security
deniro #38095 01/02/16 08:12 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I thought the IP your service provider gives you is always static and can't be changed. I remember, and don't ask me how many years ago and why because I don't remember, I needed my IP changed because of some serious problem, and it could not be done.

Re: Wireless Security
slolerner #38102 01/02/16 11:19 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Around here a fixed IP address runs an extra $300 to $400 a month. Otherwise you lease an IP address usually for 24 hours or less. You may get the same IP address when the lease is renewed but that is not guaranteed. Fixed IP addresses are generally reserved for persons or businesses running their own web hosting server or having a business need to be transferring GigaBytes or TeraBytes of data up and down on a continuous basis.

See my previous posts on IP addresses in this thread.

Last edited by joemikeb; 01/02/16 11:21 PM.

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #38103 01/02/16 11:25 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Quote:
Otherwise you lease an IP address....

So that's what that "Renew DHCP Lease" button is for!

Thanks.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #38106 01/02/16 11:53 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Ok, so, since I can't figure out the DCHP stuff and my router, here:

https://www.flickr.com/photos/slolerner/albums/72157662399920719

Last edited by slolerner; 01/03/16 12:29 AM. Reason: different hosr=sting site
Re: Wireless Security
artie505 #38108 01/03/16 12:24 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: artie505
Quote:
Otherwise you lease an IP address....

So that's what that "Renew DHCP Lease" button is for!

Thanks.

Actually there are two "Renew Lease" buttons, one on the computer or network attached device and the other on the router. In either case the router signals the device when its lease has expired and the lease is automatically and invisibly renegotiated. The Renew Lease button is for the sole purpose of manually forcing the IP address lease to be renewed before it is up for renegotiation primarily as a troubleshooting technique.

When a device is attached to a LAN (Local Areea Network) it leases an IP address that by definition cannot be routed outside of the LAN. The Router on the other hand leases a WAN (Wide Area Network) IP address that provides access to the Internet from the IPS's router. If there is a network transaction outbound from a LAN device to an IP address that is not on the LAN the router appends a notation of what device originated the transaction to the message address and sends it using its own (the router's) WAN IP address as the return address. When the response comes back from the Internet the router the identifies the address notation it appended to the return address and routes the reply back to the LAN device using its LAN IP address. That process is called NAT (Network Address Translation) and the actual IP address of the device on the LAN is never exposed to the world.

NAT does two good things:
  1. If every device on every LAN had its own external IP address the internet the number of possible IP addresses would have been exhausted many years ago. That is going to happen and much sooner than later, but at least it has postponed the inevitable because the same LAN IP addresses can be used on every LAN without fear of conflict or mis-addressing.
  2. It provides an additional layer of protection and hiding for devices on the LAN. It isn't perfect and can be penetrated, but every additional layer of security helps.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #38131 01/04/16 07:35 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Thanks for that informative and understandable post. smile

Networking is the area of computing that I've had the most trouble getting into, and you've just given me a good "leg-up".


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #38142 01/05/16 12:55 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Ok, so now, back to my original issue, I tried to put in the settings for OpenDNS into my router as instructed for the model I have but it did not change the settings in the report section of the router like it should have and Instructions said if it didn't work there was a hiccup in the firmware version and to go back one step with the firmware? Ok, now no 2.4 Ghz network. Everything funky, speed test wouldn't run. Boom, had to reset everything back to factory defaults. (said "sorry" to Ira's net extender for putting it through this type of mess again.)

So, when I did the free, no sign up version, that's what happened, just got instructions. If I do the sign up version, is it going to do something different, like install it or just give me the same instructions?


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #38143 01/05/16 02:13 AM
Joined: Sep 2009
Offline

Joined: Sep 2009
I put new Open DNS settings in both my router and in my Network prefs in the Mac's System prefs. I don't know if I had to do that but I did.

Re: Wireless Security
slolerner #38144 01/05/16 05:48 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
So, when I did the free, no sign up version, that's what happened, just got instructions. If I do the sign up version, is it going to do something different, like install it or just give me the same instructions?

The instructions are how to change your setting to direct DNS queries to the OpenDNS servers and that is all you need to do. There is nothing to install. If you elect the paid version you have an account with OpenDNS and you logon there to set the additional constraints on what OpenDNS allows to reach you. Again there is nothing to install on your computer or router.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #38145 01/05/16 07:08 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
https://support.opendns.com/entries/4870...A6900-WRT1900AC

I did this and the last screenshot they show, under the troubleshooting tab, did not change as they said it would. So, I did what they said to do... See above what happened next.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #38146 01/05/16 10:01 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
I hate to ask this and please accept that no offense is intended. My question is based on a mistake I have made — more than once blush . After you went through the steps outlined in the OpenDNS instructions are you sure you clicked on the Apply button at the bottom of the router screen? If you answer is definite yes then skip to the next paragraph. If not go back and do it again and this time be absolutely certain you click on the Apply button.

The paid version of OpenDNS will give you the same instructions for setting up your router — no difference. The fact the instructions are not working is an issue you need to take up with Linksys Cisco, maybe they have a different set of instructions or even another firmware update for you to install. confused

While it would be simpler and easier to have the one setting on your router, until the problem with Linksys Cisco is cleared up you can still set the OpenDNS server addresses on your individual devices.
  1. In OS X
    1. In System Preferences > Network
    2. Select your active network and then click on the Advanced button
    3. Click on the DNS tab
    4. select any listed DSN server addresses and click on the minus (-) sign at the bottom of the left hand pane
    5. Click on the plus (+) sign at the bottom of the left hand pane
    6. in the field that appears enter 208.67.220.220 and press enter
    7. Repeat steps 5 and 6 twice and enter 208.67.222.222 and 208.67.222.220
    8. you should naw have all three IP addresses listed — each on its own line
    9. Click OK at the bottom of the window
  2. In iOS
    1. In Settings > WiFi
    2. touch the Info symbol (a letter i with a circle around it) to the right of your WiFi network ID
    3. scroll down to DNS
    4. Touch the line where the DNS IP address is listed and backspace the current IP address out
    5. enter the following including the commas 208.67.220.220,208.67.222.222,208.67.222.220
  3. FWIW most internet devices will allow you to set a fixed DNS IP but it may take digging through a lot of menus and/or if all else fails reading their network setup User's Guide to figure out where and how.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Page 2 of 3 1 2 3

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.042s Queries: 65 (0.029s) Memory: 0.7263 MB (Peak: 0.9121 MB) Data Comp: Zlib Server Time: 2024-03-28 16:22:57 UTC
Valid HTML 5 and Valid CSS