Hughesnet Community

Gen5 Public IP Address Range

cancel
Showing results for 
Search instead for 
Did you mean: 
Michael3245
Sophomore

Gen5 Public IP Address Range

Good Morning,

I am trying to set up a cloud server for my home network in AWS.

I am wanting to know the public ip address ranges so I can securely
lock down the device to only allow hughesnet ip addresses to connect.


Setting up a static ip will be too much work and it would be easy to
just program their firewall to look at the public facing Hughesnet ip
address only.


Could someone provide this information?

3 REPLIES 3
maratsade
Distinguished Professor IV

I know nothing about this topic...Wondering if someone like @MarkJFine could give you some info.

 

Michael3245 wrote:

Good Morning,

I am trying to set up a cloud server for my home network in AWS.

I am wanting to know the public ip address ranges so I can securely
lock down the device to only allow hughesnet ip addresses to connect.


Setting up a static ip will be too much work and it would be easy to
just program their firewall to look at the public facing Hughesnet ip
address only.


Could someone provide this information?


 

GabeU
Distinguished Professor IV

I found the following, but I don't know if any of it really applies to @Michael3245's situation. 

 

https://community.hughesnet.com/t5/Third-Party-Products/Does-Gen5-allow-a-public-IP-Adress-and-port-...

 

Still, it might be worth taking a look, just in case. 

I saw this before. My first impression is to discourage the use of a remote cloud server, which will be very slow because of the large amount of secure pinging that occurs (which won't be accelerated on a satellite network), and it will potentially use up all of your data very quickly. Also, cloud servers/hosting sites are notorious for being targets for hacking, malware, and other miscreants trying to mask their deeds behind an anonymous (and dynamic) IP. [I'm looking at you Amazon, Microsoft, Oracle, OVH, DigtalOcean...]

 

First, you'll go absolutely nuts trying to filter by IP range, mainly because it changes (as you know), and secondly because it doesn't only show up as IPv6. Sometimes the IPv4 gets recognized instead - I've seen this happen on Wordpress sites. The answer is going to be complicated because it's out of your control, and secondly it doesn't rule out the fact that you're still allowing others on the broader network to gain access. You're only going to gain a small amount of security.

 

Second, what if you need to access it from a mobile location for some reason (you go on travel somewhere, etc.), which means you'd have to add the range for your phone carrier if you're using a mobile hotspot, making the whole thing vastly insecure... You would not believe the amount of absolute hijinks I see coming from mobile IPs from phones with malware on them.

 

Your best bet is to forget IP filtering entirely. If you had a way to use MAC address filtering and a way to manage it that'd be much better because you'd be restricting devices, not IPs.

 

Even better would be to augment your authentication with a 2FA system using Google Authenticator. That way you can guarantee the user's login and MAC address weren't spoofed, and the user was able to provide the correct RSA code in the past 60 seconds.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.