Can I fake a static outgoing IP address?
A client has a control panel that is web accessible with a whitelist of IP addresses that can access the page for security reasons. I called my ISP to see about getting a static IP address thinking it would be a simple add-on. Unfortunately they only offer static IPs to their business customers, and the cheapest business package is significantly more than I pay now and provides a slower connection. It doesn’t seem the best solution.
Is there some networking magic or a service that can make my outgoing traffic appear to be a from a static IP? That way I can add that IP to the whitelist and not have to worry about updating it. Is there some way to “bounce” my traffic off of an external server so that IP would be the apparent source?
It seems like there should be an easy way to do this, but most of my searching turns up resources for resolving a hostname to a dynamic IP address, so I may not have the right terminology.
If it makes a difference I have a cable modem and use a router to set up a small internal network. Nothing fancy.
Observing members:
0
Composing members:
0
11 Answers
Yes, you can set up a static ip through your router. Usually connect to 192.168.1.1, then you need a login and a password. Some defaults are “admin…admin” “admin…password” or google the default administration password for your router.
If I understand your question…. Even though you have a dynamic IP with you ISP, it likely hasn’t changed in months. Have you monitored it? Use something like cmyip.com. If your modem stays on all the time, it most likely keeps the same IP for long periods. Of course, if the modem gets power cycled or reset, bingo, new IP (not always though).
@pdworkin – unless I’m misunderstanding, this would just give a specific connection a static IP internally. So for instance I could make my printer always 192.168.1.15 but any traffic that goes through my router to the outside world would still travel
internal network -> router -> cable modem -> ISP -> internet
So the ISPs address would still be the one seen when that traffic reaches anyone externally. Am I misunderstanding? Thanks for your help.
@UScitizen – That’s a good point and I’ve noticed the IP doesn’t change often, but I would be the backup resource for someone else going forward, kind of a “just in case the main guy is in Tahiti”, so we’d need to set up the whitelist and then it may be a year before I actually have to connect and it would only be if something was broken. If possible I’d rather not rely on the address not changing in the mean time. That’s also why I’m hesitant to pay the extra money for a “just in case” scenario.
Oh, sorry, I got it backwards. Some proxies will allow you to spoof a static external IP address.
If i understand your question right you need a “proxy server”, i.e. bounce your traffic off another computer (which has a static ip).
If you want a reliable proxy you are most likely going to have to pay for it (google “proxy service pay <your area>”), and you probably want one closely geolocated to you to minimize the lag it will create.
If you don’t care about reliablilty or legitimity there are plenty of free proxies out there (some of them hacked computers), google “free proxy” and watch out so you dont catch any viruses from the sketchy hits you will get. If you’re running a legit business or you are concerned about viruses or ping times/throughput you probably dont want to go that way.
If you just need the incoming addess to look static (i.e. you want your computer to be able to be found through a static address, ie mynicecomputer.no-ip.com, even though the ip-address is changing at random intervals) you need a dynamic DNS service. These have good free options and don’t create lag. www.no-ip.com is a good start. A dynamic DNS service won’t affect your “outgoing” ip.
Can the whitelist use a URL instead of a numeric IP? DynDNS.com gives you a free URL (like “myurl.dyndns.com”) that points to your dynamic IP.
Your router may have a built in updater to let DynDNS.com know when your IP address changes, or you can run client software on your PC to handle it.
Wait, now that I re-read your question it looks like you’ve found this already and it’s kind of backwards for what you need.
It’s possible to tunnel out to another server which has a static IP address.
If your client’s address filter supports IPv6 (and it had better, this late in the game) then you can get this service for free from Hurricane Electric (you actually get a whole /64 subnet with this if I’m not mistaken).
If it does not support IPv6 then you can google “tunnel broker” and find an equivalent service.
If your client has a VPN, then you might see if they will allow you to connect to it. This would give you a (potentially) static address local to their network.
@blueiiznh I’m afraid NAT would not work in this case because it does not affect the external IP address, which is provided by the upstream network access provider.
Also, IP address filtering is no damn good for security. It’s way too easy to spoof an IP address. I realize you probably don’t have much influence over your client’s network admin, but they really should be using (at minimum) SSL with a key-exchange setup like OpenSSH has.
Ok, firstly let me explain, there are two addresses people are getting confused with here. You computers IP address which is a private address & usually something like 192.168.1.x, this can be made static, like a printer as someone else suggested but when you go out on to the internet the address that is visible will be the one assigned by your ISP. ISP leases usually change or renew once every 3–5 days (you can usually find this information on your router). If you router is always on & connected then your IP may not renew but keep the one it is already using (in some cases).
DynDNS as jaytkay said notifies you if your ISP IP address has changed you could use this & then notify your client of the new IP address that needs to be allowed, but this is not really a solution. To be honest I’m surprised that someone is using IP addresses as authentication as this is a security risk because they can be spoofed easily enough. You could do it with a cisco router but you will need someone with good networking skills to configure NAT.
Oh, sorry, I got it backwards. Some proxies will allow you to spoof a static external IP address.
>>>>>>>
ya i agree
Answer this question
This question is in the General Section. Responses must be helpful and on-topic.