this post was submitted on 26 Nov 2023
3 points (100.0% liked)

Homelab

371 readers
9 users here now

Rules

founded 1 year ago
MODERATORS
 

Howdy,

I'm going to apologize in advance if this is a simple question, but my google-fu is not getting me results.

I have a 3D printer. This printer allows me to connect it to my local network so my PC can send it files. I can see it attempting to communicate out to the internet via my PIhole however. How can I block it from attempting to reach out but still allow it to connect to my PC?

top 13 comments
sorted by: hot top controversial new old
[–] blentdragoons@alien.top 1 points 11 months ago

put the device on a secure vlan that has no wlan access

[–] viking@infosec.pub 1 points 11 months ago

Depending on your router, you should be able to simply block all outbound connections for the IP address the printer is assigned. Usually under firewall settings somewhere.

[–] jws_shadotak@sh.itjust.works 1 points 11 months ago

If you're viewing all that from your PiHole, you should be able to blacklist the domain straight from that interface.

[–] drinkplentyofwater@alien.top 1 points 11 months ago

use the pihole, block the domains it's reaching out to

[–] Adenn76@alien.top 1 points 11 months ago (1 children)

If you are seeing it in PiHole, you can just block it in PiHole, that is part of the purpose behind it. Find it in the list and select block.

[–] groque95@alien.top 1 points 11 months ago (1 children)

This might work for some devices but it won't work for devices that phone home using IP instead of a domain.

[–] dorsanty@alien.top 1 points 11 months ago (2 children)

Very few services would set themselves up this way. Putting IPs into device firmware/software limit the ability for the companies to change without rolling out updates and tracking adoption, etc.

I’d be curious to know if any common or popular devices are known to use IPs to phone home.

[–] Adenn76@alien.top 1 points 11 months ago

Agreed.

Also, if you are running PiHole, HOPEFULLY you are also running a firewall. You should be able to easily block the IP address and / or domain at that level as well.

Of course the other option, as others have mentioned, is to get rid of the default gateway so it can't access the Internet to begin with.

[–] reddit-MT@alien.top 1 points 11 months ago

MS Windows uses IP addresses for some things, last I checked.

[–] Exzellius2@alien.top 1 points 11 months ago (1 children)

Consumer thing: if you are running a fritzbox router: there is a checkmark in the network tab for the device to block internet access for it.

[–] SeirWasTaken@alien.top 1 points 11 months ago

this also works for Asus routers

[–] reddit-MT@alien.top 1 points 11 months ago

Give it 127.0.0.1 as its default gateway or block it at your router.

[–] DWolfUK40@alien.top 1 points 11 months ago

Some more details may help here.

What printer is it and what’s it reaching out for?

As said, setting up static ip and removing the gateway will usually be enough. Vlans are the better option but steeper learning. I’d be interested to find out what it’s doing though. Knowing what you’re working with may help others advise you more specifically.

If it’s checking to find time or for updates then it’s probably harmless. Do you need internet to enable any features like remote send or monitoring and the like?