Static IP address

mainly nagging, even if you have a static IP, AVG will still probably say "your IP addr is visible to everybody" which is true with or without a static IP.

What *is* the advantage of a static IP address on the WAN? Is it simply that you don't need to use a DDNS service such as no-ip.com to track your changing IP so people can still access computers on your LAN via port-forwarding? Or is there any other advantage?

I think its very much a two edged sword. So if it gets black listed its your fault. If you have a rotating one then every time it changes you pick up a new one and its history becomes your history.

It also means any detected vulnerabilities are more easily shared.

In either case I would expect AVG to try and sell you a VPN where instead of using your own IP address you use one associated with the VPN company so you get the history of every one who used that VPN to mus-behave.

I think unless you want to run services you don't need it.

Dave

For me I use static IPs for inbound connections, and to whitelist my IP on customer firewalls.

I've never been keen on dyndns type services that use oddball protocols, there are very few DNS providers that use proper dynamic updates, gradwell stopped doing it, @portfast still do.

Also you can get reverse DNS with a fixed IP, dynamic IPs tend to include "telltale" names that it's not static and some servers (particularly SMTP) object.

Yes.

Most mail servers reject all traffic from non-static IP addresses (they have lists of them) except for authenticated connections for their own customers. If you have a recognised static IP address you can route your own e-mail directly (so you have more control over getting notifications quickly about delayed mail).

I can't think of anything off-hand other than those two.

For most users there's no other advantage. But there are some odd cases where it's needed. For example I maintain a remote system where I need the ability to login and run system commands. For security the remote system firewall only allows login access from authorised IP addresses so I need a fixed IP.

Ok all. I knew this would quickly move way above my head:-)

I'm due for a Broadband contract renewal this Summer so I'll see what that brings.

Thanks.

Unless you know the answer already, the answer is almost certainly not.

I operate a fixed IP address because I have servers out there on the internet at large and I can use a simple firewall to allow my IP address to access them, and only my IP address.

In addition I operate a home server that is, via passwords and encryption, accessible using that single static public address.

These are the two sole cases where it is useful or mandatory. In all other cases it is unnecessary.

The odd thing is that since the demise of dial up modems, the ISP has to have as many IP addresses as it has customers, and the configuration change to make them static is trivial, and there are massive advantages in knowing which of your customers is running a botnet.

My conclusion is they don't give a f*ck about policing their customers. Only charging you for something that costs them nothing to provide.

My ISP wont allow dynamic addressing at all. It's static or nothing. They know who is doing what.

The fact that you have to ask suggests its irrelevant to you.

See my my post. If you have a VPS out there on the internet, you can set its firewall simply to allow your IP alone full or at least greater access to it.

Now that isn't the only solution, but its a very simple and foolproof one.

Wot e sez times 1000.

Not usually...

It might reduce the (very small) risk of someone else's malicious activities being incorrectly traced back to you.

Probably not that either. (AVG don't supply static IPs)

So probably not much need for it. The usual cases where a static IP can help are:

If you need remote access back to your own network from outside - say you need to VPN back into your system. Of if you want to run a public facing server on your own network.

Or, if you routinely remotely administer other servers from home, then having a fixed IP at your end, means you can configure the remote servers to only listen to incoming connections from your IP address - which enhances their security a bit.

So all in all, not things most users will need to do.

It is often useful to have a static IPv4 address if you are using VoIP phones as it avoids the need to rely on application layer gateway software in the router which is not always very reliable.

Some service providers use "carrier grade NAT" where multiple customers share the same dynamic IPv4 address. This prevents most of the tricks that take place behind the scenes to allow NAT to work from being effective .

Probably true - but you really don't want to use a service provider who uses CG-NAT if you can help it.

John

Ok. As far as I understand things, it is not helpful to my current use and, unless required by a different service provider, not beneficial.

Thanks all.

In message snipped-for-privacy@googlegroups.com, John Walliker snipped-for-privacy@gmail.com writes

VoIP is a future problem. I may be gone:-)

Rural service and no rush to provide fibre.

How does one discover if a service provider is using CG-NAT anyway?

Depends on what you mean by internet security. It actually makes that much worse in the sense that you are much more trackable.

That's wrong if you do any torrenting. That makes it much harder to track your torrenting.

You can ask them! I recently asked Community Fibre this very question and was told that although both their IPv4 and IPv6 addresses are dynamic they do not use CG-NAT. (They do provide static IPv4, but it costs several pounds per month per address.) In that particular case I was able to get several VoIP phones on a dynamic NATed address working properly so long as I activated the SIP ALG function in the Velop router they provided.

If you have a Virgin Business account then it is best to avoid static addresses because these are implemented using a GRE tunnel which is unreliable. I discovered this the hard way.

John

I run a home server, which all our mobiles use for email, and I occasionally use for webmail and file access from work. When I used DDNS, I could not access it through DDNS from work, although I could get the current IP address from the DDNS service and directly access it. A fixed IP solved that and I can access it directly via my domain name.

Ok John.

I'm going to leave well alone:-)