Odrive IP address range (for firewall)

spiffin · April 28, 2016, 6:49pm

Hello

I’d like to connect to my SFTP server via Odrive - but the firewall restricts connections from certain IP addresses only. Is there a list of Odrive IP addresses available I can allow through the firewall?

Thanks.

Tony · April 29, 2016, 11:09pm

Hi,
We don’t have a a static list of IPs to distribute, but this isn’t necessarily a problem. Even though our service may not be able to reach the endpoint, you can still reach it from the client, since all communication is direct. This can impact things like web client access and sharing, but client access will still work for you.

** EDIT **
Added possible IP ranges as of 2018-01-15. This list is not considered static and could change

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
108.59.80.0/20
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
130.211.4.0/22
35.229.0.0/17

162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
23.236.48.0/20
23.251.128.0/19
35.224.0.0/14
35.228.0.0/16

107.167.160.0/19
107.178.192.0/18
146.148.2.0/23
146.148.4.0/22
146.148.8.0/21
146.148.16.0/20
146.148.32.0/19
146.148.64.0/18
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20

130.211.8.0/21
130.211.16.0/20
130.211.32.0/19
130.211.64.0/18
130.211.128.0/17
104.154.0.0/15
104.196.0.0/14
208.68.108.0/23
35.184.0.0/14
35.188.0.0/15
35.206.64.0/18
35.202.0.0/16

35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.204.0.0/15

As reported by:
nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks4.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks5.googleusercontent.com 8.8.8.8

amazon1 · June 4, 2016, 12:20am

I want to link my private cloud FTP server to my oDrive account. This server is protected by a firewall. I use a whitelist to authorize access. Does anyone know the range or set of IP numbers that the oDrive servers would likely use in accessing my FTP server? I’ll enter these oDrive IPs into my firewall whitelist.

JeffL · June 5, 2016, 7:49am

@amazon1,

Please see Tony’s post earlier marked as the Solution.

Access from the desktop sync client to the FTP server is direct, so simply specify the external IP addresses that the computers running the sync client use.

NOTE: You wouldn’t be able to use our webclient to access the FTP servers, but I presume that isn’t a big deal since the sync client is the main user experience anyway. When initially setting up your link to the FTP server on your account, you may get a warning about us not being able to validate the FTP server credentials. But you can choose to “Continue Anyway” in order to save those settings. When the desktop client picks up the link, it should be able to connect directly to your FTP server.

-Jeff

amazon1 · June 6, 2016, 8:48pm

I’m a newbie with oDrive, so I’m not yet adequately knowledgeable about what oDrive has the capabilities to do. I’m asking this question about the oDrive servers IPs in a round-about interest to experiment with a purported capability of oDrive… I 'm looking to experiment with oDrive’s ability to sync/unsync folders and files on cloud servers to my Win7 desktop PC. Rather than syncing/unsyncing my content FROM my PC over TO one of my linked storage drives… I want to do the opposite… I want to create the oDrive pointer files & folders on my PC for content that is out on my cloud ftp server, for this cloud content that has never been (and may never be) on my desktop PC.

In setting up the new “Link Storage” option in the oDrive admin web gui, the process is asking me for all the connection info to connect and login to my SFTP server. This server of mine is behind a firewall that only permits connections to whitelisted IPs. I think what you’re explaining is that even though your server will fail this initializing connection test and report an error msg back to me, this isn’t a big deal since the actual work use of these connection details are going to come from the oDrive process running on my own desktop Win PC (whose IP is on my firewall whitelist)… and NOT your oDrive backend servers (whose IP is NOT on my firewall whitelist)

I’m still working on getting an FTP or SFTP connection to one of my cloud servers running… once I get this down… I’ll likely have other challenges trying to get this ‘reverse sync/unsyncing’ working. I’ll put those in new query posts here…

So to conclude… I better understand now why this “oDrive server IP for my FW white-list” is essentially unnecessary.

Thanks for your explanation.

Tony · June 6, 2016, 9:21pm

Yes. I think you’ve got it now, but just let us know if any other questions arise.

dan · January 15, 2018, 12:24am

Hey, I’m trying to do the same thing, and actually I’d rather not use the odrive client, but just the web interface. I use the odrive client on my laptop when I travel and it could be coming from a coffee shop’s internet conenction, or wifi on an airplane, or whatever, and I’d rather not add those IP ranges to my firewall. I would instead rather simply trust the IP range of the odrive servers and just use the web interface unless I’m at a couple trusted locations, like my home or office. It looks like the odrive servers come from these two subnets:
107.178.232.0/24
107.178.238.0/24
Can I just add those to my firewall?

Tony · January 16, 2018, 7:08am

Hi @dan,
We host on Google Infrastructure (Google App Engine), so the ranges are pretty extensive, in theory.

As of right now those are (This list is not considered static and could change):
8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
108.59.80.0/20
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
130.211.4.0/22
35.229.0.0/17

162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
23.236.48.0/20
23.251.128.0/19
35.224.0.0/14
35.228.0.0/16

107.167.160.0/19
107.178.192.0/18
146.148.2.0/23
146.148.4.0/22
146.148.8.0/21
146.148.16.0/20
146.148.32.0/19
146.148.64.0/18
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20

130.211.8.0/21
130.211.16.0/20
130.211.32.0/19
130.211.64.0/18
130.211.128.0/17
104.154.0.0/15
104.196.0.0/14
208.68.108.0/23
35.184.0.0/14
35.188.0.0/15
35.206.64.0/18
35.202.0.0/16

35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.204.0.0/15

As reported by:
nslookup -q=TXT _cloud-netblocks1.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks2.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks3.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks4.googleusercontent.com 8.8.8.8
nslookup -q=TXT _cloud-netblocks5.googleusercontent.com 8.8.8.8

Chicken0x · June 4, 2020, 5:16am

Hello Tony,

“We host on Google Infrastructure (Google App Engine), so the ranges are pretty extensive, in theory.”

Won’t these IPs ranges include other domains and VPS, and etc ? So if I do whitelist a range from the above IP Addresses, and within this range, I could be whitelisting Google VPS that is not part of odrive.com , is that correct ?

So the list is whitelist everything that is hosted on Google ?

Thanx,

Tony · June 4, 2020, 5:34am

Hi @Chicken0x,

It is, at least, everything that is hosted on App Engine. You are correct that the whitelist would, unfortunately, also include any other applications that are also running on App Engine.

Here is an article from Google on this, for more detail: