I see a lot of posts about people talking about port forwarding. It comes with waves of people who can't wait to tell you about security and not to do that. I am wondering if we can spare that part, I think we all got it.
So for my own personal reason I want to access remotely using port forwarding (not a VPN, nor remote desktop software) yes good ol' port forwarding. The way we handle remote access of lots of password protected things. Anyway, after going through the basic router page and opening a port to forward to the hubitat, which has a static local IP, I can't get it to work?
I open a browser and type in my home IP address:port and I get this page that reads:
This site can’t be reached XX.XXX.XX.XX refused to connect.
Every other port I try to access goes to all my other devices in my home just fine. Is this completely blocked by hubitats? Is there a way to unblock it, or am I doing something wrong? Do you have to use a specific port, or range? I would like to say a second time, please, I don't want a suggestion on another way to access admin page, or a lesson on security. I want to know why this doesn't work.
Hubitat accepts traffic on port 80 (http), 443 (https), 8080(http) and 8443(https). There is also port 8081, but that is just the diagnostic interface.
You have to forward your traffic to one of these ports. All these are TCP ports.
Holy hell, you must have superhuman powers, to not go off on 15 tangents unrelated to the person's question. You helped me get it working, I haven't had to use specific ports before. Thank you, now I can do what I need.
Good it's working, I wouldn't ever recommend this approach, but each to his own. It's your network. I put my IoT things in a separate subnet without Internet access or access to the rest of my network, except for an update or so. But then again, I'm paranoid
We're way past that, all we can do is hide ourselves away behind multiple mitigation strategies... One more or less, or 1 million more or less, doesn't really matter anymore.
It is cool It is also a pain to setup. I live in a country which limits international access and felt I wanted to be extra prepared and hard to shut down...
Not much, the Cloudflare part is actually free, their free accounts is sufficient. The endpoints are cloud instances which can be taken down and spun up in a minute or so if ever needed. In general it isn't needed and they stay for years. I have one instance that has been alive for 2 years.
Read up on MPTCP, VMESS, Docker and we can talk about it in a PM. This is not for the faint of heart, I had problems getting this to work at all.
But for future posterity, other users should recognize that this method of establishing remote access to your hubitat hub is highly discouraged by hubitat staff, and there are other methods that are less likely to result in a vulnerable device on your LAN becoming compromised.
I’m curious though. Isn’t the whole idea of port forwarding to use specific ports? Do you mean specifying the port on the LAN side?
Of course HE staff will for future prosperity discourage the circumvention of their new business model that charges people $2.99/month for what used to be part of the app or a general feature.
Maybe, if this port opening is so evil, they should reverse the recent introduction of the pay for service model in order to prevent a future bad system break in.
Or maybe they could also just compare the IP address of the hubs where users paid for remote access and release the others into the wild so they can be hacked and taught a lesson to not mess with their business model.
The new remote admin subscription service is just that, new. They’re not charging for something they used to provide for free. Cloud dashboards and the mobile app still cost nothing.
If you really feel like forwarding a port on your router to your Hubitat hub, you can still do that. For free.
I securely access my hub’s admin interface remotely when I login to the VPN server running on my LAN. That’s free too.
I understand that you disagree with the new service offering, but as stated above, you haven’t lost any functionality. You could never remotely administer the hub. I’m also not entirely sure why you dug up an almost year old post to share your complaints about the service. There were a number of more recent posts that might have also worked.
HE's App to "offer" remote admin was only recently updated to do so. Previously you could use the App to access your Apps on the HE - now that goes into selling a remote admin sub. There clearly is a business decision prioritizing. Just funny that their staff is discouraging what's free.
It is also a pain to setup. I live in a country which limits international access and felt I wanted to be extra prepared and hard to shut down...
