Open Port on Router for Remote Access

I see a lot of posts about people talking about port forwarding. It comes with waves of people who can't wait to tell you about security and not to do that. I am wondering if we can spare that part, I think we all got it.

So for my own personal reason I want to access remotely using port forwarding (not a VPN, nor remote desktop software) yes good ol' port forwarding. The way we handle remote access of lots of password protected things. Anyway, after going through the basic router page and opening a port to forward to the hubitat, which has a static local IP, I can't get it to work?

I open a browser and type in my home IP address:port and I get this page that reads:

This site can’t be reached
XX.XXX.XX.XX refused to connect.

Every other port I try to access goes to all my other devices in my home just fine. Is this completely blocked by hubitats? Is there a way to unblock it, or am I doing something wrong? Do you have to use a specific port, or range? I would like to say a second time, please, I don't want a suggestion on another way to access admin page, or a lesson on security. I want to know why this doesn't work.

Thank you!

I will spare you the security speech :stuck_out_tongue:

Hubitat accepts traffic on port 80 (http), 443 (https), 8080(http) and 8443(https). There is also port 8081, but that is just the diagnostic interface.
You have to forward your traffic to one of these ports. All these are TCP ports.

1 Like

Holy hell, you must have superhuman powers, to not go off on 15 tangents unrelated to the person's question. You helped me get it working, I haven't had to use specific ports before. Thank you, now I can do what I need.

2 Likes

Good it's working, I wouldn't ever recommend this approach, but each to his own. It's your network. I put my IoT things in a separate subnet without Internet access or access to the rest of my network, except for an update or so. But then again, I'm paranoid :stuck_out_tongue:

2 Likes

I'm a 'fill up the car with gas while it's still running to keep the AC goin'

kind of guy.

1 Like

That is probably less of a risk than doing what you just did with port forwarding. But it could all go well.

1 Like

arghhhhh - if you are into forwarding stuff at least consider a vpn... like wireguard.

https://www.wireguard.com/

Also will say your exposure is potentially all of ours if your system gets compromised and joins a botnet or is used for staging to attack others.

Will shut my yap now...... sorry.

1 Like

If we are not protecting ourselves well enough to handle an additional botnet participant we're not doing our own networks right either... :wink:

2 Likes

One or two sure but thousands/millions of like minded folks can complicate things. Gotta start somewhere... :laughing:

1 Like

We're way past that, all we can do is hide ourselves away behind multiple mitigation strategies... One more or less, or 1 million more or less, doesn't really matter anymore.

1 Like

Yes for example I am behind 7 proxies.... :rofl:

1 Like

I run my traffic through multiple multiplexed Cloudflare WS to an endpoint which will shift if an attack is detected... attack that.. :stuck_out_tongue:

2 Likes

Sounds cool! How much is that costing you (or your company)?

Can the "average joe" HE user get a piece of that action?

:wink:

It is cool :slight_smile: It is also a pain to setup. I live in a country which limits international access and felt I wanted to be extra prepared and hard to shut down...

Not much, the Cloudflare part is actually free, their free accounts is sufficient. The endpoints are cloud instances which can be taken down and spun up in a minute or so if ever needed. In general it isn't needed and they stay for years. I have one instance that has been alive for 2 years.

Read up on MPTCP, VMESS, Docker and we can talk about it in a PM. This is not for the faint of heart, I had problems getting this to work at all.

2 Likes

To each their own, as others have already said.

But for future posterity, other users should recognize that this method of establishing remote access to your hubitat hub is highly discouraged by hubitat staff, and there are other methods that are less likely to result in a vulnerable device on your LAN becoming compromised.

I’m curious though. Isn’t the whole idea of port forwarding to use specific ports? Do you mean specifying the port on the LAN side?

3 Likes

I use chrome remote desktop. It works well and I'll be notified if anyone tries to sign in, besides me.

2 Likes