Port forwarding - pros and cons [Solved]
-
Hi,
I am currently setting up a dedicated machine for Home Assistant on my home network and for few of the devices (Ring Camera streaming) the settings require opening up a port on pfSense and forward it to the Home Assistant machine. Intuitively I think that means I need to ensure few things:
- Disable admin account on pfSense
- Make a really strong password for each account on pfSense
- Isolate the Home Assistant machine from other LANs (I have multiple LANs within home) as much as possible.
But I am little uneasy with the concept of an open port as do not know enough on the subject so not sure the risk/exposure it might be creating for me. So would like to hear from experts if I missed anything from the above points or if there are any secured alternatives to port forwarding for setting up Home Assistant.
Thanks!
-
@pankaj13 said in Port forwarding - pros and cons:
devices (Ring Camera streaming) the settings require opening up a port on pfSense and forward it to the Home Assistant machine
Where? Does it say you need to setup port forwards.. There are ports that are required outbound, nowhere have I seen anywhere that you have to setup port forwards. If you did you should return it - since its utter Crap!!
https://support.ring.com/hc/en-us/articles/205385394-The-Protocols-and-Ports-Used-by-Ring-Devices
-
@johnpoz good catch, seems like I did not read the instructions carefully at https://github.com/jeroenterheerdt/ring-hassio
The port needs to be opened only for remote access which is not my goal.
Thanks for your input!
-
Even for remote access you don't need port forwards for your ring stuff. For access to whatever HA you running - ok.. But that would be a bad idea! If you need remote access to some service your running, then vpn into your network and access it that way.
The only time you should allow for unsolicited inbound access, ie a port forward would be services you want to be open to the public.. Say some public web server, or plex server, or minecraft server, etc. ntp server.
If you are going to be the only one to access it - like a HA service, then vpn would be the more secure solution.