Hi friends, I have a device that asks me to open ports 80 and 443 of my AR750s router (OpenWrt 19.07.5 r11257). Not being so experienced I ask you if the procedure is correct:
you need to provide a destination IP (your devices) for those open port forwards.
Opening port 80 and 443 to the internet could be lethal, from a security point of view.
I'd never do it.
What's the device ?
2 Likes
it is a vacuum cleaner (robot) neato robotics, I assigned an INTERNAL IP reserved for the connection of the robot.
The forwarding looks correct, however opening http and https to the robo cleaner from everywhere on the internet (and not some specific IP of the manufacturer) is a recipe for getting hacked.
Make sure you understand properly what the cleaner instructions ask you to do. These devices usually only open outbound connections to some manufacturer server and are controlled from there.
3 Likes
I agree with trendy, you could just as well disable the FW completely ...
Are you sure the manual tells you to open inbound ports 80 and 443, not just require outbound internet traffic on those two ports ?
(might also be a shitty translation)
Smart devices (liks yours) are generally well know to have exploitable vulnerabilities in their FWs.
3 Likes