DuckDns, secure to open 1025-65535 ports?

Argo · July 24, 2018, 3:02pm

Hello.

I have an issue. My router does not automatically open port when I am mapping 443 to 8123. Only way to open the port is firewall setting. Month ago I tried to turn off firewall and open all ports (so 443 was open). I got remote access and then I was advised to close ports because I am silly and going unsecure.

Now I have updated router, tried duckdns again. I can access to HA via my_domain.duckdns when I am at home, but not remotely. I can try medium secure in firewall settings, where 1025-65535 ports are open.
What if I will try to run HA on 1012 port and change 443 to 1443 for example. Will it make any sense?

If yes:
-How to change incoming port from 443
-How to change HA port

Of course the key point is secure.

Will be happy to see your advices!

andlo · July 24, 2018, 4:15pm

You should use portforwardm sp that everything that hits router/firewall’s IP on port 8123 is forwarded to your homeassistant internal IP and same port.

Yhen when you are outside your net, and enter https://XXXX.duckdns.org:8123 you are directed to your routers external IP (that is the DuckDNS service dooing that) and your router is then forwarding trafic to the internal homeassistant IP.

How to setup portforwarding on your specifik router/firewall I dont know.

Argo · July 24, 2018, 6:27pm

Thank you for answer

Actually, that’s what I have already done
correct me if I am wrong
I have forwarded 443 to 8123

andlo · July 24, 2018, 11:15pm

HI Argo

It could look right…but you have funny letters in your screenshot so I cant understan everything Collum 3 where yuo have duckdns.org is that just name or origin of trafic or interface?

My gues is that colum 3 should have the routers extenal interface / external ip adress in there as that is what port mapping does. Everything komming in on external ip on port 443 forwards to port and internal IP.

Alsp i would recomend portforward 8123 to 8123 and not 443 to 8123.

tom_l · July 24, 2018, 11:45pm

Why do you recommend that?

dap35 · July 25, 2018, 12:48am

Actually, you can pick any port to use externally. If you use 443, then you don’t need to specify the port when you connect via https. With any other port, you need to include the port on your connection, e.g. https://my-HA.duckdns.org:7523 , where 7523 is the external port you choose to use.

Argo · July 25, 2018, 2:22am

Duckdns.org is just a name for this “rule”. Third column is “incoming port”, after TCP is “local port”

Argo · July 25, 2018, 6:02am

Thank you. Now I get they. But is it secure to open 1025-65535 ports and send 7523 to 8123?

Argo · July 25, 2018, 4:13pm

Sure I have done port forwarding. When I do not forward it - I just does not get info on page (no connection). If I forward 443 to 8123 - I can access at home. If I forward 4433 to 8123, I have to write at the end of domain that port (4433). But I can not load HA being out of local network.
My Main question is
Will it be safe to open 1025-65535 ports and use 4433 to 8123?

cogneato · July 25, 2018, 4:25pm

No. Opening a large range of ports is not secure.

If you are using the duckdns addon and ssl, you should only need 443 to 8123.