Home Assistant AdGuard integration - which ports to open?

Dear community,

I‘m using AdGuard via its HomeAssistant Integration.

Secondly I‘m using ufw firewall.

I’m trying to figure out, what open ports the AdGuard integration needs to be there.

By now i got 4153 (the one used by the socket container) and 53 (for dns Queries).

But it’s not enough. When I activate ufw, the frontend (integration) in home assistant is not working.

Any hints on that?

Cheers

Thomas

Do you mean the Adguard addon? The Adguard integration does not require any ports to be opened. You connect it to an existing deployment of Adguard and it adds sensors and toggles to HA that let you see and control Adguard from HA. It’s not a DNS server though.

The Adguard addon is a DNS server and requires ports be opened. The addon lists all the ports it may need on the configuration page and lets you open them.

I just found the solution - important fact is port 53/udp not 53 / tcp.

talking about the integration.

@CentralCommand Thanks Mike.

@CentralCommand seems not to be the solution.

:frowning:

Right, like I said, the integration is not a DNS server. There’s no reason to open any ports for it, it isn’t listening for any incoming connections. The addon is a DNS server but that’s an entirely different thing.

hi @CentralCommand

ok. just to add if I enable ufw than the adguard add on within the home assistant gui does not provide any content. if I disable ufw everything does show up.

so it seems to be related to some ports…

Adguard addon - GitHub - hassio-addons/addon-adguard-home: AdGuard Home - Home Assistant Community Add-ons

Adguard integration - AdGuard Home - Home Assistant

You seem to be using the words integration and addon interchangeably. They are not synonyms, they are two totally different things. Which one are you talking about?

the add on from the add on store

Ok so the addon, not the integration, got it.

Yes for that you usually need to expose port 53 on the host. You can do that on the configuration page by listing 53 as the DNS server port under network. That should make it work within your lan so all devices can use HA as their DNS server.

4153 isn’t a port the Adguard addon uses to my knowledge. I mean it has port mapping options so you can map something to port 4153 if you want. But usually the only port you have to expose on the host is 53. And optionally 853 if you want to use DNS-over-TLS, 443 (or map 443 to something else) if you want to use DNS-over-HTTPS and 784 if you want to use DNS-over-QUIC

You can do that on the configuration page by listing 53 as the DNS server port under network.

in the home assistant ui?

Yes, here:

Or are you asking how to expose it through your firewall? If so I’d say don’t expose port 53 externally as it’s unencrypted. If you want to use your DNS server from outside your network I’d recommend looking at the dot and doh features and exposing one of those. But the how is up to your firewall software.

the configuration is: pc with home assistant supervised installation, which brings add ons as docker container on the same host.

on the host there is a ufw firewall installed with rules to block or pass requests on several ports. i.e. pass 443 and block 80. port 53 are open for all servers in the internal network for udp and tcp. all devices in the network are configured for the host and port 53. all seems to work. all but the frontend of the add on in home assistant. this just shows as a blank white page.
also tried to open port 3000 as read on some other documentation. no luck. no user interface for the ad guard add on within home assistant.

the configuration you screenshoted is done from the beginning.

If it works when your firewall is disabled, then it sounds like it might have something to do with your firewall settings.

@moto2000

yes - that’s why i‘m asking what additional ports are needed to be open. :slight_smile:

@CentralCommand any additional ideas?

No idea sorry. In a supported system all you have to do is list 53 in the addon config and it works. If you have other software running on the host affecting things then you’re running an unsupported config so could be any number of things going wrong.

ich habe es lösen können, habe nachgeschaut, welche ports auf dem host offen inkl container aktiv sind und habe dadurch den port identifizieren können und eine route setzen können.

@CentralCommand @moto2000 vielen dank für eure unterstützung

I need to add this comment here for people to find it:

In your adguard addon log you can see the 172.x.x.x IP address.
By filtering the ports with: ss -tulw | grep 172. you can find which TCP is listening.
Add the port (e.g.):
ufw allow from 172.30.32.1/8 to any port 64616

Not sure if the command is correct (I’m not a pro with ufw), as the result was:
WARN: Rule changed after normalization
Rule added

But it works!