Installed on RPi4 - does plugging into my router mean HA is visible to public internet?

Hi! I’m new to HA and haven’t gotten things fully set up yet (waiting for a SkyConnect to get Zigbee sensors / switches up and running).

I will have my RPi4 physically connected to the router which provides my home internet (wireless and wired). I don’t have subnets or VLANs set up, and would have to study up on these topics in order to implement.

I found this post but still am unclear on what happens if I just plug the box running HA into my router. Doesn’t the router’s DHCP assign a public IP? Doesn’t this mean any rando with a port scanner can detect my HA instance (and potentially then compromise it / move horizontally in my network)?

So far, none of my home automation devices will use WiFi to communicate. It wouldn’t be a big deal to have my HA installation on a different subnet / VLAN, but I still want HA to be easily accessible from my phone and computer, so I can tweak my configuration without having to switch networks. How would I go about accomplishing this?

Thanks in advance!!

Hmmm actually maybe the answer is in the comment I linked above:

Inbound from the Internet. By default, on residential ipv4 connections (99% of US), by virtue of being behind a NAT, nothing is open.

I just checked my router’s firewall and yikes! Lots of ports were open to inbound traffic. I tightened things up a bit.

So now the question is, does HA phone home? Does it need any kind of port forwarding to run? How does it update itself, if configured?

No, your router assign a local IP to your HA( like it does for your other LAN devices)

No as above, it’s a local IP

As long as you don’t wan’t access from outside your lan, HA is available from any devices on your LAN through a browser, and on your Phones HA-APP

The “issues” in regards to VLAN and Acess from outside your LAN comes next, when ever you got your HA configured, and in a “state” where you need/want “outside” Access
There are many Options available for you to reach HA, when away from Home, HA team provides an easy setup, supported option called NABU CASA
Toehr options is through i.e VPN

1 Like

Got it, thank you! It turns out I didn’t know about how NAT works. I get it more now.

For the time being, I don’t care about having access to HA from outside of my local LAN / WAN. It seems that as long as my router firewall is correctly configured, anything connected to it should be obscured by NAT.


If you still haven’t configured i.e VPN, HTTPS or SSL, you will still only have local access your self, HA will Updates the same way your other devices, Phone, computers etc, initiated through outbound connections( on “secure” HTTPS respond connections, Nothing to worry about

But i understand your next step, after connecting your HA to your Router, is , maybe as soon as possible, configure it for external access, as mentioned many options available for this

But start by looking in /Settings/Devices-Service# Integrations , there you will find the “default/native” Integration-store, some you might already find useful/interesting

Setting/Add-Ons : Another bunch of useful tools/add-ons

File Editor: ( for accessing configuration files etc )
Samba Share: ( Same as above, but access them from i.e a windows/orther linux/Mac machine

1 Like