Hello all. I’d like to lock down requests to my camera to a specific IP address range. I’m using RBoy’s Foscam handler and since I now have my IP cams open to the world (port forwarding), I’d like to use the firewall on the Foscams to only allow IP address connections from SmartThings. I tried enabling just the local IP of my SmartThings hub, but that didn’t do it. I assume I need to determine the public IP range that SmartThings uses to issue commands to my hub. Has anyone gone down this path? I use DDWRT, but I’m not seeing anything in my active IP table except for the FOSCAMs calling out to the time server. I’m also not seeing the connection in the Foscam log, but I think that is limited to web logins. Since the device handler is sending the username/password in the URL, I don’t think it’s counting it.
Your Internet router, what you have between stuff in the house and the outside, should give you a list of all the IPs in use and what they might be. It will at least show you all the MAC addresses (which should be on the devices).
Tim.
Thanks, Tim. I have abandoned getting the FOSCAM video to work outside of the network. I have BlueIris for that, anyway. I have a nice hybrid setup now with using the motions on the cams in SmartThings, and also using Blue Iris Profile Integration to change my BlueIris profile as part of my routines.
I still would like to get an IP range of servers communicating with my ST Hub, though, as it would be smart to limit what traffic hits it. My router does show me all of the active connections per host, which I’ll take a second look at (before I was only looking at the traffic hitting the FOSCAMs). I was just wondering if someone has already received from support or compiled their own IP range.
Each instance may be unique for the IP range. Unless you have done port
forwarding on your router to allow outside your house traffic access to
device(s) in the house, no one outside will know the IPs of the devices
inside nor will they be able to connect to them.
For example, all my devices are in the IP range of 192.168.1.11-200,
which is NOT the default of my router. Most routers/Access Points use a
common set of IP ranges, 192.168.1.1-254, 192.168.0.1-254, or
192.168.254.1-254, but knowing this does not get me access to your
devices unless I know the upstream address of your router and you have
changed it to allow me to connect to a specific device.
The only way to truly know what is talking to what is to have everything
going through a switch with a monitor port or a hub and then use a
packet capture system (Wireshark on a PC) to capture all the packets it
can see and display to you what is talking to what.
I have my DSL router connected to the outside world (upstream side) and
one port on the home side goes to a 16 port hub. Because it is a hub,
all traffic goes to all the ports so my computer running Wireshark sees
all network traffic. My wireless AP is separate from the router and is
connected to the router through the hub with a wire. So I see all
wireless network traffic too.
A managed switch with a monitor port would do the same thing but do a
better job of managing traffic on the network.
Tim.