-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define Subnet(s) for Scanning to increase IT Security (IoT devices should be in firewalled seperated subnet) #39
Comments
I will keep an eye on it how to change subnet when I work on some other changes to broadlink2 and radar adapters. |
Thanks a lot! |
By the way, I tested a bit on my networks and there is one outcome: The device which manages the broadlink devices need to be on same submet than the devices themself. For that I found two prossibilities on my FritzBox with one of my test-raspi's: If you run there broadlink2 you will get devices on the guest network and on the normal network. You can make guest network to handle no UDP traffic in which way you can prevent the devices talking to their servers in China. In any case, I can program broadlink only to use certain interfaces, which need to be wireless or wired IPv4 networks. so however you want to generate the Virtuallö network make sure that the iobroker instance where broadlink2 runs on is also included. p.s.: Made myself my own router with an old raspi and a USB lan-adapter as well an USB-Wlan-Stick (Theis Raspi did not have wlan). I can now test (and capture network with wireshark) in my specific environment and no data goes out to normal network. |
Hello frankjoke, thanks for your comprehensive solution description - and yes this is a valid solution. I thought it might be routeable ... which would allow to keep iobroker in DMZ ... and open only a firewall hole for this port which is then in another subnet <DMZ ... with iobroker> <firewall with pinhole for udp/port to iobroker ip> . For that it approach it requires to define another subnet to scan (instead of the local one which is used now). Again, thanks for trying. Best wishes, Rainer |
Dear,
I'd like to put the devices in a separated IoT network segement (IP range/VLAN) to prevent any negative impact of these. The challange is that the iobroker is in another network segment than the devices and so it scans only it's own subnet - means the devices will not be found.
I'd like to rise the feature request, to be able to define the subnet(s) where broadlink devices can be so that the scanning is extended to all defined subnets. This will increase IT security dramatically because I can put the Broadlink devices in a separted network with limited firewall access.
Thanks a lot!
Rainer
The text was updated successfully, but these errors were encountered: