First, let me start off with saying that I am a network administrator in my day job. I have searched the forums, website, Google, etc. with no luck.
What are the required firewall ports and IP addresses needed from the remote viewing subnet to open to the outside for viewing the Eufy cameras when NOT on the same subnet as the HomeBase? My HomeBase is located on my IoT very unrestricted subnet. I can view them when on the same subnet, on a cellular network, or on a very unrestricted wide-opened firewall at a remote location.
I see that tcp:10280, udp:32100, udp:32700 are needed but I will NOT open a bunch or a range of upper tcp or udp ports to * (ANY IP) on my secure/private subnets or on my employer’s firewalls. tcp:80 and tcp:443 already enabled by default. I also see when these few ports are opened on my employer’s firewall, the app tries to connect to the internal IP address of the homebase at my house (smartphone = 10.10.90.204:xxxx → (homebase) 172.20.4.61:xxxx), which of course will never work.
I should not have to open firewall ports on a remote firewall to be able to remotely view the cameras when not on the same subnet as the HomeBase. VPNs will not work either as it is on a different subnet as the HomeBase.
I am able to view the cameras from the portal via a computer (https://mysecurity.eufylife.com/) when on a different subnet
I am enjoying your products.
Thank you,
Michael
2 Likes
Another thing to note… The remote WAN IP address (app) tries to communication with the WAN IP address where the HomeBase is located. Again, this will never work.
65.CC.DD.174:xxxxx <–> 98.AA.BB.252:yyyyy
Please stick with common ports or just a handful of ports (no more than a dozen is needed). This should NEVER utilize the full 65535 range of ports or even to suggest that for a remote viewer to view their cameras when not at home or on a different subnet.
A network administrator will never open all ports for someone to be able to view camera feeds remotely.
2 Likes
Support came back with this:
“Regards to the requirements of the network for our home base, we use TCP port 80 and 443 and UDP 0~65535 port. Please make sure TCP port 80 and 443 and UDP 0~65535 ports have not been blocked.”
I replied back with:
"If there are a few IP addresses or a very small range of ports the app would connect to, this is more doable to allow in the firewall without needing to allow all out in the firewall.
Take the approach of https://mysecurity.eufylife.com/ website, it appears it only needs tcp:80, tcp:443, tcp:1443. This is something very doable that network administrators would open in their firewalls for remote viewing. Imagine telling your CEO that he has a choice, to be able to view his security cameras at his house & other personal properties while at work from his iMac, iPad and other Android devices or the security of his work’s IT network. This would be something to ponder for future consideration. "
2 Likes
Here is an update for trying to view the cameras from your house/business environment where you have access to modify the firewall(s).
Allow tcp:10280, udp:32100, udp:32700 from the remote/secure network that has the app is viewing the cameras from. Then allow udp:1025-65535 (0-65535 would work, too) from the remote network to the HomeBase(s) IP address in the other network (e.g. IoT). Like most IoT devices, it should basically have unrestricted access to the outside would already.
For trying to view your cameras from your work, on the road, etc. to your home. The above is the same but the app that trying to view the cameras needs to have udp:1025-65535 (0-65535 would work, too) to the outside world as the camera feed is relayed through AWS servers. This is mentioned somewhere else in the community.
If there is a list of IP addresses it is relayed through, it would be helpful to narrow down the firewall rules to not open to the whole world.
2 Likes
Thanks @mnovotny. I was struggling with this myself on my home network. I allowed those UDP ports from my IOT vlan into the vlan where my viewing app is. Now I can see the stream across my vlans