Problem with blocking HC2 connections on firewall. Connecting to HC2 only from Local Network.

[Mosskit 4]

Hi,

I have seen couple of posts people got struggled to go through some strict firewalls with HC2 to connect to remote server long time ago in 2015 but I am struggled with reverse problem. Aactually has anyone tried to block it for outside connections? Let me tell you this.. I tried to block all connections from my HC2 going outside through firewall and for some reason still I was able to connect to it remotely with my fibaro app from phone on LTE network. I checked some firewall logs and experimentally blocked traffic completely to and from my HC2 IP. Guess what.. I am still able to connect to it remotely! I started to look into logs and noticed serveral connections from my HC2 that point out to my ISP DNS servers. So I decided to remove that ones and put som dumb address there. Checked logs again and HC2 started to send queries to 8.8.8.8 (Google main DNS). As there is just one DNS to be configured in your HC2 I believe google DNS is hardcoded. I was not able to block my HC2 completely. My remote app still worked perfectly. Maybe a bit slower than normaly. It seems that HC2 use some reverse proxy with SSH protocol. 

Can someone confirm similiar behaviour? Have anyone tried to block HC2 from outside connections (@

Please login or register to see this link.

 

Please login or register to see this link.

, @

Please login or register to see this link.

 

Please login or register to see this link.

, @

Please login or register to see this link.

 

Please login or register to see this link.

?  I know that you can disable remote connection in a panel but I found that it makes my fibaro app too dumb (both ipad and iphone) to use local wifi connection so it tries to connects to remote server and it times out. The only way to controll HC2 then is from Web Browser which I don't seem very comfortable. I am on release 4.150 as I seem it stable as fu*k. My plan is to leave remote access turned on to make my apps think its allowed to remotely connect to HC2. Then I have an OpenVPN tunnel built to my LAN network where HC2 is connected so I assume my apps would be able to find HC2 as a local device. Still not sure if it will work but gonna try. 

 

[AndrewB82 4]

Hi,

 

got similar setup, but actually I was able to block HC2 completely - when all outgoing traffic was blocked, I wasn't able to connect via remote access. And indeed, through OpenVPN I am able to connect as local connection. I'm on 4,5310 beta.

 

Cheers,

Andrzej

[Mosskit 4]

Thanks for reply @AndrewB82. Maybe its my Linksys firewall that sucks then. Going to investigate it further

EDIT: ok t seems that after HC2 reboot, traffic has been blocked so its now isolated completely but fibaro app is not able to connect to it's local address even that I am in VPN connected network and there is routing configured between both networks. Tried also to connect from same subnet not vpn connected network {ipad) to eliminate problems with static routing but it timeouts as well. This sucks as we are forced to open connection to remote fibaro servers if we want to use their aps. I wonder what is the reason to put in app setting: "force to connect with local network" - @I.Srodka @T.Konopka @FIBARO?

Edited February 13, 2019 by AnonymousJohn

[Mosskit 4]

For your info guys. It was my FW and routing that messed up my connections. I am able to block HC2 and connect locally or from VPN subnet now on my Fibaro 4.150. Is it still possible with latest 4.5xx ?