Define Subnet(s) for Scanning to increase IT Security (IoT devices should be in firewalled seperated subnet) about iobroker.broadlink2 HOT 4 CLOSED

I will keep an eye on it how to change subnet when I work on some other changes to broadlink2 and radar adapters.

from iobroker.broadlink2.

Thanks a lot!

from iobroker.broadlink2.

By the way, I tested a bit on my networks and there is one outcome: The device which manages the broadlink devices need to be on same submet than the devices themself.

For that I found two prossibilities on my FritzBox with one of my test-raspi's:
I put the wireless broadlink devices to Guest network and have one Raspi which is connected to normal network via Lan and to Guest network on wireless.

If you run there broadlink2 you will get devices on the guest network and on the normal network.

You can make guest network to handle no UDP traffic in which way you can prevent the devices talking to their servers in China.

In any case, I can program broadlink only to use certain interfaces, which need to be wireless or wired IPv4 networks. so however you want to generate the Virtuallö network make sure that the iobroker instance where broadlink2 runs on is also included.

p.s.: Made myself my own router with an old raspi and a USB lan-adapter as well an USB-Wlan-Stick (Theis Raspi did not have wlan).

I can now test (and capture network with wireshark) in my specific environment and no data goes out to normal network.

from iobroker.broadlink2.

Hello frankjoke,

thanks for your comprehensive solution description - and yes this is a valid solution. I thought it might be routeable ... which would allow to keep iobroker in DMZ ... and open only a firewall hole for this port which is then in another subnet <DMZ ... with iobroker> <firewall with pinhole for udp/port to iobroker ip> . For that it approach it requires to define another subnet to scan (instead of the local one which is used now).

Again, thanks for trying.

Best wishes, Rainer

from iobroker.broadlink2.