Vera behind firewalls

mark-hc · November 16, 2008, 1:22am

What ports and firewalls rules should users be setting up to have Vera communicate across LAN and WAN?

325xi · November 16, 2008, 1:45am

None - if you use findvera.com

mark-hc · November 16, 2008, 3:58am

Sorry, should have been more specific. I currently have a firewall in place. I will not be using the vera box as an access point only as a switch. I read that they are using SSH. Is that to say I only need port 22 open?

denix · November 16, 2008, 9:22pm

If you are going to use findvera.com service to connect to your Vera, then you don’t need to open any ports - it uses an outgoing connection, not incoming.

mark-hc · November 17, 2008, 5:57am

Okay. But I have strict firewall rules. By default I block all incoming/outgoing traffic except very specific ports I open for services. So unless vera is using a VERY common port for outgoing, it will be blocked. Does anyone one know the specific ports its using?

325xi · November 17, 2008, 7:11pm

I tried to monitor connections Vera opens, and it appears to be randomly selected port in 50000-60000 range, but I may be mistaken.

mark-hc · November 18, 2008, 3:49am

A 10,000 port window doesn’t seem very sensible. I could see 1 or 2 ports for a secure connection like port 22 for SSH, but 10,000? Can anyone give me some clarification?

micasaverde · November 22, 2008, 12:17am

Let me know if your firewall actually succeeds in blocking the findvera service. It should work regardless of the firewall. I haven’t seen a firewall yet that it wasn’t compatible with.

mhedhli · February 1, 2009, 4:19pm

FindVera does not work for me, nor can I update my device. I gave it a static IP address via DHCP reservation and that is the only way I can access the device. Very buggy so far. I upgraded the Antenna on the device and it lost it’s settings. Then, the settings came back. Then after a reset, they were lost again. FindVera.com never worked for me and I’m not really blocking anything outgoing. I’m using a Linksys WRT300N with dd-wrt v24 SP1 MEGA firmware and has worked awesome with everything else. Any ideas?

PS: Is there a way to manually update the firmware?

mark-hc · February 11, 2009, 5:27am

My firewall was blocking NTp which was stopping the vera box from keeping the correct time.
A rundown of the ports would save some of us from unnecessary troubleshooting :o

micasaverde · February 11, 2009, 4:13pm

mhedhli, can you ping our tech support? Either micasaverde.com, click support and send an IM, or call the support phone #. This shouldn’t happen. Whatever it is, we’ll fix it, but I’d like to troubleshoot it with you to find the cause.

mark-hc, we just today changed the port to a number >1024. It seems some firewalls block responses to connections when the port is <1024, but with high numbers, it should work.

denix · February 11, 2009, 9:47pm

I’m not saying it is the case for mhedhli, but some people may unnecessary block all outgoing ports. In that case port 56861 needs to be open for findvera.com to works, as explained here:

http://forum.micasaverde.com/index.php?topic=395.msg2010#msg2010

Also, it helps to enable SPI (Stateful Packet Inspection, aka Stateful Firewall). In Linux just insert this line before you drop all the other packets:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT