pfSense English Support > Firewalling

Ring video doorbell behind PFsense firewall?

(1/4) > >>

sdbenner:
Anyone using a Ring video doorbell behind PFSense?  I have a Ring video doorbell, and I've been unsuccessful in getting PFSense to pass the traffic required for the video portion of the doorbell to work, although the notification portion works, so I get the message on my phone app that someone is ringing the doorbell, and it attempts to display video, but times out.  Ring uses SIP and RTP for the video portion.  According to Ring, the ports required are: 
TCP 80
TCP 443
TCP & UDP 15063
UDP range between 16500-32768
UDP 51504/51506

I've passed all traffic on these ports, and I've turned off port redirection for the static IP address that my doorbell uses.
I've even tried siproxd, and still the SIP invite packet doesn't get out to Ring's servers, hence they never setup the RTP session.  I've put a network analyzer on both sides of the firewall, and confirmed that the SIP invite packet is issued from the doorbell destined to Ring's public server IP address, but it doesn't make it past the firewall.  I have a cellular hotspot that I travel with, and if I connect the doorbell to that it works fine, but that's obviously not a longterm solution.

Any thoughts?

muswellhillbilly:
I've just come from a security conference which had a guest speaker from PenTest Partners. Part of the talk concerned how easy it was to hack into wifi-enabled devices you can buy for the home, including children's toys and kitchen appliances. Personally, I wouldn't be inclinded to install this doorbell anywhere near my network. A bit ironic that something which promotes greater security in your home is actually undermining it. Have a look at the link.

http://www.cnet.com/uk/news/rings-smart-doorbell-can-leave-your-house-vulnerable-to-hacks/

sdbenner:
Thank you muswellhillbilly for bringing that information to my attention.  That is very good to know, and I do appreciate the heads up.  Now that I have it, however, and I can't return it, I might as well try to get it functional and if so, I can think of a couple ways of disabling the pairing function once it's paired, which I believe would put it in a similar security vulnerability level as a mobile phone, etc.  I live in a pretty rural area (countryside off the road) as well, so the likelihood of hackers is not as high as an urban setting (I realize that's no excuse for security, however).

sdbenner:
So no one has any feedback re: my original SIP issue?

TAC57:
If www.grc.com survives their ongoing DOS attack you can go there and see how to set up another router to place your IOT device behind to protect your 'home' network from your 'IOT' network.

Sorry can't help on your Ring doorbell.

Navigation

[0] Message Index

[#] Next page

Go to full version