7

My understanding is that routers act as natural firewalls. In that context, how can an IoT device receive commands from the WAN if they are not initiated from within the LAN? In a specific example, how does my smart thermostat know that temperature has been changed on my smart thermostat's app and change the temperature accordingly?

How does Nest, for example, manage to get through my router and speak to the thermostat? Ports haven't been configured and upnp is deactivated.

Could someone please provide a general explanation of the flow?

Is upnp absolutely required to have network devices that can be connected to from the WAN?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
John
  • 71
  • 2
  • 1
    the answer is: the LAN device connects outward – schroeder Dec 21 '16 at 07:30
  • 1
    Short answer: The very same way your computer goes online and is not denied by the firewall. Your machine is initiating the connection, not any webserver. – Potaito Dec 21 '16 at 07:42

1 Answers1

3

When you setup your Nest, you create an account for it and sync your devices to the account. So all the information tying your app to that particular device is saved in a Nest database somewhere on their servers. In your scenario you're asking how the Nest passes through your firewall to see what your account settings have told it to do. Your phone app can't always be on the wifi to talk to the device directly (and that would somewhat defeat the purpose of it) so UPNP doesn't come into it.

It doesn't look like Nest specify which protocols they use on their site - but there is nothing stopping it from using HTTP/HTTPS to connect to your Nest account once you've put it on the Wifi. Just the same as when your friend asks you for your wifi password - no Firewall rule changes required for them to go out to the internet once you give it to them.

Nest's own Support documentation advises that Firewall issues are still a problem.

Is upnp absolutely required to have network devices that can.be connected to from the wan?

UPNP isn't even mentioned in the Nest support documentation. UPNP is for connecting within a network, not going out to the internet. So would be useful if you had multiple Nest devices and they had the ability to talk to each other within the Wireless Network - say if your thermostat and camera could work together to determine if there was a fire - but not for talking to your app on your phone.

On an Asus router running Merlin, how do i find whats configured so that I can review it?

You could review your Firewall settings but assuming its already working, try installing Wireshark to monitor the outbound traffic coming from your Nest device.

R. Murray
  • 744
  • 5
  • 13
  • good answer. Main point is: You are not going through your firewall, you are escaping from it from inside :) If the firewall of the router was strict about outbound connections, you couldn't use the vast majority of services. commonly its just strict on the incomming connections, if no outgoing ones have been seen prior. Totaly router dependent, of course. try scanning your router with something like nmap from the internet to learn more on what ports may or may not be reachable. – Gewure Dec 21 '16 at 10:54