On 02/06/2018 02:56 PM, Bob Goodwin wrote: > I bought twoptz cameras which can be viewed and controlled with the > family iPhonesand of course they would like to use the "Armcrest" > cloud/server in order to view them while away during the day. The > cameras would connect to my LAN and via my router to the Viasat modem. I > have always tried to avoid such connections to my system and doing this > is worrisome. This is typically how most things such as SimplySafe and most home automation systems). It's essentially a TURN system to utilize the restricted cone NAT on your firewall. The cameras report out to the Armcrest server. This opens an outgoing pipe through your firewall which permits Armcrest to come back through your firewall to connect to the cameras. The app connects to Armcrest and uses the information there to get back to your cameras. This is essentially the "RELATED, ESTABLISHED" conditions you may be familiar with in iptables. In home automation, the cone NAT connection is generally only between the automation hub and the cloud service, with the hub doing the heavy lifting of talking to the automation devices (the individual devices do NOT talk to the cloud--just the hub). Is it dangerous? Well, anything that permits incoming data through your firewall can be bad, but this is generally restricted to just allowing Armcrest through your firewall in a bidirectional mode. It doesn't poke other holes and the TURN/cone mechanism only allows incoming data from the Armcrest server. So it's something to watch, but I wouldn't panic. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - A squeegee, by any other name, wouldn't sound as funny. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx