R8000 Port opening
I am trying to connect a new garage door opener to my network and it cannot connect to the vendor's server despite having a strong signal and valid password. The door app says that I need port 8883 open inbound and outbound for the router. How can I do that?
I see options for port forwarding, but I am not sure if that is appropriate since it seems designed to send all traffic on one port to a specific IP. Currently the router is visible on my network as IP 10.10.1.17, but that is a dynamically assigned IP and I dont think the opener can be give a static IP.
I am looking for a way to just open port 8883 for in and outbound. Is there a simple way to do this? Or a way to check if the port is currebtly open?
Re: R8000 Port opening
Well I played around and I got it to work, But I have no idea why it works or if it will stop working.
FIrst, I "forced" my opener to have a static IP address. I did this by limiting the DHCP range to be from .2 to .199 on my subnet. Then I went to Advanced / Setup / LAN Setup and added an address reservation to 10.10.1.205 based on my garage opener's MAC address. Then I went to Advanced / Advanced Setup / Port Forwarding/Port Triggering and told it to redirect all traffic on port 8883 to the .205 IP address.
It now works.
BUT, even though I restarted my router and rebooted my garage door opener, I can see it is still connected to my LAN with 10.10.1.17, a dynamic IP address. So I have no idea how the rule for forwarding is getting to the correct IP. I guess that the port forwarding rule had a side effect of opening the TCP/IP port. With no device connected to x.x.x.205, it must be passing the connection straight through. Seems sloppy.
Re: R8000 Port opening
> Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Firmware version? Connected to what?
> I am trying to connect a new garage door opener [...]
Should your readers need to guess that it's some
Chamberlain/LiftMaster myQ thing?
> [...] Currently the router is visible on my network as IP 10.10.1.17,
Which "the router"? The R8000, or some other router? Did you choose
the odd-ball IP address subnet?
"my network"? What all is on your "my network"? Start with the
> [...] but that is a dynamically assigned IP and I dont think the
> opener can be give a static IP.
You lost me.
> [...] I am looking for a way to just open port 8883 for in and
> outbound. Is there a simple way to do this? Or a way to check if the
> port is currebtly open?
I suspect that you're looking in the wrong direction. If there's
only one router involved, then I doubt that any port forwarding is
> FIrst, I "forced" my opener to have a static IP address. [...]
Terminology: A "static" address is configured on the device itself.
What you configure on a (DHCP server on a) router is a reserved dynamic
address, not a static address. Either one should fix the address of a
device, but some implications are different.
> [...] Advanced / Setup / LAN Setup and added an address reservation
That's a reserved dynamic address, not a static address.
> [...] Advanced / Advanced Setup / Port Forwarding/Port Triggering
You can do that, but I'm not (yet) convinced that it's necessary.
Imagine how successful these myQ products would be if every customer
needed to rejigger his router to make them work. And what would you do
for a _second_ opener?
> BUT, even though I restarted my router and rebooted my garage door
> opener, I can see it is still connected to my LAN with 10.10.1.17, a
> dynamic IP address. So I have no idea how the rule for forwarding is
> getting to the correct IP.
If you're forwarding port 8883 to ".205", and the myQ gizmo is at
".17", then I might infer that your port forwarding is not crucial to
the gizmos's proper operation.
> [...] Seems sloppy.
No. Seems impossible.
Port forwarding is useful for _incoming_ connections. If you were
running a web server, for example, and anyone on the Internet might wish
to connect to it. Your router (WAN/Internet interface) has your only
external/public IP address, so that's what anyone in the outside world
will be talking to. But what should your router do with a message for
your web server? To which of your devices should it send that message?
A port-forwarding rule (for port 80 (HTTP) and/or port 443 (HTTPS))
tells your router what to do with incoming messages.
Internet-of-Junk devices like your myQ opener typically work
differently. In the typical IoJ scheme, the IoJ gizmo creates an
_outgoing_ connection to some cloud server which is run by the
IoJ-device vendor (Chamberlain, in this case), and identifies itself to
that server. Your IoJ (myQ) phone app also knows how to talk to that
server, and that's how your phone can talk your IoJ gizmo. That is,
using that _outgoing_ connection from the IoJ gizmo, through your
router, to the cloud server. And, because it's an _outgoing_ connection
through your router, no port forwarding is needed; normal NAT handles
> It now works.
I don't know why, but my prediction would be that it'd continue to
work if you removed your port-forwarding rule, and the address
reservation, and restarted everyone. Because I doubt that a
port-forwarding rule to the wrong address is helping, and I wouldn't
expect an ineffective address reservation to be any more helpful.
If you start playing with the limits on your DHCP pool, and your
address reservations, then you might need to shut everyone down and then
restart everyone before everything will make sense again. Once a device
has gotten a dynamic address from a DHCP server, it's loath to give it
up before the lease expires, no matter what you do to the reservations.
myQ users with problems regularly get advice about "opening" port
8883. I doubt its value. But I'm always open to persuasive evidence.