Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 30242 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LiftMaster MyQ garage opener

brute_f0rce

I'm having trouble allowing traffic for my LiftMaster MyQ garage opener. I'm a new Sophos UTM Home user. From their FAQ, it says:

- Verify your router allows inbound and outbound traffic on TCP port 8883 and UDP and TCP port 2165;
- Verify if there is a firewall device installed (e.g. SonicWall, Zywall). If there is a firewall the UDP time out (UDP port 80) must be set to 180 seconds or greater for both inbound and outbound. If you are unsure how to set these, contact the firewall manufacturer.

I have created a firewall rule for tcp/8883, tcp/2165, and udp/2165. This is the only firewall rule that is in the list of rules. The Sources are "Any", the Services are the two I defined, and the Destinations are "Any", Action is "Allow" to keep it simple. Previously, I was seeing dropped packets in the firewall log. After applying those rules, I now see "accept" in the packet stream, which seems to imply my rule is working. I also changed ip_conntrack_udp_timeout value to 180, and that did not solve anything either.

I do not have Advanced Threat Protection and Intrusion Prevention turned on as I'm just getting started and don't want to complicate things.

This device used to work with my previous router.

Any thoughts?



This thread was automatically locked due to age.
  • 0
    You've opened the ports, but did you create a DNAT rule for this? The router needs to know where to forward the traffic to on your local network. I'm assuming you're trying to operate the opener over internet. Try to create a DNAT rule:
    Source: Internet (or Any)
    Service: 8883, 2165
    Destination: IP address/host of the garage opener
  • 0
    Also, check the Intrusion Prevention log anyway. Even if IPS is disabled, flood prevention remains active, unless you've turned that off as well.
  • 0 in reply to dmitripr
    The opener doesn't require explicit port forwarding. With my previous router, Ubiquity Edge Router Lite, I did not have to open up port forwarding to have it work. From studying the packet logs, the opener is trying to reach ports 8883 and 2165 on the cloud server, so I know I needed to poke holes in the firewall to allow that outbound traffic. To use the opener over the internet, it relies on a cloud service to act as an intermediary, so that you do not need to expose the device through your home network.
  • 0
    Try using a standard firewall rule for home users:
    Internal (Network)---->Any Service--->Internet IPv4.

    Also, make certain that you have a proper MASQ rule in place.
  • 0 in reply to Scott_Klassen
    Scott,

    One of the reasons for wanting to try and use Sophos was to restrict my outgoing traffic to known types of services. Obviously, that requires careful study of the ports and types of traffic needed for my network devices, and maybe that was too aggressive of an approach for me, having just used consumer-grade routers before. I was hesitant to use a rule like you suggest, but maybe for now, its better than what I have and I can further restrict it over time.

    Thanks!