Manual Port Forwarding and Security

Hello, sorry in advance for the newb question. I'm setting up port forwarding for out of home viewing. I'm using Raspberry Pi w/ Channels DVR and have a Unifi Network. I set port forwarding in the USG (security gateway) and I was able to fully access the DVR from the WAN IP port 8089. It then occurred to me that the whole world may also be able to do the same thing. Did I somehow open it too much, exposing my network to the world? There was something there to get an authorize key, and it generated one which I could copy and paste and gain access. Seems anyone could also do this, so I'm just figuring I set something incorrectly.

Attached image shows port forwarding configuration. Had to manually configure as cant do it on my setup with upnp.

Thanks for your time.


You did it correctly. (Just be sure to ensure that "Use Fixed IP Address" is set in the Controller for your Pi.) The authorization/token is handled by authenticating your Channels Plus subscription using your username/email address and password for your account, which is then passed in to the server.

That's assuming they also had access your your Channels Plus login information. You probably didn't see this at first as the authorization cookie was already cached in your browser.

Great, thanks for the speedy feedback.

Sorry, I'm not seeing a box to check that says "Use Fixed IP Address". I assume you mean in the Channels DVR settings on the Pi?

No, in the UniFi Network Controller. Go to the client page, select your Pi, and in the pop-up, go to the Config tab. Under the Network section is an option to "Use Fixed IP Address", which is the term UI uses for a DHCP reservation.

(I can't be too much more specific than that, as there now 3 different versions of the Settings section, and 2 different versions of the Clients page, depending upon which version of the Network Controller you are using, and which additional settings you've set. Also, the mobile clients offer yet another set of options/interfaces, so being specific is not easy. It seems UI is as confused about their software direction UX as Google is their messaging apps.)

1 Like