[SOLVED] OTA and Firewalls

Hello all,

I have recently switched from running everything on the same WiFi network to 2 separate subnets. All IoT stuff now lives on a separate Network/VLAN and now I am unable to use OTA to upload updates.

Running Wireshark here, and it shows that initial communication originates over UDP from my workstation to the ESP with destination port 8266, after that ESP originates a TCP connection from a random source port to a random destination port on my workstation, which makes firewalling impossible.

Am i doing something wrong here? How can I keep either TCP source or destination ports static so I can firewall IoT from my main network? Is there even an option? Or do I have to run an agent on my firewall to make this work?

Under the build panel I see a host_port listed. Is there any way to specify that anywhere in the config?

17:57:22 [DEBUG]: Options: {'esp_ip': 'light-01.local', 'host_port': 59301, 'image': '.pioenvs/light-01/firmware.bin', 'host_ip': '', 'auth': '', 'esp_port': 8266, 'spiffs': False, 'debug': True, 
'progress': True}
1 Like

Well, damn, I just answered my own question…

If anyone comes across the same issue, this is all it takes

upload_flags = --host_port=9938

1 Like

Thank you! I was having the same issue.