Cloud access - port forwarding validation IP 52.40.154.223

IF
you’re having issues getting a port forwarding connection to work
AND
you have a router that can limit which external IP’s can access your port forwards
AND
you dislike UPnP for security reasons
THEN
you must add 52.40.154.223 to your source IP list that can access your NAS

WD uses this IP from AWS to check your port forwarding setup before it will switch from “relay” to the faster “port forwarding” direct connection.

For the longest time (my experience started mid 2016) this IP was 52.40.155.226 but for say the last 6-8 months my connection has dropped from portf to relay. I wasn’t all that concerned as I rarely used the cloud service as you need a decent upload rate and limit to access movies via LTE from outside your local network. It bugged me, sure, but was a backburner issue that I’ll get to when it I have time and it bugs me enough. That time has come and I found the new address that WD uses to validate your port forwarding.

To configure this, on the WDcloud applet from firefox on my PC, go to::
settings->general -cloud access - cloud service - configure
connectivity = manual
external port 1 http = 9091 (any port, not 0-1024)
external port 2 https = 9444 (any port, not 0-1024)
apply

then on your buttoned down router::
ip-> firewall -> NAT
add a tcp dst-nat entry for YOURexternalIP:9091 to NASinternalIP:80
add a tcp dst-nat entry for YOURexternalIP:9444 to NASinternalIP:443
In my case I also chged/added 52.40.154.223 to the “sources” who could access each of those 2 portfwd’s.
Your router should have something similar.

OR, forget all this and use connectivity=auto and UPnP on your router, but some may prefer a bit more secured installation.

I had to reinstall WDCloud on my Android phone to get it recognized. Dunno if the recent (2 months ago) Android P update messed it up or not, or my upgrade from Win7 to Win10 had something to do with it, but it needed to be done.

I’ve never come across any literature describing this validation IP but wish it had been noted somewhere as I spent a fair bit of time isolating this issue.

This is one of the addresses from AWS that my Xfinity Advanced Security intercepted and alerted on. The other AWS one was 52.24.45.14. Is that one also used for the same purpose by WD? Both source addresses used Port 80. So you are saying that if I need port forwarding, then I should do as you instructed? For my NAS application, can you tell me if I need port forwarding. I am using my WD EX2 Ultra strictly for Time Machine. So, can I ignore or block those addresses? Xfinity Advanced Security is also alerting me to other threats against my NAS with addresses from Belize, Republic of Korea, and a few other countries. Supposedly, it is blocking them so they cannot do damage. Is there a way for me to configure my Xfinity gateway firewall to block these addresses/ports? Getting alerts like this every day or two is very disconcerting.