How do the access permissions work for My Cloud?

Hello. I have a typical home networking set up. I have a cable modem which connects to a regular consumer grade router. (Netgear brand in my case.) The router also has a 4 port gigabit switch built-in to it. My main computer is connected to one of those LAN ports by way of a regular Ethernet jumper cable, and my WD EX2 is plugged in to a LAN port as well.

On my Netgear router, I do not have any ports being forwarded to my PC, or to the EX2, or to anything else for that matter. Zero port forwarding from the router. I have also gone into the router’s web interface and manually disabled the UPnP option. (The option was applied and the router has since been rebooted.)

However, when I install the MyCloud app on my phone and manually shut off my phone’s WiFi adapter so that my phone is forced to connect to the Internet by way of the Cellular Network (so that my phone has no access to my LAN), I am still able to access my data on my EX2.

I don’t understand how that is possible. With no ports forwarded from my router to my EX2, and without UPnP enabled, how is the app able to punch through my router’s packet filtering?

If I go to Settings → General on the EX2 and turn the Cloud Service option OFF, then I get a permissions error. (Thank God.) But I would except that even with Cloud Service turned ON, I would have to forward a port to the EX2.

Can someone explain how this works?

Hi there,

When you check cloud access status what does it say ? If it does say failed, then it would be weird if it worked.

See the image below. I’ll have to look into this “relay connection” because I don’t understand how it works. But apparently it is able to circumvent the packet filtering on the router (a.k.a. the firewall). I can’t quite grasp how that works since I have no ports forwarded at all. None. I even updated the router to the latest firmware and then reset it to factory defaults to make sure I wasn’t missing anything. No ports are open and UPnP is off.

Well, its not mandatory to forward ports in order for cloud access to work, perhaps whats happening here is that the ports used for cloud access are already open on your ISP’s end so my best advise on this case if you do not want to use remote access is to turn it off, or perhaps create a rule on your router or modem to block the ports.

It’s not that I don’t want to use it, it’s that I want to understand how it is able to bypass the security policy of the local network. Perhaps my question is out of scope for this discussion area. I’m just interested in the security of these devices, and it’s interesting to me that a user-level device like this is apparently able to punch a whole through the network firewall without the “System Administrator” even knowing about it.