Bridge between different networks

[IvoGruber]

For security and privacy reasons I want to exclude my matter controller (lets say it is Alexa) from my home network (lets say it is in net 192.168.1.xxx) and let it operate on my guest network (lets say it is in 192.168.2.xxx) while my devices (lets say some shelly devices) should still run in my home network.

Therefore the server running matterbridge should have access to both networks.

Option 1: It should look for devices in the home network (lets say via matterbrige-shelly) but expose the matter stuff to the guest network. In this scenario it would be necessary to be able to configure which network to use for lookup and which for exposing matter.

Option 2: It is also okay if matterbridge looks into both networks and exposes to both networks. In this case it is not necessary to configure which network to use but matterbridge should be able to deal with both (or in case there are more with all?) networks. Perhaps this already works, but I doubt and do not want to try out in a "production"-like situation.

Is there any chance to implement this feature? I would prefer Option 1, since the user can see in the options whats going on and prevents the danger of exposing things to networks you don't want it and avoid lookup in networks you do not want to look into.

Perhaps this is also a bad idea. If so, please tell me why.

[Apollon77]

in fact configure the host where matterbridge runs on to to be in both networks and simply do not limit the used network. usually it is more stable to just use one network to operate on but basically at least matter,js also can be configured to use all interfaces.

In the end you also need to consider future use cases where matterbridge is one of your matter devices and all paired into a fabric, so potentially also with mobile devices or hubs ... in the end between all of them UDP messages need to be able to freely flow. Also later with "bindings" or "scenes" it is also ablot UDP multicasting messages or matterbridge talking to other devices via bindings or a switch communicates to matterbridge.

I think one of the main topics with Matter in general is that such security thoughts need to be rethought because yes for sure your ideas work in theory and in general biut will bring several limitations that you might also not want to have on the long run.

[Luligu]

Hi,
I understand your security/privacy issues with Alexa...

For Matter I agree with Apollon.

I just add that, concerning shelly plugin, you should not have any issues when the shellies are reachable from Matterbridge and mdns is correctly working to discover them.