← Back to Blog
RUENZHESARPTDEFRJAKOITTRIDVIFAHI

Proxies for IoT Devices: How to Set Up Smart Cameras and Robot Vacuums via Router

Smart devices in homes and offices collect data and send it to the manufacturer β€” but with a proxy through a router, you control the traffic and protect the network. We explain how to set this up.

πŸ“…May 3, 2026
```html

Smart cameras, robotic vacuum cleaners, thermostats, and other IoT devices are constantly connecting to the internet β€” and not always where you expect. Setting up a proxy at the router level allows you to control all outgoing traffic from smart devices, hide the real IP of the network, and bypass regional restrictions without installing any software on the device itself. In this article, we will discuss why this is necessary, which proxies are suitable, and how to set everything up step by step.

Why IoT Devices Need a Proxy

Most users do not even think about where their smart devices are "calling home." Meanwhile, Chinese robotic vacuum cleaners like Roborock, Dreame, and Xiaomi regularly send maps of rooms and route data to the manufacturer's servers. IP cameras from Hikvision, Dahua, and Reolink connect to cloud services for remote viewing. Smart plugs, bulbs, and thermostats synchronize with foreign servers.

A proxy server set up at the router level solves several tasks at once:

  • Hides the real IP of your network β€” the device manufacturer sees the proxy IP, not your home address.
  • Bypasses geo-restrictions β€” some features of smart devices are only available in certain countries. A proxy with the required geolocation unlocks full functionality.
  • Controls outgoing traffic β€” you can see which servers each device is connecting to.
  • Protects against surveillance β€” especially relevant for cameras and devices with microphones.
  • Allows testing device behavior β€” useful for those monitoring smart homes or selling IoT equipment.

A separate scenario is business use. If you manage a network of several offices or warehouses with IoT equipment (surveillance cameras, sensors, smart locks), a proxy through the router allows you to centrally manage the IP addresses of the entire infrastructure. This is convenient from both a security and administrative standpoint.

It is important to understand:

IoT devices cannot be configured directly β€” they lack an interface for entering a proxy. The only way to route their traffic through a proxy is to set it up at the router level so that all devices on the network automatically use the required server.

Which Type of Proxy to Choose for Smart Devices

Not all types of proxies are equally suitable for IoT. Let's discuss the options and their applicability to smart devices:

Proxy Type Pros for IoT Cons Suitable for
Residential Real IPs of home users, high trust More expensive, speed may vary Cameras, devices with cloud access
Mobile Carrier IPs, maximum platform trust Most expensive option Bypassing strict geo-restrictions
Data Center High speed, stability, low cost Easily identified as proxies Monitoring, testing, tasks without strict checks

For most tasks with smart home devices, the optimal choice is residential proxies. They have real IP addresses of home users, which means minimal risk of blocking by the manufacturer's cloud services. When your smart camera connects to the internet through a residential IP, it appears to the manufacturer's server as an ordinary home user.

If the task is to bypass strict regional blocking (for example, to unlock features of a smart device available only in the USA or Europe), consider mobile proxies β€” they have mobile carrier IPs and are rarely blacklisted.

For monitoring tasks, testing IoT infrastructure, or working with devices that do not have strict checks, data center proxies will suffice β€” they provide high speed and stability at a lower cost.

How to Set Up a Proxy via Router: Step-by-Step Instructions

Setting up a proxy on the router is the only way to cover all IoT devices in the network without the need to configure each one separately. Let's look at several popular scenarios.

Option 1: Routers with OpenWRT / DD-WRT Firmware

This is the most flexible option. OpenWRT and DD-WRT firmware support the installation of additional packages, including proxy clients. If your router supports one of these firmwares (ASUS, TP-Link, Netgear, and many others), you gain full control over the traffic.

Step 1. Access the web interface of the router. The usual address is 192.168.1.1 or 192.168.0.1.

Step 2. Go to the System β†’ Software section (in OpenWRT) or Administration β†’ Commands (in DD-WRT).

Step 3. Install the redsocks package β€” this is a utility for transparent proxying of traffic through SOCKS5 or HTTP proxy.

opkg update
opkg install redsocks

Step 4. Edit the configuration file /etc/redsocks.conf. Specify your proxy server details:

base {
  log_debug = off;
  log_info = on;
  daemon = on;
  redirector = iptables;
}

redsocks {
  local_ip = 0.0.0.0;
  local_port = 12345;
  ip = YOUR_PROXY_IP;
  port = YOUR_PORT;
  type = socks5;
  login = "YOUR_LOGIN";
  password = "YOUR_PASSWORD";
}

Step 5. Configure iptables to redirect traffic through redsocks. You can redirect all traffic or only from specific IP addresses (for example, only from your camera's IP):

# Redirecting traffic from a specific device (Camera IP: 192.168.1.50)
iptables -t nat -A PREROUTING -s 192.168.1.50 -p tcp -j REDIRECT --to-ports 12345

# Or redirecting all network traffic (except the router itself)
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 12345
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 12345

Step 6. Start redsocks and add it to the autostart:

/etc/init.d/redsocks start
/etc/init.d/redsocks enable

Option 2: ASUS Routers with Merlin Firmware

The Asuswrt-Merlin firmware (for ASUS RT series routers) supports scripts and allows you to set up a proxy through the built-in manager. The principle is the same β€” install redsocks or a similar tool via the Entware package manager, which integrates into Merlin.

Steps: connect a USB drive to the router β†’ install Entware through the Administration β†’ Scripts section β†’ install redsocks via opkg β†’ configure the config similarly to the example above.

Option 3: Raspberry Pi as a Proxy Gateway

If your router does not support custom firmware, you can use a Raspberry Pi as an intermediary gateway. The Raspberry Pi connects between the router and devices, routing traffic through the proxy. This is a more flexible solution that does not require changing the router's firmware.

The same stack is installed on the Raspberry Pi: redsocks + iptables. IoT devices connect to the network through the Raspberry Pi, which automatically proxies their traffic.

Smart Cameras: Setup Features and Risks

IP cameras are among the most "talkative" IoT devices. They constantly maintain a connection with cloud servers for remote access, send motion notifications, and synchronize recordings. Popular models include Hikvision, Dahua, Reolink, Xiaomi Mi Camera, Ezviz, and TP-Link Tapo.

The main scenarios for using a proxy for smart cameras are:

  • Hiding the real IP of the monitored object β€” important for corporate entities and individuals who do not want to disclose their location.
  • Access to features blocked in the region β€” some cloud services for cameras only work in certain countries.
  • Monitoring multiple objects through a single proxy β€” convenient for security companies managing cameras at different locations.
  • Protection against DDoS attacks on IP cameras β€” the real IP is hidden behind the proxy.

⚠️ Important Warning:

Some IP cameras use the UDP protocol for video stream transmission. Standard HTTP/SOCKS5 proxies only work with TCP. To proxy UDP traffic, a VPN tunnel or specialized solutions will be required. Check the protocols used by your camera before setting up the proxy.

For cameras that use the RTSP protocol (most Hikvision and Dahua), a router-level proxy works correctly β€” RTSP is transmitted over TCP. For P2P cameras (Xiaomi, Ezviz, TP-Link Tapo), the situation is more complicated: they use proprietary protocols, some of which operate over UDP.

Practical advice: if you need to hide the IP for the camera's control traffic (settings, notifications, cloud synchronization), a proxy through the router will handle the task. If you need to proxy the entire video stream β€” consider using a VPN as a supplement to the proxy.

Robotic Vacuum Cleaners and Other Smart Gadgets

Robotic vacuum cleaners are a special case among IoT devices. Models such as Roborock S series, Dreame L series, Xiaomi Mi Robot, and Ecovacs Deebot actively use the cloud for storing room maps, firmware updates, and synchronizing settings. All this data is sent to the manufacturer's servers β€” usually located in China.

A proxy through the router allows:

  • To hide the real IP and location from the manufacturer
  • To unlock features unavailable in your region (for example, some voice commands or integrations)
  • To monitor which servers the device connects to
  • To block unwanted connections (through a combination of proxy and firewall)

The same logic applies to other smart devices:

Device Where Data is Sent Why a Proxy is Needed
Smart Thermostats (Nest, Tuya) Google, Tuya Cloud Hide IP, bypass regional restrictions
Smart Plugs and Bulbs Manufacturer (Tuya, SmartLife) Traffic control, privacy
Smart Speakers (Amazon Echo, Yandex) Amazon AWS, Yandex servers Privacy of voice queries
Smart TVs (Samsung, LG) Manufacturer + Advertising Networks Access to foreign streaming services
Smart Home Sensors (Zigbee Hubs) Home Assistant, Manufacturer's Cloud Security and control

HTTP vs SOCKS5: What to Choose for IoT

When setting up a proxy for IoT devices through a router, you will encounter a choice of protocol. Here’s what you need to know:

HTTP/HTTPS Proxy

Works only with web traffic (ports 80 and 443). Suitable for devices that communicate with the cloud exclusively through HTTP requests. The advantage is ease of setup and the ability to analyze traffic at the proxy level. The downside is that it does not support non-standard ports and protocols used by some IoT devices.

SOCKS5 Proxy

Operates at a lower level and supports any TCP connections on any ports. This makes SOCKS5 the preferred choice for IoT devices, as they often use non-standard ports and proprietary protocols over TCP. Redsocks, which we mentioned earlier, works with SOCKS5.

Recommendation for IoT:

Use SOCKS5 as the primary protocol for proxying IoT traffic through the router. It covers the maximum number of scenarios and is compatible with most smart devices. Use HTTP proxy only if you are certain that the device operates exclusively through HTTP/HTTPS.

Security and Traffic Control of the Smart Network

Setting up a proxy is just part of the work to ensure the security of the IoT network. For full protection, a comprehensive approach is recommended.

Network Segmentation

Isolate IoT devices into a separate subnet (VLAN). This is standard security practice: if one of the devices becomes compromised, the attacker will not gain access to the main network with computers and smartphones. Most modern routers (ASUS, TP-Link, Mikrotik) support VLAN through the web interface.

Monitoring Outgoing Connections

After setting up the proxy, use monitoring tools to analyze the traffic of IoT devices. On OpenWRT, the tcpdump package is available for packet capture and ntopng for visual monitoring. This will allow you to see which servers your devices are connecting to and block unwanted connections if necessary.

IP Whitelists and Blacklists

By using iptables in conjunction with a proxy, you can create a whitelist of allowed IP addresses for each device. For example, your Reolink camera should only connect to Reolink servers β€” everything else is blocked. This is effective protection against unexpected connections and potential firmware vulnerabilities.

Proxy Authentication

Use a proxy with a username and password β€” this prevents unauthorized use of the proxy server by other devices or people who may gain access to your network. All serious proxy providers support authentication by username/password or by IP address.

Common Problems and How to Solve Them

When setting up a proxy for IoT devices through a router, you may encounter a number of typical problems. Here are the most common ones and how to solve them:

Problem 1: Device Cannot Connect to the Cloud After Proxy Setup

Reason: The device uses certificate pinning β€” an SSL certificate check that prevents it from working through a transparent proxy with certificate substitution.

Solution: Use transparent proxying without SSL inspection (redsocks in SOCKS5 mode without TLS interception). The device will work through the proxy, but the content of the traffic will remain encrypted β€” this is normal for IP hiding tasks.

Problem 2: High Latency When Working Through the Proxy

Reason: The proxy server is geographically far from the device manufacturer's servers.

Solution: Choose a proxy with a geolocation close to the manufacturer's servers. For example, for Chinese devices (Xiaomi, Roborock), use a proxy in Hong Kong or Singapore. For American devices (Amazon, Google) β€” proxies in the USA.

Problem 3: Proxy Works, but UDP Traffic is Not Proxied

Reason: Redsocks and most SOCKS5/HTTP proxies only work with TCP.

Solution: For devices using UDP (some cameras, smart speakers), add a VPN tunnel (WireGuard or OpenVPN on the router) to the proxy. The VPN provides proxying of UDP traffic, and the SOCKS5 proxy is used for TCP.

Problem 4: iptables Rules Reset After Router Reboot

Reason: iptables rules are not automatically saved in most systems.

Solution: Save the rules using iptables-save and add their restoration to the autostart script. In OpenWRT, use the /etc/firewall.user file for persistent rules. 

# Saving iptables rules (Debian/Ubuntu-based systems)
iptables-save > /etc/iptables/rules.v4

# Restoring on boot
iptables-restore < /etc/iptables/rules.v4

Problem 5: Proxy Server Rejects Connections from the Router

Reason: The proxy is set to authenticate by IP, and the router's IP is not whitelisted.

Solution: Either add the router's IP to the proxy provider's whitelist or use username/password authentication in the redsocks configuration (login and password parameters in the config).

Conclusion and Recommendations

Setting up a proxy for IoT devices through a router is not a difficult task for those willing to spend an hour on configuration, but the result is worth it. You gain full control over what data your smart devices send and where, hide the real IP of the network, and bypass regional restrictions if necessary.

Let's summarize the key points:

  • IoT devices cannot be configured directly β€” the proxy is set up on the router
  • The redsocks + iptables tool is a standard solution for OpenWRT/DD-WRT/Merlin
  • SOCKS5 is preferable to HTTP for IoT due to support for non-standard ports
  • For UDP traffic (some cameras), a VPN is needed in addition to the proxy
  • Segment IoT devices into a separate VLAN for added security
  • Choose a proxy with a geolocation close to the device manufacturer's servers

If your task is to hide the real IP of smart devices and ensure maximum trust from the manufacturer's cloud services, we recommend considering residential proxies β€” they use real IPs of home users and rarely raise suspicion with IoT device manufacturers' servers.

```