Are you actually accessing the Wemo from outside the network? Or is the Wemo simply sending messages to your phone. If the Wemo establishes the link first then remote access is simply allowed because you have internal device that has made the connection.. in other words this is just like retrieving info from a website.. you don't need ports opened for that work.. what you do need is the firewall not to block them. The TC has no firewall so I would say once a link is established.. in to outside world then outside device can link back in.
I don't have one and haven't read the manual.. so I am guessing, but if it works I would be very very happy.. port forwarding on the TC is rather a nightmare. If you are concerned about security then don't be.. only the device that the Wemo calls will be allowed to access.. anything else will be blocked by NAT.
Many thanks for your reply LaPastengue
I have tested remote access when I am away from home on someone else's network as well as switching off wifi on my iPhone and connecting via G3. I am a bit concerned about security but since I am working with Apple and Belkin products I am to some extent satisfied that everything is OK. I would just like to understand what is happening as my limited knowledge of the subject leads me to believe that external connection to devices on my home network need my permission by opening the required ports on my Time Capsule.
If I could understand this I think I would be happy.
Hmm.. I would still be surprised if you can get access without knowing anything.
ie.. simply try hammering on the front door of the router.. from a friends PC.. link to your public IP and see if you can access the Wemo.. without knowing anything else.. without access to the belkin website.. simply try and ping it, or open a webpage to it.. and see. All the tests over internet to see if ports are open are extremely dubious. But they proved to have no response.. that means the access is via the server that belkin runs.. and I presume that requires a username and password.. or some security to access.. if so then your system is perfectly fine..
If you want external devices to access btw.. there is only one way to do it.. by opening ports.. but you are thinking opening ports has to be done by you.. that is not the case. The Wemo opens a link to server. Without a firewall that is certainly easy.. and you link to the wemo via the server.. this is the same method used by teamviewer and many of the remote access softwares. Even BTMM and iCloud actually operates this way.. you do not open ports.. in the standard setup it works by internal device linking to a server.. and then you link from external connection via icloud back to the TC.. same thing. No ports got opened.. but the TC itself opened a bridge because you put in your cloud ID.