using PGM3 with NAT

Guest · 06 Juni 2010, 01:24:30

Originally posted by: <email address deleted>

I installed PGM3 on my server, and the FHEM is running on my host pc.
I use dydns to keep my address public and I did a NAT configuration to get
the server connection NATT-ed to the 7072 port.
It gives me a weird time out.
Did somebody try a similar configuration?
It works fine locally.

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 06 Juni 2010, 02:43:55

Originally posted by: <email address deleted>

On 06/06/2010 01:24 AM, Paolo Di Prodi wrote:
> I installed PGM3 on my server, and the FHEM is running on my host pc.
> I use dydns to keep my address public and I did a NAT configuration to
> get the server connection NATT-ed to the 7072 port.
> It gives me a weird time out.
> Did somebody try a similar configuration?
> It works fine locally.

"locally" means 127.0.0.1? Did you set the "global" flag?
kai

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 06 Juni 2010, 22:28:23

Originally posted by: <email address deleted>

On 6 Jun., 01:24, Paolo Di Prodi wrote:
> It works fine locally.

pgm3 and fhem are on different machines and it works?
Then you have no problem with fhem or pgm3.

Normally you have something like a DSL-Box like a AVM-Fritzbox. This
has a dyndns-Address and a port forwarding to port 80 (better 443,
https) of the pgm3-machine -- ready. You NAT-Firewall should do the
same.

Sometimes you can not use the dyndns-address from inside your network.
Test it with external devices like a smartphone.

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 06 Juni 2010, 22:31:52

Originally posted by: <email address deleted>

On 6 Jun., 01:24, Paolo Di Prodi wrote:
> I installed PGM3 on my server, and the FHEM is running on my host pc.
> I use dydns to keep my address public and I did a NAT configuration to get
> the server connection NATT-ed to the 7072 port.

ok, you should do port forwarding to port 80 (443) of the pgm3-
machine, not to fhem on 7072

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 06 Juni 2010, 22:59:22

Originally posted by: <email address deleted>

Oky a little summary.
PGM3 is on my server here (shared hosting):
http://myhostedserver.com/pgm3/ <http://robomotic.com/pgm3/>
<http://robomotic.com/pgm3/>the config.php was set to 7072 which is the
listening port of fhem on my local (127.0.0.1) machine.
My machine is in my home network.
I have configured the router to update its IP to:
xxxxx.home.dyndns.org
by using dyndns service.

On my local machine fhem works fine:
http://localhost:8083/fhem
and I can do everything.
The perl server running on port 7072 works fine, if I telnet:
epokh@epokh-laptop:~/Programs/fhem-4.9$ telnet localhost 7072
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
help

My IPTables is switched off and I can access localhost:7072 also from other
computers in my home network.

The problem now is to NAT so that from outside pgm can access to the
localhost:7072.
So for example I tried to change ports in case the provider was blocking
some.
For example in pgm3/config.php on my hosted server I even tried to change
port 53000 and then forward 53000 -> 7072
and several other ports including the 80->7072.
It just refuses to connect.
I also disabled the firewall on the router, but still nothing, even testing
with somebody from other networks.

What is the global flag?

2010/6/6 Martin Haas

> On 6 Jun., 01:24, Paolo Di Prodi wrote:
> > I installed PGM3 on my server, and the FHEM is running on my host pc.
> > I use dydns to keep my address public and I did a NAT configuration to
> get
> > the server connection NATT-ed to the 7072 port.
>
> ok, you should do port forwarding to port 80 (443) of the pgm3-
> machine, not to fhem on 7072
>
> --
> Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM
> users beigetreten sind.
> Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine
> E-Mail an fhem-users@googlegroups.com.
> Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an
> fhem-users+unsubscribe@googlegroups.com
> .
> Besuchen Sie die Gruppe unter
> http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu
> erhalten.
>
>

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 07 Juni 2010, 00:11:40

Originally posted by: <email address deleted>

On 06/06/2010 10:31 PM, Martin Haas wrote:
> On 6 Jun., 01:24, Paolo Di Prodi wrote:
>> I installed PGM3 on my server, and the FHEM is running on my host pc.
>> I use dydns to keep my address public and I did a NAT configuration to get
>> the server connection NATT-ed to the 7072 port.
>
> ok, you should do port forwarding to port 80 (443) of the pgm3-
> machine, not to fhem on 7072

Maybe Paolo can fill in the gaps by a diagram or something? Question is
where ist your PGM3 running, on "fhem-box" or "other-box"?

From memory (Martin will correct me if I'm wrong), the *local* setup
would be:

"pgm3-box": runs the pgm3 package. pgm3 connects to "fhem-box" on 7072 for fhem data
"fhem-box": runs the fhem package (can be identical to "pgm3-box"), needs to be con-
figured to hat "pgm3-box" access fhem's port 7072.

If that works, you should be able to connect to "http://pgm3-box:80/" (or at whatever
port pgm3 is listeing) and have current data from fhem presented in the pgm3 UI.

To be able to access the pgm3 UI from "the Internet", you need to expose the socket
(local IP and port) of pgm3 via your router, *not* that of fhem and especially not
fhem's port 7072!

HTH,
kai

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 07 Juni 2010, 09:42:18

Originally posted by: <email address deleted>

On 6 Jun., 22:59, Paolo Di Prodi wrote:
>
> What is the global flag?

attr global port 7072 global
in fhem.cfg

Then you are able to access fhem from outside your local machine. It
was considered to use it from local network.
BE WARNED. It is a very insecure way to access fhem from the
internet!!

Try telnet 7072 from the Internet-Server. If this would be
successful, then pgm3 should work.
pgm3 only asks fhem for his xmllist on port 7072.

pgm3 should run on local network. Then you can access it with dyndns
and password from everywhere (on port 80/443) in a secure way.

Martin

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 07 Juni 2010, 12:25:49

Originally posted by: <email address deleted>

Hi,

On 06/06/2010 10:59 PM, Paolo Di Prodi wrote:

> Oky a little summary.
> PGM3 is on my server here (shared hosting):
> <http://robomotic.com/pgm3/>

>the config.php was set to 7072 which is the
> listening port of fhem on my local (127.0.0.1) machine.

Err... 127.0.0.1 is always "thishost", so on box-a "telnet 127.0.0.1 7072"
connects to port 7072 on box-a, "telnet 127.0.0.1 7072" on box-b connects
to port 7072 on box-b ...

> My machine is in my home network.

I assume "my machine" is the same as "my local (127.0.0.1) machine" above?

> I have configured the router to update its IP to:
> xxxxx.home.dyndns.org
> by using dyndns service.

Okay ...

> On my local machine fhem works fine:
> http://localhost:8083/fhem
> and I can do everything.
> The perl server running on port 7072 works fine, if I telnet:

Er, just a quick note: the service on port 8083 is also served by Perl, that
is the FHEMWEB module of FHEM via fhem.pl.

> epokh@epokh-laptop:~/Programs/fhem-4.9$ telnet localhost 7072
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> help

So, "epokh-laptop" is "my machine" and "my local (127.0.0.1) machine" above, the
box where FHEM is installed and running? Do you have more machines on your local
network, so that you could test "telnet epokh-laptop 7072" from there?

> My IPTables is switched off and I can access localhost:7072 also from
> other computers in my home network.

This can not be. As said above, 127.0.0.1 is always denoting the local machine,
unless you really tried hard to produce a lot of confusion, you MUST mean "I can
access epokh-laptop:7072 also from other computers in my home network." Please
confirm this.

> The problem now is to NAT so that from outside pgm can access to the
> localhost:7072.

localhost:7072 in this sentence would refer to port 7072 on your router (as this
is where NAT's happening and therefore "localhost" (127.0.0.1) is being computed).
Unless FHEM is really running there (and not on "epokh-laptop"), your setup can't
work.

> So for example I tried to change ports in case the provider was blocking
> some.
> For example in pgm3/config.php on my hosted server I even tried to
> change port 53000 and then forward 53000 -> 7072
> and several other ports including the 80->7072.
> It just refuses to connect.
> I also disabled the firewall on the router, but still nothing, even
> testing with somebody from other networks.
> What is the global flag?

"attr global port 7072 global" needs to be set in fhem.cfg to access this port
not only in the 127.0.0.1 context.

So, to get things straight, your setup *should* be something like this:

PGM3 is installed at robomotic.com [174.136.50.158]. PGM3 is configured to
access FHEM (for the sake of argument) at xxxxx.home.dyndns.org (which I de-
fine to be pointing to 192.0.2.188 for this text), Port 7072.

Your home network (I assume it to be 192.168.1.0/24 here) is connected to
the Internet by DSL or similar, you're only receiving one public IP for
your router. Therefore, your router is doing NAT from your home network to
the router's public IP address and also maintains the updating of your Dyn-
DNS-Name xxxxx.home.dyndns.org. (So in this text, you router's public IP would
be 192.0.2.188 and xxxxx.home.dyndns.org points to that IP address as well.)

With this setup, you can surf the 'net but no-one can connect from the Inter-
net to anywhere in your home network.

You are running on "epokh-laptop", which *always* has the IP address 192.168.1.2
on your local network (either via fixed setting on the box or a "sticky" setting
in your router's DHCP configuration), the FHEM package. You have configured it
correctly, so that you can do "telnet epokh-laptop 7072" from other nodes on your
local network.

If other nodes on your local network, *especially* your router, can access
epokh-laptop:7072 (which would be identical to 192.168.1.2:7072 in the example),
you can proceed to the next step: enabling outside access to FHEM.

But first: *do* verify that the above criteria are met. You *must* be able to
connect to FHEM's port 7072 from another box on your network and it *must not*
contain "localhost" or "127.0.0.1" in this connection. (Well, it *should* work
with "attr global port 7072 global" in fhem.cfg, but please verify the function!)

As for enabling the "remote access" feature depends on your (not yet mentioned)
router model, I just give the basic instructions: You need to make sure that your
router will forward connections from anywhere to port 7072 on it's public IP to
"epokh-laptop" on port 7072 or, if there cannot be a name but only an IP address,
192.168.2.1 port 7072 in this example. After doing so, PGM3 installed at robomotic.com
should be able to access you FHEM's command port. Please note that *nowhere* in
this configuration "127.0.0.1" or "localhost" shows up ...

Basic diagramm:

robomotic.com:* [174.136.50.158] (fixed public IP)
| ^
v |(NAT 192.168.1.2 -> 192.0.2.188)
xxxxx.home.dyndns.org:7072 [192.0.2.188] (dynamic public IP, WAN (DSL) side)
| ^ [192.168.1.1] (fixed private IP, LAN side)
| |
v |
epokh-laptop:7072 [192.168.1.2] (fixed private IP)

Please be aware that, with that basic setup, *anyone* can connect to your FHEM
and that FHEM does not feature any access restrictions itself. Using a different
port obscures this, but it's not preventing access. If both boxes are Linux- or
Unix-driven, you might want to consider using tunnel techniques, e. g. using stunnel
or ssh to establish a tunnel *from* your box that runs FHEM to your shared hosting
server. That way, you don't need to open ports to be accessed from the Internet into
your LAN. To explain this, here's a demo setup:

greebo: Laptop on my LAN running Linux (LAN is connected by VDSL; NAT is used outbound)
plug-2: Server on my LAN running Linux & FHEM (yepp, it's a SheevaPlug, hence the name)
probe-us1.0xdecafbad.net: A vServer on the Internet I rented

wusel@greebo:~$ telnet plug-2 7072
Trying 192.168.5.239...
Connected to plug-2.uu.org.
Escape character is '^]'.
list WS3600_Forecast
Internals:
CODE WS_WS3600_Forecast
DEF WS_WS3600_Forecast
IODev WS3600
LASTIODev WS3600
MSGCNT 813
NAME WS3600_Forecast
NR 130
SENSTYPE WSx
STATE Rainy
TYPE WSx
WS3600_MSGCNT 813
WS3600_TIME 2010-06-07 11:48:20
Readings:
2010-06-07 11:48:20 DEVFAMILY WS3600
2010-06-07 11:48:20 DEVTYPE forecast
2010-06-07 11:48:20 forecast Rainy
Attributes:
room Wohnen

probe-us1.0xdecafbad.net can't reach the FHEM box as it's behind a NAT. But
by creating an SSH tunnel, originating from my FHEM box to the vServer, that
system can access FHEM:

root@plug-2:~# ssh -R 7072:127.0.0.1:7072 probe-us1.0xdecafbad.net
Last login: Mon Jun 7 11:57:38 2010 from pxxxxxxxx.dip.t-
Linux probe-us1.0xdecafbad.net 2.6.18-164.11.1.el5.028stab068.5 #1 SMP Mon Mar 15 19:26:36 MSK 2010 i686

[.MOTD spam removed.]
probe-us1:~# telnet 127.0.0.1 7072
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
list WS3600_Forecast
Internals:
CODE WS_WS3600_Forecast
DEF WS_WS3600_Forecast
IODev WS3600
LASTIODev WS3600
MSGCNT 826
NAME WS3600_Forecast
NR 130
SENSTYPE WSx
STATE Rainy
TYPE WSx
WS3600_MSGCNT 826
WS3600_TIME 2010-06-07 12:05:53
Readings:
2010-06-07 12:05:53 DEVFAMILY WS3600
2010-06-07 12:05:53 DEVTYPE forecast
2010-06-07 12:05:53 forecast Rainy
Attributes:
room Wohnen

Due to the way this is set up, only applications local to probe-us1
can utilize that tunnel to FHEM, even without iptables stuff a connection
from outside is not possible (it's the magic of 127.0.0.1 again

).

Bear in mind, though, that in case your public IP changes (in Germany most
DSL lines are cut after 24 hours and you're receiving a different public IP
on reconnection), some care must be taken to restart this tunnel (and maybe
even terminate it's other end first). stunnel might be an alternative to ssh
as well.

Hope that helps,
kai

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

Guest · 08 Juni 2010, 23:39:21

Originally posted by: <email address deleted>

Hello Kai,
that was a perfect walk through. I just changed the attr to global and
worked with my previous configuration which is exactly how you described.

Now I'm intrigued by your tunnelling configuration. I will try to reproduce
that as well!

On 7 June 2010 11:25, Kai 'wusel' Siering wrote:

> Hi,
>
>
> On 06/06/2010 10:59 PM, Paolo Di Prodi wrote:
>
> Oky a little summary.
>> PGM3 is on my server here (shared hosting):
>> <http://robomotic.com/pgm3/>
>>
>
> the config.php was set to 7072 which is the
>> listening port of fhem on my local (127.0.0.1) machine.
>>
>
> Err... 127.0.0.1 is always "thishost", so on box-a "telnet 127.0.0.1 7072"
> connects to port 7072 on box-a, "telnet 127.0.0.1 7072" on box-b connects
> to port 7072 on box-b ...
>
>
> My machine is in my home network.
>>
>
> I assume "my machine" is the same as "my local (127.0.0.1) machine" above?
>
>
> I have configured the router to update its IP to:
>> xxxxx.home.dyndns.org
>> by using dyndns service.
>>
>
> Okay ...
>
>
> On my local machine fhem works fine:
>> http://localhost:8083/fhem
>> and I can do everything.
>> The perl server running on port 7072 works fine, if I telnet:
>>
>
> Er, just a quick note: the service on port 8083 is also served by Perl,
> that
> is the FHEMWEB module of FHEM via fhem.pl.
>
>
> epokh@epokh-laptop:~/Programs/fhem-4.9$ telnet localhost 7072
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> help
>>
>
> So, "epokh-laptop" is "my machine" and "my local (127.0.0.1) machine"
> above, the
> box where FHEM is installed and running? Do you have more machines on your
> local
> network, so that you could test "telnet epokh-laptop 7072" from there?
>
>
> My IPTables is switched off and I can access localhost:7072 also from
>> other computers in my home network.
>>
>
> This can not be. As said above, 127.0.0.1 is always denoting the local
> machine,
> unless you really tried hard to produce a lot of confusion, you MUST mean
> "I can
> access epokh-laptop:7072 also from other computers in my home network."
> Please
> confirm this.
>
>
> The problem now is to NAT so that from outside pgm can access to the
>> localhost:7072.
>>
>
> localhost:7072 in this sentence would refer to port 7072 on your router (as
> this
> is where NAT's happening and therefore "localhost" (127.0.0.1) is being
> computed).
> Unless FHEM is really running there (and not on "epokh-laptop"), your setup
> can't
> work.
>
>
> So for example I tried to change ports in case the provider was blocking
>> some.
>> For example in pgm3/config.php on my hosted server I even tried to
>> change port 53000 and then forward 53000 -> 7072
>> and several other ports including the 80->7072.
>> It just refuses to connect.
>> I also disabled the firewall on the router, but still nothing, even
>> testing with somebody from other networks.
>> What is the global flag?
>>
>
> "attr global port 7072 global" needs to be set in fhem.cfg to access this
> port
> not only in the 127.0.0.1 context.
>
> So, to get things straight, your setup *should* be something like this:
>
> PGM3 is installed at robomotic.com [174.136.50.158]. PGM3 is configured to
> access FHEM (for the sake of argument) at xxxxx.home.dyndns.org (which I
> de-
> fine to be pointing to 192.0.2.188 for this text), Port 7072.
>
> Your home network (I assume it to be 192.168.1.0/24 here) is connected to
> the Internet by DSL or similar, you're only receiving one public IP for
> your router. Therefore, your router is doing NAT from your home network to
> the router's public IP address and also maintains the updating of your Dyn-
> DNS-Name xxxxx.home.dyndns.org. (So in this text, you router's public IP
> would
> be 192.0.2.188 and xxxxx.home.dyndns.org points to that IP address as
> well.)
>
> With this setup, you can surf the 'net but no-one can connect from the
> Inter-
> net to anywhere in your home network.
>
> You are running on "epokh-laptop", which *always* has the IP address
> 192.168.1.2
> on your local network (either via fixed setting on the box or a "sticky"
> setting
> in your router's DHCP configuration), the FHEM package. You have configured
> it
> correctly, so that you can do "telnet epokh-laptop 7072" from other nodes
> on your
> local network.
>
> If other nodes on your local network, *especially* your router, can access
> epokh-laptop:7072 (which would be identical to 192.168.1.2:7072 in the
> example),
> you can proceed to the next step: enabling outside access to FHEM.
>
> But first: *do* verify that the above criteria are met. You *must* be able
> to
> connect to FHEM's port 7072 from another box on your network and it *must
> not*
> contain "localhost" or "127.0.0.1" in this connection. (Well, it *should*
> work
> with "attr global port 7072 global" in fhem.cfg, but please verify the
> function!)
>
>
> As for enabling the "remote access" feature depends on your (not yet
> mentioned)
> router model, I just give the basic instructions: You need to make sure
> that your
> router will forward connections from anywhere to port 7072 on it's public
> IP to
> "epokh-laptop" on port 7072 or, if there cannot be a name but only an IP
> address,
> 192.168.2.1 port 7072 in this example. After doing so, PGM3 installed at
> robomotic.com
> should be able to access you FHEM's command port. Please note that
> *nowhere* in
> this configuration "127.0.0.1" or "localhost" shows up ...
>
> Basic diagramm:
>
> robomotic.com:* [174.136.50.158] (fixed public IP)
> | ^
> v |(NAT 192.168.1.2 -> 192.0.2.188)
> xxxxx.home.dyndns.org:7072 [192.0.2.188] (dynamic public IP, WAN (DSL)
> side)
> | ^ [192.168.1.1] (fixed private IP, LAN side)
> | |
> v |
> epokh-laptop:7072 [192.168.1.2] (fixed private IP)
>
>
>
>
>
>
>
> Please be aware that, with that basic setup, *anyone* can connect to your
> FHEM
> and that FHEM does not feature any access restrictions itself. Using a
> different
> port obscures this, but it's not preventing access. If both boxes are
> Linux- or
> Unix-driven, you might want to consider using tunnel techniques, e. g.
> using stunnel
> or ssh to establish a tunnel *from* your box that runs FHEM to your shared
> hosting
> server. That way, you don't need to open ports to be accessed from the
> Internet into
> your LAN. To explain this, here's a demo setup:
>
> greebo: Laptop on my LAN running Linux (LAN is connected by VDSL; NAT is
> used outbound)
> plug-2: Server on my LAN running Linux & FHEM (yepp, it's a SheevaPlug,
> hence the name)
> probe-us1.0xdecafbad.net: A vServer on the Internet I rented
>
> wusel@greebo:~$ telnet plug-2 7072
> Trying 192.168.5.239...
> Connected to plug-2.uu.org.
> Escape character is '^]'.
> list WS3600_Forecast
> Internals:
> CODE WS_WS3600_Forecast
> DEF WS_WS3600_Forecast
> IODev WS3600
> LASTIODev WS3600
> MSGCNT 813
> NAME WS3600_Forecast
> NR 130
> SENSTYPE WSx
> STATE Rainy
> TYPE WSx
> WS3600_MSGCNT 813
> WS3600_TIME 2010-06-07 11:48:20
> Readings:
> 2010-06-07 11:48:20 DEVFAMILY WS3600
> 2010-06-07 11:48:20 DEVTYPE forecast
> 2010-06-07 11:48:20 forecast Rainy
> Attributes:
> room Wohnen
>
> probe-us1.0xdecafbad.net can't reach the FHEM box as it's behind a NAT.
> But
> by creating an SSH tunnel, originating from my FHEM box to the vServer,
> that
> system can access FHEM:
>
> root@plug-2:~# ssh -R 7072:127.0.0.1:7072 probe-us1.0xdecafbad.net
> Last login: Mon Jun 7 11:57:38 2010 from pxxxxxxxx.dip.t-
> Linux probe-us1.0xdecafbad.net 2.6.18-164.11.1.el5.028stab068.5 #1 SMP Mon
> Mar 15 19:26:36 MSK 2010 i686
>
> [.MOTD spam removed.]
> probe-us1:~# telnet 127.0.0.1 7072
>
> Trying 127.0.0.1...
> Connected to 127.0.0.1.
> Escape character is '^]'.
> list WS3600_Forecast
> Internals:
> CODE WS_WS3600_Forecast
> DEF WS_WS3600_Forecast
> IODev WS3600
> LASTIODev WS3600
> MSGCNT 826
> NAME WS3600_Forecast
> NR 130
> SENSTYPE WSx
> STATE Rainy
> TYPE WSx
> WS3600_MSGCNT 826
> WS3600_TIME 2010-06-07 12:05:53
> Readings:
> 2010-06-07 12:05:53 DEVFAMILY WS3600
> 2010-06-07 12:05:53 DEVTYPE forecast
> 2010-06-07 12:05:53 forecast Rainy
> Attributes:
> room Wohnen
>
> Due to the way this is set up, only applications local to probe-us1
> can utilize that tunnel to FHEM, even without iptables stuff a connection
> from outside is not possible (it's the magic of 127.0.0.1 again

).
>
> Bear in mind, though, that in case your public IP changes (in Germany most
> DSL lines are cut after 24 hours and you're receiving a different public IP
> on reconnection), some care must be taken to restart this tunnel (and maybe
> even terminate it's other end first). stunnel might be an alternative to
> ssh
> as well.
>
> Hope that helps,
> kai
>
> --
> Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM
> users beigetreten sind.
> Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine
> E-Mail an fhem-users@googlegroups.com.
> Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an
> fhem-users+unsubscribe@googlegroups.com
> .
> Besuchen Sie die Gruppe unter
> http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu
> erhalten.
>
>

--
Sie haben diese Nachricht erhalten, da Sie der Google Groups-Gruppe FHEM users beigetreten sind.
Wenn Sie Nachrichten in dieser Gruppe posten möchten, senden Sie eine E-Mail an fhem-users@googlegroups.com.
Wenn Sie aus dieser Gruppe austreten möchten, senden Sie eine E-Mail an fhem-users+unsubscribe@googlegroups.com.
Besuchen Sie die Gruppe unter http://groups.google.com/group/fhem-users?hl=de, um weitere Optionen zu erhalten.

FHEM Forum

using PGM3 with NAT

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest