Yes, I’ve read the voluminous threads regarding this, but there simply doesn’t seem to be an answer.
Trying to set up Vera to be accessed directly via my Linksys wrt54g using port forwarding, and without having to install and setup dyndns.
Set Vera to static ip (.10 on network)
forwarded port 50001 to Vera’s IP (cam is on 50000).
try to access from outside my LAN = “Server stopped responding”
Set vera back to DHCP
port forward to the new IP Vera gets (.100)
same results “Server stopped responding”.
I’ve got a few items already being port forwarded and accessible from outside of my LAN, so I then tried to use their port forwarding settings (since they are known to be working) and point to Vera. Same result as above.
Turns out that my cable provider has, in their infinite wisdom, decided to block ports 80 and 8080 (at least). I have PS3 and panasonic cam running in the high ranges (above 40000) so no issue there.
I figured I just needed to change the port (from 80 to 41000, for example) that Vera’'s http service (lighttpd) was listening on.
Edited /etc/lighttpd.conf and changed default server.port from 80 to 41000. Reboot router.
local access sorta worked (issues loading some components)
BUT won’t load the dashboard. Either says “remote access is not enabled” or JSON error.
Question: am I able to run Vera on a different port than 80 and still have everything work? (can the system take into account a non-standard port)
Question2: rather than run lighttpd on non-standard port, can I somehow re-route traffic internally from port 41000 to 80? An internal port forward, if you will, to get around the port 80 block…
As I have Vera as my Primary Router, I have a similar problem in that I won’t (for security reason) ssh to it from the Internet without redirecting the external port to the internal port. My solution should also apply to your problem
Edit your /etc/firewall.user file with the following lines
/Begin Set Port Forward From WAN Port 41000 to Internal Port 80
Vera is not my primary router, the Linksys is. She is in switch mode…
Vera has a static IP (internal x.10) and its “other” IP is x.81. Linksys port forward working fine, as I can change them and see ports open/closed etc from ShieldsUp probe at grc.com.
Thoughts?
.//A.
[quote=“tt55du, post:3, topic:164497”]anthonyris
As I have Vera as my Primary Router, I have a similar problem in that I won’t (for security reason) ssh to it from the Internet without redirecting the external port to the internal port. My solution should also apply to your problem
Edit your /etc/firewall.user file with the following lines
/Begin Set Port Forward From WAN Port 41000 to Internal Port 80
Don’t you have external and internal ports in port forwarding section? I though it’s pretty standard thing…
How are you going to prevent all bots in the world to go into your Vera and play once you open direct access? I’m kinda hesitating to do it, so I ssh into my router using key pair, and use it as SOCKS proxy to access Vera’s UI.
No. Linksys port forwarding doesn’t distinguish external to internal ports. So you can’t say "take external 41000 traffic and route to x.x.x.x internal machine at port 80.
once (if!) I am able to directly connect, then I can set MAC address and/or IP addy restrictions. With a strong ID/Pass, you end up with decent 2 factor security.
In the end, Vera should behave like just another device on the network.
.//A.
Don’t you have external and internal ports in port forwarding section? I though it’s pretty standard thing…
How are you going to prevent all bots in the world to go into your Vera and play once you open direct access? I’m kinda hesitating to do it, so I ssh into my router using key pair, and use it as SOCKS proxy to access Vera’s UI.[/quote]
Well, if it’s important for you may be it’s a good time to change the router. Get any that supports Tomato firmware, and enjoy the life.
MAC address duplicates easily; you don’t use SSL so I guess you’re sending user/password in plain text; and you’re giving away direct access to http server controlling electrical equipment that potentially can cause fire if driven crazy. There’s a good reason why MCV implemented their remote access in so complicated way.
[quote=“anthonyris, post:4, topic:164497”]Hm, tried this. No go.
Vera is not my primary router, the Linksys is. She is in switch mode…
Vera has a static IP (internal x.10) and its “other” IP is x.81. Linksys port forward working fine, as I can change them and see ports open/closed etc from ShieldsUp probe at grc.com.
Thoughts?
.//A.
[quote=“tt55du, post:3, topic:164497”]anthonyris
As I have Vera as my Primary Router, I have a similar problem in that I won’t (for security reason) ssh to it from the Internet without redirecting the external port to the internal port. My solution should also apply to your problem
Edit your /etc/firewall.user file with the following lines
/Begin Set Port Forward From WAN Port 41000 to Internal Port 80
reboot your router or restart network services.[/quote][/quote]
Ahh, sorry about that, did not realize Vera was in switch mode, What I gave you were rules as if VEra was in router/firewall mode. If you have time you should try to put vera in router/firewall mode and use my rules so that port 41000 coming from the WAN side is redirected to the LAN side at the port you desire. It should not matter if the Vera is plugged in to the Internet or your Linksys, just pass that port through.
Have you ever considered using ssh to you router or even the Vera and tunneling to the Vera Web UI? That’s what I do with great success and security.
I have a similar requirement/problem. I have a linksys router that is my primary router. Vera is in switch mode, with WiFi off. Inside the local network I can access vera fine at x.x.x.230:80. Three problems with this:
Vera web interface can not be configured to use any other port. It’s hardwired to port 80 (brain dead IMHO).
Vera web interface can not be configured for authentication of any kind (eg. username/password) (also brain dead IMHO).
Vera web interface does not support SSL access, so all activity on the web interface is unencrypted (causes a problem for #2).
This forces me to use the MCV remote access which I’d rather not do. I feel safer being able to talk directly to the device.
MHN: when I changed the lightttp.conf file to port 41000, I couldn’t get the UI to load completely/properly via FindVera.com (see note above). Are you using FindVera.com as well?
Without Findvera.com, you lose access to archived pics, energy monitor, etc. so I was trying to have both.
.//A.
[quote=“mhn, post:10, topic:164497”]1) I think you can change the web port in /etc/lighttpd.conf .
Setup - Users - Require a username and password to access Vera from within my home network.
[quote=“anthonyris, post:12, topic:164497”]MHN: when I changed the lightttp.conf file to port 41000, I couldn’t get the UI to load completely/properly via FindVera.com (see note above). Are you using FindVera.com as well?
Without Findvera.com, you lose access to archived pics, energy monitor, etc. so I was trying to have both.
.//A.
[quote=“mhn, post:10, topic:164497”]1) I think you can change the web port in /etc/lighttpd.conf .
Setup - Users - Require a username and password to access Vera from within my home network.
I have https on a non 443 port and username to access Vera.
Regards
Morten[/quote][/quote]
Vera’s main http server has to run on port 80 for findvera.com to work.
But you can start also another web server that will run on another port.
Just Copy Paste this in your vera command line:
Vera’s main http server has to run on port 80 for findvera.com to work.
But you can start also another web server that will run on another port.
Just Copy Paste this in your vera command line:
Vera uses multiple PORTS for local access … Vera though the MCV servers uses a trick to talk through a single tunnel back to the local Vera.
PORT FORWARDING IS EXTREMELY DANGEROUS!
ITS LIKE LEAVING YOUR DOOR OPEN IN A BAD NEIGHBORHOOD WITH YOUR FLAT SCREEN BLASTING VISIBLE THROUGH THE DOOR.
AND A SIGN OUTSIDE THAT INDICATES YOUR ARE FOR GUN CONTROL!
People that PORT FORWARD provide the hackers with systems that are used to launch other attacks on the network.
Don’t do it and don’t tell others how to do it!
Best Home Automation shopping experience. Shop at Ezlo!
)