gsrbob Posted July 2, 2017 Posted July 2, 2017 Hello everyone. Noob checking in. I can't seem to get my ISY set up for remote access. I have tried port forwarding with no luck. I tried both ports (http & https) i had configured in ISY with the same results. Any help would be much appreciated.
paulbates Posted July 2, 2017 Posted July 2, 2017 Hi and welcome to the forums I would recommend simplifying things and retrying ISY uncheck UPNP Leave its http port @ 80 and https @ 443 Arris Look at page 63 of the manual Make a rule that maps to the internal 443 at your internal server address maps to your "mystery port" to all addresses externally For your security, under no circumstances open port 80 to the internet, even mapped to a "mystery port" Give that a try and see if it helps Paul
paulbates Posted July 3, 2017 Posted July 3, 2017 I would think it should. However I've been on the ISY Portal for a few years and closed all my external router ports then. Is there a neighbor's you could try this on their pc/internet? Edit: You can use the Arris's guest wifi network and attach you iphone to that. It will behave the same as an external client. Paul
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 I tried it on my local network with the ports i entered on the configuration and it works but when I switch to my cellular data no dice. I really want the isy portal for echo & iftt integration but i just spent a grip on the isy, echo, & switches! Have to wait for payday
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 I will have to tinker with it some more when i get home. Thanx for the help Paul! I appreciate it and hope to get it going later.
Scottmichaelj Posted July 3, 2017 Posted July 3, 2017 I think we could help more with screenshots with the ports back to the defaults like Paul said so everything is not blurred out. Then we can make sure you have everything in the right spots on the Arris. Then once that works slowly add back your ports. At the end of the day anyone really can randomly scan your external network/ports so IMHO a stong username and password is better then ports. Also like Paul says no 80!
larryllix Posted July 3, 2017 Posted July 3, 2017 I will have to tinker with it some more when i get home. Thanx for the help Paul! I appreciate it and hope to get it going later. In addition... with port 443 it is a secure port so your URL on your remote or mobile to address the port forward has to start with https:/www.xxx.yyy.zzz:443 ...Note "s"
paulbates Posted July 3, 2017 Posted July 3, 2017 A couple of things.. is it working? Its important that you not use port 80, which is for un-encrypted http:// traffic. You don't want that going out on the open internet. Port 80 is unencrypted (http:), and port 443 is encrypted (https://). On the Arris config page, replace all of the 80s with 443s. When you try to access your isy, you'll need to use your public ipaddress like this https://a.b.c.d (replace a.b.c.d with whatever you internet IP is) PS. Love the Pringle's Icon. My Dad was a P&G lifer. I got to see the prototype Pringles making machine as a kid. He had a patent or two on it IIRC. Edit: Uncheck UPNP on the ISY Network config Paul
stusviews Posted July 3, 2017 Posted July 3, 2017 If you using an Echo and IFTTT as stated in your post #5, then you probably have a portal. The portal itself provides a secure off-site connection. And it works on a smartphone. All you need is a browser on your phone
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 A couple of things.. is it working? Its important that you not use port 80, which is for un-encrypted http:// traffic. You don't want that going out on the open internet. Port 80 is unencrypted (http:), and port 443 is encrypted (https://). On the Arris config page, replace all of the 80s with 443s. When you try to access your isy, you'll need to use your public ipaddress like this https://a.b.c.d (replace a.b.c.d with whatever you internet IP is) PS. Love the Pringle's Icon. My Dad was a P&G lifer. I got to see the prototype Pringles making machine as a kid. He had a patent or two on it IIRC. Edit: Uncheck UPNP on the ISY Network config Paul Let me give it a shot!
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 If you using an Echo and IFTTT as stated in your post #5, then you probably have a portal. The portal itself provides a secure off-site connection. And it works on a smartphone. All you need is a browser on your phone Still need to purchase the isy portal module i believe for iftt and echo integration.
Scottmichaelj Posted July 3, 2017 Posted July 3, 2017 Still need to purchase the isy portal module i believe for iftt and echo integration. Yes. Well worth the cost.
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 Still no dice . Tried setting everything multiple times with no luck. Does Internet Access need to be enabled? I have tried numerous times in the file drop down to enable it with no luck.
paulbates Posted July 3, 2017 Posted July 3, 2017 Do you know your internet IP to your network? (not 192.168.0.19)
Scottmichaelj Posted July 3, 2017 Posted July 3, 2017 Still no dice . Tried setting everything multiple times with no luck. Does Internet Access need to be enabled? I have tried numerous times in the file drop down to enable it with no luck. Do you know your internet IP to your network? (not 192.168.0.19) Pauls right make sure your using your EXTERNAL IP address. A site like whatsmyip.org will show you.
stusviews Posted July 3, 2017 Posted July 3, 2017 Still need to purchase the isy portal module i believe for iftt and echo integration. The portal will solve your needs, for both using an Echo and integrating IFTTT. And no router settings are needed at all for secure off-site access to the ISY. OTOH, if you want/need off-site access, then you'll need a services, paid such as Dyn.com or a free service. Do not use you external IP address for both security reasons and, unless you're paying for a static IP address, your external IP address is subject to change at a random time.
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 The portal will solve your needs, for both using an Echo and integrating IFTTT. And no router settings are needed at all for secure off-site access to the ISY. OTOH, if you want/need off-site access, then you'll need a services, paid such as Dyn.com or a free service. Do not use you external IP address for both security reasons and, unless you're paying for a static IP address, your external IP address is subject to change at a random time. Oh i see now. So i would need a dns service to enable port forwarding? Sux that i have to pay for that service, i was under the impression remote access was possible by setting up port forwarding on my router
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 Pauls right make sure your using your EXTERNAL IP address. A site like whatsmyip.org will show you. I need to try that. I was following the YouTube video that was provided by UDI I believe, i am still learning how this port forwarding works as well as all sorts of other things associated with it so please forgive me for my lack of knowledge on the matter. I really appreciate the feedback and i am confident i will get this. I wish i could have stayed up later last night but i had to be up early for work :/
larryllix Posted July 3, 2017 Posted July 3, 2017 Oh i see now. So i would need a dns service to enable port forwarding? Sux that i have to pay for that service, i was under the impression remote access was possible by setting up port forwarding on my router No. A DDNS service is not required. DNS is Dynamic Name Server and browsers use that to convert text URLs into IP addresses. Google's http://8.8.8.8 is an example DDNS is a service you subscribe to, that converts your IP address only into a personalised URL. Port forwarding is a service your router performs to transform an ouside request coiming to your router on your ISP IP address with a particular port number, into any port number and IP address on your LAN (internal) that will be your ISY address and port setup in your ISY (usually 443, and 192.168.0.xxxx) DDNS is an external service that requires some app inside your LAN (sometimes inside your router) that sends an occasional "Hi--it's me at IP address www.xxx.yyy.zzz " to a DDNS service. When you want to access your ISY you would use a permanent and personalised URL for the DDNS server that it will translate into your ISP given IP address for your router. The advantage of this is when your ISP gives you a new IP address it keeps track of it for you. You still need port forwarding or another technique to get through your router firewall. You end up will your own personal website URL address like this. https://grsbob.freeDDNSservice.com:443
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 No. A DDNS service is not required. DNS is Dynamic Name Server and browsers use that to convert text URLs into IP addresses. Google's http://8.8.8.8 is an example DDNS is a service you subscribe to, that converts your IP address only into a personalised URL. Port forwarding is a service your router performs to transform an ouside request coiming to your router on your ISP IP address with a particular port number, into any port number and IP address on your LAN (internal) that will be your ISY address and port setup in your ISY (usually 443, and 192.168.0.xxxx) DDNS is an external service that requires some app inside your LAN (sometimes inside your router) that sends an occasional "Hi--it's me at IP address www.xxx.yyy.zzz " to a DDNS service. When you want to access your ISY you would use a permanent and personalised URL for the DDNS server that it will translate into your ISP given IP address for your router. The advantage of this is when your ISP gives you a new IP address it keeps track of it for you. You still need port forwarding or another technique to get through your router firewall. You end up will your own personal website URL address like this. https://grsbob.freeDDNSservice.com:443 Makes sense now. So technically i don't need dyndns correct? I can't wait to figure all this stuff out! Thank you for breaking it down.
larryllix Posted July 3, 2017 Posted July 3, 2017 Makes sense now. So technically i don't need dyndns correct? I can't wait to figure all this stuff out! Thank you for breaking it down. You don't need it but here was my scenario. My ISP IP address hadn't changed for years. I was in the Carribean with very expensive WiFi on a ship. WE have an extended power failure at home and my ISP "lease" runs out and when the power comes back on my IP address has changed. Now all my remote access gadgets I have on my cell phone cannot access anything and I have no way of knowing what my IP address is. Actually correction. That time I emailed my ISP support (at the next free WiFi spot = few and far between there) and explained and they gave me my current IP address. A previous time, same situation, the freebie DDNS service included with my router, decided I hadn;t checked in and required it within X days. I couldn't respond and my DDNS service account was closed...screwed again. Now I have a python3 piece of code that I use to send my IP address into variable on my ISY and if it changes or the power blinks it sends me notifications of what is currently is. No dependence on anybody else.
gsrbob Posted July 3, 2017 Author Posted July 3, 2017 Thats an excellent idea with the python3 code. That would be to update the ISY with your routers IP address in the event it changes correct?
Scottmichaelj Posted July 3, 2017 Posted July 3, 2017 Thats an excellent idea with the python3 code. That would be to update the ISY with your routers IP address in the event it changes correct? Dont listen to Larry Get the ISY portal and be done. It will open up a ton of features and you wont have to mess with DDNS, python or anything else. $$ well spent.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.