How To: Enable Internet Access

[arw01]

So you are ok accessing mobilinc inside the house via wifi?

 

 

And you have port forwarding 443 on your cable modem going where? (not necessary with the subscription mobiconnect)

 

Then on your router you have port forwarding again going where for 443? (not necessary with the subscription mobiconect)

 

I am two less layers than you, with a comcast actiontech modem and put a static internal ip on my isy so I could tell the modem any attempt to connect to 443 forwards to the isy. Works great outside the house, only issues I ever have is the Galaxy Nexus on Verizon is a few software updates behind and occasionally doesn't get the LTE connection or wifi hotspot back on for a few minutes. (known issue with the phone firmware)

 

I would email wes at mobilinc with the isy connection id and have him check his server logs etc to see if the isy checks in like it is supposed to, etc.

[DonB]

That is a good point, I assume the cable modem directs everything to the only thing attached to it, the ASUS router. I don't know how to access the cable modem. There is a chance it is blocking 443 for some reason. I guess I'll have to contact Time Warner to see if they block 443. Thanks for the reply.

[mike.brown412]

Whenever I go to File > Enable Internet Access (ISY) I receive an error, "Failed Enabling Internet Access".

 

Has anyone run into this problem before?

[LeeG]

That means the router does not support (or is not enabled) for UPnP. It is best to define port forwarding since access established with UPnP will be lost if the router reboots. See page 1 of this topic.

[mike.brown412]

Weird, I got it working, but I still can't enable the web access. My home network is a little complex, not sure why I didn't realize this sooner. I was port forwarding to my private IP space on my ISP's wireless router instead of forwarding it to the private IP on my internal application firewall.

 

Anyways, for those who wish to use the MobiLincHD instead of the MobLinc Connect, the configuration is easy. I just did what was explained on page one. My network is more complex than most, or I would have been fine the first time around.

 

Good luck!

[to_lighter]

Hi everyone,

 

I'm having trouble accessing my ISY from work.

 

My router is an Apple TimeCapsule that does not use upnp. I have manually forwarded port 443 to the static IP address of my ISY. I have a dynamic external IP from DynDNS.

 

If I type in my home external IP address as https://x.x.x.x, the web browser just sits there, and never connects. Same if I type in my dynamic domain name. If I try to connect by telnet, there is a long delay followed by "Connection closed by foreign host."

 

Any ideas why I can't connect to my ISY from outside of my home?

 

Cheers!

[coder96]

Is there a chance you isp is blocking standard ports.

 

I always use nonstandard ports. Say 33443

 

The use https://x.x.x.x:33443

 

Pick a number you would remember.

[to_lighter]

Hmm.

 

Seemed to figure it out. For whatever reason, I had to have my router forward port 80 and port 443. Port 443 didn't seem to be enough.

 

Cheers!

[Xathros]

I would not forward port 80. That just opens the door for the hackers.

 

-Xathros

[to_lighter]

Thanks Xathros,

 

I followed the directions at PortForwarding.com, which mentions that for the ISY 99i, both 80 and 443 need to be forwarded to the ISY. I couldn't contact the ISY until I forwarded port 40. Any suggestions?

 

Cheers!

[Xathros]

Certainly both do not need to be forwarded. I would try the advice from coder96 in an earlier post and forward a port other than 443 to the 443 secure port on the ISY. It's quite possible that the Airport is reserving 443 for it's own use with the Airport utility (Just guessing here).

 

Try forwarding 33443 -> the ISY's IP at port 443 rhen try to connect from outside at https://your-public-ip:33443

 

-Xathros

[to_lighter]

Thanks,

 

Unfortunately, it does not work.

 

I now have 33443 forwarded to the ISY 443, with 80 closed. I double checked the ports using a port-checker utility. 33443 is open, 443 and 80 are closed.

 

When I head to https://myip.com:33443, the web browser seems to be just sitting and waiting. Nothing else happens. Any suggestions?

 

Cheers!

[to_lighter]

Now I think I've figured it out!

 

I had to generate a new self-signed SSL certificate. Now it seems to be working without port 80 forwarded.

 

Thanks!

[jgorm]

I dont know that much about hacking, but having port 443 (SSL) open to the internet doesn't seem like the best idea.

[Xathros]

I dont know that much about hacking, but having port 443 (SSL) open to the internet doesn't seem like the best idea.

 

Having any ports open is always a risk. Port 443 somewhat less so than the unencrypted port 80. With no open ports, there is no remote access so we live with the risk and try to mitigate it as much as possible with strong passwords, password change policies, Intrusion Detection routines in our firewalls and non obvious ports such as 33443 in place of 443. Any hacker willing to put in the effort to scan all 65535 ports for openings can find any port you open. Then it's a matter of finding a vulnerability in the responding device or brute forcing the user/pass combo.

 

For many of us, the benefits outweigh the risks.

 

-Xathros

[jgorm]

That's why I run 2 networks in my house. One behind a double nat /spi router and one in the front for my Rokus, cameras, phone, ISY, etc. The other is for my computers, NAS, etc. If you get into my front network, you wont see the computers on the other net because all the ports are stealth. I just came across this article that says that 443 is the 2nd most attacked port.

http://news.cnet.com/8301-1009_3-576077 ... op-target/

You can use this site to see what ports you have open.

https://www.grc.com/x/ne.dll?bh0bkyd2

Normally I prefer to use obscure ports for stuff that needs an open port to the net. Always avoid typical trojan ports!

[chrsb]

I know this might be a dumb question but I just cant figure it out-

Im using Asus dns service. They give me an address to use but no ip. How do I use the address?

myname.asuscomm.com?

I forwarded 33443 in my router no problem and assigned my ISY a static ip.

[Xathros]

Hi chrsb-

 

The url would be:

 

https://myname.asuscomm.com:33433

 

If that doesn't seem to work, then test your forwarding using your outside IP address: http://whatismyip.com,

 

https://:33433

 

If that workss, then try:

nslookup myname.asuscomm.com

using your command line of choice and make sure it resolves to the outside ip from above.

 

If connecting to the IP directly doesnt work, then there is something wrong with your port forwarding. Did you forward 33433 -> 443 at the ISY IP or 33433 -> 33433? If the latter, did you change the ISY secure port to 33433?

 

-Xathros

[chrsb]

That worked. What I was trying to do was set up my Mobilink to work outside my house.

 

For some reason it works fine when I use the IP address listed on my router and the 33443 port

 

When I use myname.asuscomm.com:33443 it locks up. I then read somewhere to use myname.asuscomm.com:3343/admin, that kind of works but locks up halfway through its update.

 

thank you for the reply!

[gogamer]

I've had my ISY 99i for a few years and am just now trying the internet access for the first time. Figured it out pretty easily from this post but having issues.

 

When I enabled internet access and then went to 'about' I get:

My URL: http://192.168.0.149 (which is my ISY in my home network)

Internet Access: https//192.168.1.64 (which is weird because that doesn't exist in my network, and there is no port)

 

I've got my ISP address and at home, I turn off wifi on my phone and point to "https://my.isp.address:443" and it works! it takes me to the blue Universal Devices page and I can see and control my devices, scenes, programs etc.

 

Then after a couple hours I tried it again, and it didn't work. It kept taking me to some Acer website. I went in and realized I left 'enable internet access' enabled, I disabled it and it worked again. Now again this morning I tried it and it immediately took me to this acer website, I went into ISY and 'enabled internet access' and it works again. Very strange.

 

My System

ISY 99i/IR Pro v3.3.10

UI v4.0.11

Linksys E3000 (ISY reserved IP address and port 443 forwarded)

Netgear 24 port switch that all run through

 

I do have an Acer Windows Server with videos, photos etc. Maybe it's pointing to that, though it does have it's own reserved IP from the Linksys.

 

Mike

[KMan]

192.168.x.y addresses are "local" addresses, so those won't work outside of your home network.

 

Seems that you have both your Netgear and your Linksys acting as DHCP servers (both are providing IP addresses - Linksys is providing in the 192.168.0.x range, while Netgear is providing in the 192.168.1.x range).

 

You need to find what your external IP address is (go to http://www.whatsmyip.org/), and use that instead of the one the ISY is saying to use (192.168.1.64).

 

Then you'll need to setup port forwarding on both the netgear and the Linksys I think.

Netgear would forward to the Linksys (192.168.1.64), Linksys forwards to the ISY (192.168.0.149).

 

Alternatively, you can probably put the Linksys in a mode where it doesn't act as a DHCP server, and just routes packets.

[KMan]

Also, using "enable internet access" tries to autoconfigure the router to forward the correct packets to the ISY. This isn't going to work in your network configuration (and isn't the preferred method anyway it seems).

[toflaherty]

Is there much difference between the following scenarios?

 

1 - https://my.isy.address with port 443 forwarded to isy static ip and port 443

 

2 - https://my.isy.address:33443 with port 33443 forwarded to isy static ip and port 443

 

3 - Changing https secure port on isy to 33443 and using https://my.isy.address:33443 with port 33443 forwarded to isy static ip and port 33443

 

I've successfully acquired remote access with all the above options, just to learn how this stuff works, I just don't know enough about it to know which option is best or more secure?

 

In my example above, I just used 33443 as an example, where anything from 2000 through 65535 would work.

 

Thanks for any info.

 

Sent from my SGH-I317M using Tapatalk

[Michel Kohanim]

Hello toflaherty

 

Is there much difference between the following scenarios?

 

1 - https://my.isy.address with port 443 forwarded to isy static ip and port 443

 

2 - https://my.isy.address:33443 with port 33443 forwarded to isy static ip and port 443

 

3 - Changing https secure port on isy to 33443 and using https://my.isy.address:33443 with port 33443 forwarded to isy static ip and port 33443

None whatsoever!

 

I've successfully acquired remote access with all the above options, just to learn how this stuff works, I just don't know enough about it to know which option is best or more secure?

 

In my example above, I just used 33443 as an example, where anything from 2000 through 65535 would work.

They should all work. From management perspective (ease of figuring what what is forwarded to what) it's best to have both ports be the same (i.e. change ISY's port to the forwarded port). For obscurity purposes, it's best to change ISY's port to an obscure number and choose another obscure number for the public port. I very much doubt this would get you any additional security though.

 

With kind regards,

Michel

[toflaherty]

Thanks for the reply!

 

Sent from my SGH-I317M using Tapatalk