Accessing your HDR from the Internet Draft ) (with v4 of the media bundle installed)

REPASSAC

Well-known Member
Here is a first draft - I am not so hot on documentation so any comments / improvments welcome.

Accessing WebIf on your HDR from the Internet.

Firstly, I will assume that your HDR is not the only computer (Host) that you have connected to the internet, which means that you have a router (that may be called a variety of names such as home hub). Your router receives a routable IP address from your ISP and normally allocates non-routable IP addresses to the hosts connected to it on your private network.
A non-routable address (for example 192.168.0.10) enables a private network (like yours to internally use the same addresses as millions of others, without problem). If you try and access such an address over the internet, you will not receive a reply, as commercial routers will not forward your message.

Setting up yor HDR.

This is easy, I suggest you use DHCP, this is simple and eliminates the chance of configuration error.
Next using your browser go to the WebIf settings page, Web Interface User Access Control section and add a user name and password.

Setting up your Router.

I will use my Netgear N3500 router as an example, most routers have similar settings.

HDR IP address allocation

Firstly I suggest that you ensure your router always allocates the same IP address to your HDR. On my router this is controlled under “Advanced Settings – LAN” in the section “Address reservations”. You need to add a reservation for the HDR’s MAC address (a MAC address is a unique hardware address).Note that the “Device Name” field may be blank for the HDR – don’t worry about this – on my router I can enter what I want as the name.

Setup: Port Forwarding.

Next, if is necessary to specify , to which host, incoming requests for particular port should be forwarded to. (Think of a port as a subdivision of an IP address, not strictly fully correct). There are two ports that mongoose (The HDR’s web service) is setup to service, 80 and 777.
If you are running any other http service on your network or using port 80 for another purpose then use 777. The use of port 80 is universally known and you should expect automated attempts to connect to mongoose. Port 777 presents another obstacle to unauthorised access.
On your router in “advanced settings” go to “Port Forwarding” there you can either setup the standard HTTP service for port 80 or add a custom service for port 777.
I will add port 777 as:
· Service: HDR
· Service type: TCP
· Start Port and End port: 777

Dynamic and fixed ISP assigned IP address.

Fixed.

If you have a fixed external address you can now externally access your HDR. See below for how.

Dynamic.

Some ISP’s (with unbundled customers) automatically allocate fixed addresses due to the different topography of such networks and the practice of many customers to leave their routers always on.
If you ISP is not one of these then you will need to subscribe to a dynamic DNS service this registers your current IP address. Some are free of change here is a list
Subscribe to the service of your choice. Most routers support automatic support for such a service – see “Advanced Settings” – “Dynamic DNS” and complete the settings. If your router does not support this then you may need to install and run a small program
Some services allow you to use their domain name others let you register a name. Follow their instructions.
To access your HDR from an external address (It is very likely that you will be unable to access your HDR internally by using the external IP). Use the following.

· Static IP (Port 80): http://81.56.253.29/
· Static IP (Port 777): http://81.56.253.29:777/
· Dynamic IP (port80): http://domainname.com/
· Dynamic IP (port777): http://domainname.com:777/

Notes.

It goes without saying that you HDR must not be in standy when trying to connect to it.
 
Last edited:

preciousp

Novice Member
Another nice trick too.

As the FOXSAT can't be in standby there is a nice function in the FOXSAT menu to automatically turn on the unit at a set time.

In FOXSAT Settings, goto TIME. Then there is an option POWER ON. Set it to the time you want the unit to powerup. I leave the POWER DOWN disabled but keep the POWER SAVING option ON.

So, if you are at work or on holiday, you could set it to startup at say 10am. And it will go into power save at midnight.
 

alanathome

Standard Member
Exactly pitched to give easy to follow Instructions with reasons for each stage of setup, and not too much technical clutter,
(I love theory but it can get in the way sometimes, My Tutor used to say Never mind the Theory find the Problem)

I do have a resonable idea of the overall requirements, but piecing it all together can be a problem, so well done, and the bit about the routers is brill I know its difficult with so many types, I'm with TalkTalk ( Unlooped and new 20meg servers) but your instructions will start me off in the right direction,

Christmas getting in the way of all this PLAY, have to be patient :hiya:
Merry Christmas Alan
 

bwblackett

Novice Member
Thanks for the tutorial - haveing a problem getting through to the Humax....

I've set up with dyndns so http://bw.dyndns-wiki.com/ points to my router - you should get a login window if you try.

I think I've setup port forwarding for 777 so I should get the Humax login screen with http://bw.dyndns-wiki.com:777 but I just get a timeout.

I'm using an EchoLife HG520b router (TalkTalk) with the settings as

Rule Application Protocol Start Port End Port Local IP Address Start Port(Local) End Port(Local)
2 HDR TCP 777 777 192.168.1.10 777 777

Any help appreciated!
Brian.
 

REPASSAC

Well-known Member
Thanks for the tutorial - haveing a problem getting through to the Humax....

I've set up with dyndns so http://bw.dyndns-wiki.com/ points to my router - you should get a login window if you try.

I think I've setup port forwarding for 777 so I should get the Humax login screen with http://bw.dyndns-wiki.com:777 but I just get a timeout.

I'm using an EchoLife HG520b router (TalkTalk) with the settings as

Rule Application Protocol Start Port End Port Local IP Address Start Port(Local) End Port(Local)
2 HDR TCP 777 777 192.168.1.10 777 777

Any help appreciated!
Brian.

Hello Brian.
Does http://foxsat-hdr:777/ and http://192.16.8.0.10:777/ work for you?
bw.dyndns-wiki.com currently resolves to 92.23.149.62 which I don't get a reply from when I ping it but this may be disabled on your router.
Can you tell me what version of WebIf (Package Management) and firmware (setting page) you are on.
 

bwblackett

Novice Member
Hello Brian.
Does http://foxsat-hdr:777/ and http://192.16.8.0.10:777/ work for you?
bw.dyndns-wiki.com currently resolves to 92.23.149.62 which I don't get a reply from when I ping it but this may be disabled on your router.
Can you tell me what version of WebIf (Package Management) and firmware (setting page) you are on.

I don't get any reply on either of the first two links....
The last link goes to my Router logon when accessed from my PC - I've just tried to get it on my Blackberry (when not wifi connected) and it doesn't work.....
Webif V 4.0.4
 

REPASSAC

Well-known Member
I don't get any reply on either of the first two links....
The last link goes to my Router logon when accessed from my PC - I've just tried to get it on my Blackberry (when not wifi connected) and it doesn't work.....
Webif V 4.0.4

Can you check your WebIf version - should be 2.5.
Can you also look at /opt/etc/mongoose.conf - It should have a line:
listening_ports 80,777
I suspect it may not have the ,777
 

bwblackett

Novice Member
Sorry - Webif is V2.5

Mongoose file says

document_root /opt/var/mongoose/html,/media=/media,/cgi-bin=/opt/var/mongoose/cgi-bin,/images=/opt/var/mongoose/html/img,/plugin=/opt/share/html
index_files index.shtml,index.html
ssi_extensions .shtml
cgi_extensions .cgi,jim
cgi_environment LD_LIBRARY_PATH=/lib:/opt/lib,PS1=\h\w\$
listening_ports 80,777
num_threads 10
authentication_domain Foxsat-HDR
global_passwords_file /opt/etc/.htpasswd
 
Last edited:

chaosdestro0

Standard Member
None of this port forwarding is needed really, just ssh into it and bam you have an encrypted tunnel that no one will be able to poke their eyes at.
 

REPASSAC

Well-known Member
None of this port forwarding is needed really, just ssh into it and bam you have an encrypted tunnel that no one will be able to poke their eyes at.

I don't know much about ssh but how would the router know which host to pass the packets to and how would that get a connection to mongoose.?
 

chaosdestro0

Standard Member
You would of course neeed to port forward ssh which is port 22, it's quite simple after that. I would advise using a program called putty, you then just add "tunnels" which basically forward a local port to a destination.
Look it up, plenty of guides on ssh tunneling on youtube. Worth knowing and ofc much safer than using open ports which could have vulnerabilities.
 

REPASSAC

Well-known Member
You would of course neeed to port forward ssh which is port 22, it's quite simple after that. I would advise using a program called putty, you then just add "tunnels" which basically forward a local port to a destination.
Look it up, plenty of guides on ssh tunneling on youtube. Worth knowing and ofc much safer than using open ports which could have vulnerabilities.

I have heard of putty. I was just reacting to your "None of this port forwarding is needed really." when it needs one.
I did stress the need to password protect the open port (a very non standard one).
 

bwblackett

Novice Member
That indicates all is well with mongoose and it's settings. The question is why are the packets not being forwarded by your router.
What is rule 1 on the router?
Have you set up a DMZ?
Try testing via this url Open Port Check Tool
This may also be of some help with your router.

Rule 1 is set up for utorrent on a different port

What is a DMZ - all I can see on my router is :
NAT - DMZ
DMZ setting for Single IP Account
DMZ Disabled
DMZ Host IP Address 0.0.0.0

Open Port tool says
Error: I could not see your service on 92.23.222.177 on port (777)
Reason: Connection timed out

Anyone else on TalkTalk with a EchoLife HG520b ?
 

REPASSAC

Well-known Member
Rule 1 is set up for utorrent on a different port

What is a DMZ - all I can see on my router is :
NAT - DMZ
DMZ setting for Single IP Account
DMZ Disabled
DMZ Host IP Address 0.0.0.0

Open Port tool says
Error: I could not see your service on 92.23.222.177 on port (777)
Reason: Connection timed out

Anyone else on TalkTalk with a EchoLife HG520b ?

Your DMZ is disabled which it should be :)
I found this on setting up port forwarding on your router I would ignore the last bit.

I see your IP changes frequently.

Update: just tried http://92.23.222.177:777/ - response prompted for logon by server at foxsat-hdr :)
 
Last edited:

REPASSAC

Well-known Member
Yeah - I've done that by temporarily disabling the SPI Firewall - whatever that is - but I'm sure it's not a good idea!

I'll keep trying.

Any help appreciated.

I would have thought that port forwarding should bypass SPI.
Out of interest if you set up a rule for port 80 - then does that have the same problem?
 

Monster900

Active Member
OK. Just joined this forum but have been a denizen of the other one for some time.

I successfully accessed my box over the internet today using the instructions by REPASSAC, but one of the things I had to do was set up a firewall rule for the modem/router to allow incoming requests for the HDR service.

MY modem/router is a Netgear DG834G.

Hope this helps
 

bwblackett

Novice Member
I successfully accessed my box over the internet today using the instructions by REPASSAC, but one of the things I had to do was set up a firewall rule for the modem/router to allow incoming requests for the HDR service.

What was the rule you had to set ?
 

Monster900

Active Member
What was the rule you had to set ?

I went to the 'Firewall Rules' and set it as below:

Service Name - HDR Action - Allow LAN Server IP address 192.168.0.xx WAN Users -Any Log - Always 1

Tidied up the copy/paste to try to make it more understandable.
 
Last edited:

REPASSAC

Well-known Member
I went to the 'firewall rules' and set it as below:

Service Name Action LAN Server IP address WAN Users Log 1 HDR ALLOW always 192.168.0.2 Any Always

This copy/paste has not rendered very well but you get the drift.

Most routers would automatically do this - if you define port forwarding then you clearly indicate that you want the HDR to serve the WAN.
 

Monster900

Active Member
Most routers would automatically do this - if you define port forwarding then you clearly indicate that you want the HDR to serve the WAN.

I agree that is logically true but in the case of this router I don't think it's the case. I will double check over the weekend by disabling the rule and trying again from work.
 

The latest video from AVForums

Podcast: Trinnov Room Optimiser: A full explanation of Trinnov and its room optimiser technology
Subscribe to our YouTube channel

Latest News

Samsung teases 76-inch MicroLED TV plus flagship Q950A soundbar
  • By Andy Bassett
  • Published
Amazon Music fully available on Android TV and Google TV platforms
  • By Andy Bassett
  • Published
Sony announces A90J UK/EU price and March availability
  • By Andy Bassett
  • Published
AVForums Podcast: 27th February 2021
  • By Phil Hinton
  • Published
Musical Fidelity launches M3x Vinyl phono stage
  • By Andy Bassett
  • Published
Support AVForums with Patreon

Top Bottom