Canadian TV, Computing and Home Theatre Forums banner

1 - 20 of 78 Posts

·
Registered
Joined
·
57 Posts
Discussion Starter #1
Guys, I want to access my home network from a remote location but I'm kind of lost, and don't even know if it's possible from what I've read.

My ISP is Bell and I have a Netgear mvbr1210c Turbo Hub on the cellular network. My visible ip starts with 184.xxx.xxx.xxx. The ip in my router (Turbo Hub) is 10.xxx.xxx.xxx (Wireless Broadband Port). Then my devices have ip's on my local network, 168.xxx.xxx.xxx. Is there any way I can access my home network from the outside. Thanks for any help.

Glen
 

·
Registered
Joined
·
55 Posts
If your just trying to remotely control a computer on your home network, Google TeamViewer. If is a great program for remote access to a computer from anywhere. Very easy to setup, and gets through any firewall setting. Free for non-business use.
 

·
Registered
Joined
·
8,194 Posts
That depends on what you're trying to do. If you want to access some server on your local network, you have to set up port forwarding on your firewall for that server. The next issue is what address to use. If your public IP address is DHCP, then you may find that IP address no longer connects to your system. So, you'll need some sort of DNS service that can handle DHCP addresses. I'm on Rogers. While they use DHCP to provide addresses, they also provide a long host name, based on my modem and firewall MAC addresses. This host name will never change, unless I change the hardware.

If you want general access to your home network, one possibility is to set up a Virtual Private Network (VPN) to your home network. One thing I have done, which allows me to connect to my home network is set it up for IPv6. This gives me my own subnet (with 2^72 addresses or about a trillion times the entire IPv4 address space) with static addresses. I then can access those IPv6 from elsewhere, by running 6in4 tunnel software on my notebook computer. That software enables carryinng IPv6 traffic over the IPv4 network. There are a few different ways to obtain an IPv6 subnet. Some ISPs are now providing IPv6 subnets, with 2^64, or more, addresses to their customers. Failing that, you can connect to a "tunnel broker" to obtain a subnet and software for transporting IPv6 over IPv4. I also use a publicly available DNS server to provide access to my IPv6 addresses and also to create an alias to convert that long MAC based IPv4 address into something sensible.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #4
Thanks guys...

James, way over my head. I have a solar system and I want to be able to access / track the charge controllers remotely. I have a raspberry pi I would like to use due to it's low power, and normally it wouldn't be an issue, I would use Teamviewer, but the rpi has a arm processor, and Teamviewer will not work on arm.

I tried setting up dyndns and couldn't get it to work. I don't understand (at all) how to set it up, although I have read enough to last a year.

How do you forward ports or set it up when you have different ip addresses. I'm assuming the 10.xxx.xxx.xxx ip in my router is my address "to" Bell, and the 184.xxx.xxx.xxx is how the internet sees me "from" Bell. It's really confusing to me and I can't see how to get around it. You may have given me an option James, but it was way over my head. Thanks guys....

Glen
 

·
Registered
Joined
·
390 Posts
@JamesK.... Seriously???

If the OP is simply looking for Remote Access, you've gone into far, far too much detail of a setup 99.9% of us won't bother to use for a home LAN.

@Muskoka. Either www.teamviewer.com or www.logmein.com will get it done for you. Both are free, require no remote VPN client, and no firewall port forwarding. No configurations at all, other than a secure password. Both are very secure in their transport (256-bit). Both only authenticate with their service. After that, your interacting directly with your PC. Both use remote Web Clients, so all you need is a browser.

EDIT: Didn't realize you were trying to use a Pi. Completely different ball game. Why not simply use a Windows machine? The power consumption issue is vastly overrated and using a Pi won't really save you much at all.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #6
Ya, I could use my laptop but I bought the rpi specifically for this, and didn't realize at the time it wouldn't run Teamviewer. It doesn't get much easier than Teamviewer, they need to get this ported to arm. Just checked with my kill-a-watt meter and the raspberry uses 3 watts, my laptop is 18-20. I know it's not a big deal, just kind of a waste of a laptop just sitting there sending data. The rpi would be perfect for this. Suppose I could make my own headless system to run Teamviewer on.

Glen
 

·
Registered
Joined
·
8,194 Posts
How do you forward ports or set it up when you have different ip addresses.

All TCP/IP services, whether TCP or UDP use port numbers. for example ftp uses tcp port 20 & 21, ssh uses 22, telnet 23 etc. So, if you had an telnet server, you could configure your firewall to pass port 23, coming in on your public address to whatever local address your server is on. The only way you could have two or more computers offering telnet would be to use a different port number for them and configure your firewall accordingly. So, if all those devices use the same port number, then you can't use just port forwarding. If you can configure them to use different port numbers, then you can forward each port number to the appropriate device. If you can't then you have to use some other method, such as a VPN or IPv6, as I described.

If the OP is simply looking for Remote Access, you've gone into far
If he's trying to remotely access multiple devices, then I haven't. The usual port forwarding won't work with multiple devices if they're all configured to use the same port number.

One other thing, how are those devices accessed? If via something like ssh or telnet, then you can use ssh to reach a computer on your home network (don't even dream of using telnet here) and then from that computer fire up a ssh or telnet (here it's safe) connection to access those devices.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #8 (Edited)
Maybe it's my lack of understanding, but I think something is getting lost here with the setup, perhaps the way I described it?

To the outside world my ip address is 184.xxx.xxx.xxx (whatismyipaddress) for example. (Bell to the internet)

In my Netgear router the ip is 10.xxx.xxx.xxx for the Wireless Broadband Connection, I have a Cellular Turbo Hub. (Me to Bell)

Then inside my local network my devices have ip's of 192.xxx.xxx.xxx.

So, how do I route traffic through 184.xxx.xxx.xxx then 10.xxx.xxx.xxx then to my local devices 192.xxx.xxx.xxx.

Sorry to be a bother, I just don't understand how to make it work, if it's even possible. Teamviewer works fine, but is not an option with the raspberry, so I'm looking for an alternative, without buying more hardware.

Glen
 

·
Registered
Joined
·
810 Posts
From my own experience with a Rogers RocketHub I have to agree with JamesK, this is not a plug and play project. If you want to search for some of my other posts on here about the Rocket Hub that may help give you an idea of what you can do, and some of the challenges.

Cellular hubs are a lot messier than regular cable or DSL for incoming access. The cellular provider does not generally give you an incoming route between the exposed internet ip address (your 184.xxx.xxx.xxx) and your Turbo Hub on their internal network (your 10.xxx.xxx.xxx) unless you pay for a static IP or VPN. Incoming requests just get lost in the Bell cellular cloud. The 10.xxx.xxx.xxx is a private address for your Turbo Hub on the Bell network. With Shaw or Telus or other ISPs the 184.xxx.xxx.xxx would be the address for your local router.

If the device you want to talk to on your internal network has an embedded web server and the ability to report to a dynamic DNS service you may be OK. If the web server can keep an outgoing port open that your incoming request can always get in on, maybe that will serve your purpose.

The first thing I would do is see if you can get a Dynamic DNS client running on whatever OS you plan to use on the Pi. I haven't started playing with a Pi yet, but if you do a search for Dynamic DNS Raspberry Pi there are lots of links to give you some idea what you have to do.

Then, see if you can hit it from another another machine outside your Bell cellular network. Testing this is a pain. You can confirm the web server is active when you are on your internal network, but you really can't confirm you are accessing it from the outside world unless you are connecting from the outside world.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #10
Thanks for the feedback. I have been trying to get dyndns working with no luck. To me it would be easy with just the 184.xxx.xxx.xxx address but I also have to route through the 10.xxx.xxx.xxx address as well. Teamviewer takes care of all that, but no go on a raspberry. I was using my Android cell phone not connected to my wifi to test? That should work if it was set up properly? Whatever I've tried, I can see anything on my local network.

Did you say above that other Canadian isp's don't have that other layer on cellular turbo hubs, 10.xxx.xxx.xxx? One more year on this contract, perhaps it's time for a change, and hurry up Teamviewer, it's time for the ARM version.

Glen
 

·
Registered
Joined
·
810 Posts
When you say you're having no luck getting dynamic dns going, do you mean running at all on the Pi, reporting to an external server, or connecting from the outside world?

This is the general order of things I would suggest for what you are trying to do.

Get a Dynamic DNS client on the Pi successfully reporting to whatever DNS service you choose to use (No-IP, EasyDns, etc).

Trigger an update on the client, and check if the IP address was reported at the time you expect when you check your account on the ddns service/server.

Get a webserver or another known service with a well known port running on the Pi.

Disable wifi on the Android, connect to the internet with your cellular data plan, then see if you can reach the IP address reported by the ddns server. If Bell is allowing/supporting default port forwarding, and you have a web server running, this should be the ip address reported by your DDNS, with you specifying the port just to be sure - 184.xxx.xxx.xxx:80.

You will have the same routing issue(s) with any other cellular internet hub regardless of the provider, it comes with the technology. There are posts on here and other sites about the Bell's 5 or 10 dollar per month charge for dynamic or static IP's. I had to pay Rogers 10 bucks per month.

With one year left on your contract you'll have to decide if you want to pay 60 to 120 bucks for the rest of the contract.

I eventually found a WISP in my area and was able to punt Rogers.
 

·
Registered
Joined
·
8,194 Posts
So, how do I route traffic through 184.xxx.xxx.xxx then 10.xxx.xxx.xxx then to my local devices 192.xxx.xxx.xxx.
Perhaps you should tell us how you plan to communicate with those devices from the raspberry pi. If you connect to it first and then on to those devices, it's completely different than if you want to directly access those devices directly from the Internet. Until we know what you're trying to do, we're just guessing. My understanding is that the raspberry pi is just a Linux system. If so, it then becomes a simple matter to remotely run an app on it that then talks to your devices.
 

·
Registered
Joined
·
8,194 Posts
I have a Cellular Turbo Hub. (Me to Bell)
Bell may be providing a private address via that, not a public one.

So, how do I route traffic through 184.xxx.xxx.xxx then 10.xxx.xxx.xxx then to my local devices 192.xxx.xxx.xxx.
This means you've got double NAT in the way. So, you'd have to forward from your outside network to the 10.x.x.x network and again to the 192.x.x.x network.

I suggest you seriously rethink what you are trying to do and also tell us about how you actually control those devices. DYNDNS is a separate issue, which generally doesn't cause problems.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #14
This is not going to work. I have forwarded a port on my system, it's confirmed using Umit Network Scanner in Lubuntu, but it's not visible to the outside world, obviously. I checked with a online Port Forwarding Tester and it says the port is closed. It says all common ports are closed on my 184.XXX.XXX.XXX ip address.

Bell must be blocking all these common ports for the cellular turbo hubs?

Glen

Edit: James you got in while I was typing. What I want to do is remotely access the raspberry (running raspbian / debian) from my laptop / tablet / phone. I ssh / rdp into the raspberry now with Remmina locally.

"So, you'd have to forward from your outside network to the 10.x.x.x network and again to the 192.x.x.x network."

This I don't understand, how do I do that?

Reading about double nat now.......
 

·
Registered
Joined
·
810 Posts
Now you can decide if you want to pay Bell an extra 5 or 10 bucks per month.

As JamesK said, let us know if you want to go directly to a device or devices, or if you just want to hit a single machine to control other devices.

Paying Rogers for a static VPN connection to my rocket hub allowed me to have incoming remote control service to a Mac Mini on my remote network running a web server and home automation software. I could check the logs on the Rocket Hub by connecting to the Mini then browsing to the Hub. I used the same approach to control and configure a PAP2T for VoIP.

I connected directly to a Panasonic IP camera that used their Viewnetcam Dynamic DNS service to report its address. This camera also FTP'd images locally to the Mini.

Having a way to know the current IP address of the remote hub is one thing. Setting up the correct port forwarding and access control is another.

In my example above, using incoming port 80 for 2 different web servers would not be a good thing, so the web servers on the Mini and the Panasonic camera were configured to use other ports.

Just some thoughts for you to ponder.

Edit: You'll have to check some other posts about the Bell dynamic/static offers. With the Rogers IP offer I essentially bypassed the private address and went directly from the Internet to my Hub. This meant I only had to deal with NAT and Port Forwarding on the Rocket Hub.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #16
That's the problem. I have no way of getting through that other layer. From what I've just read, this is what I'm running into.

"By contrast, when NAT is being performed not just on your router but also on another device that's connected in front of it, you've got double NAT. In this case, the public/private network boundary doesn't exist on your router -- it's on the other device, which means that both the WAN and LAN sides of your router are private networks. The upshot of this is that any UPnP and/or port forwarding you enable on your router is for naught, because incoming remote access requests never make it that far -- they arrive at the public IP address on the other device, where they're promptly discarded."

Glen

If nothing else, I'm learning something.
 

·
Registered
Joined
·
8,613 Posts
Not sure exactly what you want to do. If it's simply controlling the desktop on the R'Pi and it's running one of the Linux distros, a version of VNC will likely work. VNC is usually included or available for Linux distros and is compatible with Windows versions of VNC such as UltraVNC. You will need to set up port forwarding in the router. Since it's internet accessible, it's advisable to set up a secure connection using SSH. Most VNCs provide instructions for this. Simply viewing the desktop will be more secure and should not require SSH.

If the goal is to access monitoring/control software on the R'Pi using client software on Windows then the setup will be different. This will involve less overhead and will be inherently more secure so I would use this method, if available. In any event, make sure a username/password is required to make any modifications to the system.

If two IPs are available, the R'Pi could be connected to the modem using an unmanaged switch. Another option is a DMZ port on the router. This will make access easier but the R'Pi will be more vulnerable to security attacks from the internet. Port forwarding is probably the safer option.
 

·
Registered
Joined
·
810 Posts
My comments below and my previous posts are based on two years experience running a Rogers Rocket Hub to access multiple services at a remote site.

ExDilbert,

Unfortunately, you're just muddying the waters with that post.

What the OP first has to deal with is even reaching his Hub from the Internet. With a cellular hub this is different than a regular cable or DSL ISP. Then he can deal with choosing apps, configuring his services and his port forwarding.

Muskoka,

Research what Bell offers you for the extra 5 or 10 dollars per month.

If you can get a Dynamic DNS client running for you on the Pi, you can probably save yourself 5 dollars per month by using a dynamically updated external address from Bell.
 

·
Registered
Joined
·
57 Posts
Discussion Starter #19
Guys, I can sort out what to do....once I figure out how to get past this "double nat" problem, if I even can. Once I can access my network from the outside world I'm good, it's getting access that's the problem. It's not just a matter of forwarding ports at my end, that's done, and their invisible to the outside world. I can do whatever I want to open "my" router, it's the "Bell" router that's the problem. It doesn't recognize anything I do at me end.

Glen

This Netgear router has a ton of options. One of them is "Remote Management" and even that doesn't work. No matter what I set on the router, it's not visible to the outside world.
 
1 - 20 of 78 Posts
Top