Hi there, I am trying to get remote access up and running for a Wiser unit. Background: I have Optus cable modem broadband. I have a Firewall (Smoothwall linux with multiple interfaces). I have established communications from external addresses through the firewall but don't seem to be able to get quite the right network settings on the Wiser to get full remote access. Knowns: Optus will not let port 80 requests to my cable modem but port 8080 is fine Firewall port forwarding rules are working Web server temporarily set up and successfully responding to external requests. (then switched in Wiser unit, and adapted port forward to be Wiser IP) Seem to be able to get to Wiser but not a proper page displayed. IP address responds with http://<webaddress>:8080/clipsal/resources/wiserui.html but page either goes all black or shows stop sign hand with unable to connect with Wiser. Ios4 app just times out or sometimes seems to lock without response (usually confirms internet connection but doesnt go past Wiser comms). Settings: Other equipment External address 220.239.xxx.xxx Port forward: <external_IP>:8080 to 192.168.100.101:8080 Firewall Orange interface: 192.168.100.1 (routing but no DHCP and no DNS) Subnet mask 255.255.255.0 Internet-->cable modem--->Firewall-->Orange interface--->Wiser 220.239.xxx.xxx Prt fwd 192.168.100.1 192.168.100.100 Basic setup on Wiser Wiser hardware switch set to RT (router, but have tried access point not sure which way this should be set) Internet setup on Wiser Internet connection type: static IP Wiser IP address: 192.168.100.101 Subnet mask 255.255.255.0 Default Gateway: 192.168.100.100 DNS: Optus DNS 211.29.200.12 Wiser-Cbus: 192.168.100.2 (I think, but not a problem for this issue??) Network setup on Wiser Router IP: 192.168.100.100 Local mask: 255.255.255.0 I have tried switching Default Gateway and Router IP between 192.168.100.100 and 192.168.100.1, but I am just confusing myself. In fact, I am not clear if Router IP is for Wiser WAN connection and is only relevant if hardware switch set to RT. Which should be Firewall Interface and which should be Wiser WAN interface. DHCP server settings on Wiser DHCP disabled (I can get into LAN interface by setting computer to fixed IP in 192.168.100.xxx range) I hope this has the right information and is not totally confusing. Please let me know what to clarify so I can get the right advice about remote access settings. Thanks
I recall that someone previously determined that you must connect a LAN port and the WAN port from the WISER to the LAN. The DHCP was disabled and the WAN port was setup in such a way that it was a member of the LAN. For example. Your router xxx.xxx.xxx.1 The WISER WAN port xxx.xxx.xxx.5 Gateway xxx.xxx.xxx.1 Your firewall needs to be able to handle LAN traffic on 1. CNI: 10001 2. C-Gate: 20023-20025 (not all have to be used) 3. Wiser: 8080, 8888, 8889, 14000 4. C-Touch Colour: 8336, 8337 5. ServerX: 20027 http://www.cbusforums.com/forums/showthread.php?t=7347 You can if you like remap ports from one to another in your router or firewall. So if 8080 or 8888 interferes with your router or firewall HTML management, you can push the port to something else so long as you put this information into your router or firewall. This part seems out of place. 220.239.xxx.xxx Prt fwd 192.168.100.1 192.168.100.100 <<<< NO PORT What you want to do is firstly establish the DHCP, router and gateway setup and make sure that every LAN object is addressing it. In most cases ROUTER IP = GATEWAY FOR LAN, though you may be using your firewall system as the proxy gateway. If the firewall is also a type of router with store and forward then the LAN will see that as the main gateway. In that case you must decide how the WISER or CNI will point to the outside world. Once you have the config in this robust format, then look to having your firewall taking traffic on other ports. Rather than just opening 8080 and pointing it to WISER's LAN address you may look at flipping the outside WAN port number to something much higher and having the router handle the remapping. For example: 220.239.xxx.xxx:16000 >>> 192.168.100.101:8080 and so on. As I seem to recall, there was some kind of technical issue with optus and 8080, 8000 and 8888. I seem to recall that these ports were not passed at the provider level and could cause termination of the account. You need to look into that with the newest policy. I can assure you that you are not doing anything wrong. The alternative is to place the WISER in the DMZ and declare all traffic on that IP address totally unprotected. This is a testing configuration to see how well your internet and firewall work. It is not intended to be left permanently as it will cause silly amounts of traffic to hit your WISER from the WAN side. I personally would have assume that your firewall was the DNS for the LAN but if it is passing all these requests to the router then it is just acting as a malicious code filter. What is the latency on these transactions ? Put it all back to normal and treat the WISER like a LAN device. The problem appears to be generated by optus itself. Just try that double connection I mentioned above. Did you enable WAN management on the WISER ?
Hi there again, after many hours looping through possibilities I have made very little actual progress here. The basics are: I established internal based connections. OK Tested to ensure ISP and firewall are letting things through - all OK. Set a domain name to a dynamic DNS service. OK Setup port forwarding from <ext_IP>16080 to <internal_ip>8080 Also set port forward to other ports although not sure this helps <ext_IP>16088 to <internal_ip>8088 <ext_IP>16089 to <internal_ip>8089 <ext_IP>14000 to <internal_ip>14000 I can get to the Wiser page from the domain name. Returns password prompt. Sign in with username password Responds with Wiser page - authenticating socket (seems to do 2 loops of this) Error response is the Stop Hand with Cannot connect to Wiser msg ID -1 Any clues from here would be welcome.
I'm not sure where you got the 8088 and 8089 numbers from. I've only ever seen 8888 and 8889 in the documentation and forum posts. Also I don't think you can map a different external port number to the internal 8888 and 8889 because there is no way that I know of for you to tell the client user interfaces (Adobe Flash, iPhone, etc) to use your 16088 or 16089 numbers unless you're doing something really advanced on your outgoing traffic that takes the client 8888/8889 and remaps it. My suggestion is to keep things simple, just use the 8888/8889 numbers on both internal and external.
Socket authentication usually fails when your PICED configuration dont match with actual netwrok setup. If you are using option B i.e Static IP with DHCP disabled on wiser, then you need to enable LAN access on PICED project settings and specify modem IP in there DNS setting can stay balnk or you can put modem IP in DNS1 and leave other blank. I agree with Kjayakumar, keep it simple, use the recommended ports. once you have them working then you can tweek and see if other settings work.
The OP may have tried forwarding this way in an attempt to bypass ISP restrictions. Last time I checked (quite some time ago) Telstra blocked one of these ports on our service at home, so remote access to Wiser was a no go.
That is where PORT MAPPING or PORT TRANSLATION comes into effect. You arbitrate external WAN port numbers into LAN usable port numbers. While it is true that many routers offer this function, it is also true that they are too slow to do it properly. However the Telstra and Optus offer this function in a limited range of applications.
Unfortunately there are still a lot of Gateways provided by Telstra or Optus which do not offer port mapping, so it makes setting everything up very frustrating.