Basic networking

120 posts / 0 new
Last post
Special Ed
Special Ed's picture
Basic networking

I have seen quite a few people here with questions about how to get Rovio online so they can access it from outside of their home.

What I have noticed is that most of the people asking seem to have no basic knowledge on how networks and routing works. That is fine, I will try to explain the basic theory in as simple terms as I can and wrap it up by telling you how to get your Rovio accessible from work/school/iPhone/etc

What I will cover:
Routing
LANs
WANs
NAT (port forwarding)
Cake

What I will not cover:
Dynamic DNS services
Religion

=================================================================

Alright, I will start simple and keep in mind that I will be using simple examples and assume you all have very basic hardware for your network.

What you need to get Rovio online for use at home, and elsewhere:
Wireless access point
Router
High speed internet access (DSL modem, Cable modem, fios, etc)

Since you are here posting I am going to assume you already have your high speed internet hooked up.

Most/many home wireless access points are also routers. They perform a plethora of functions in one device (great for home users) Good brands for these devices include Linksys, DLink, Netgear, Asus. There are others but I am certain the majority of users here have devices made by these brands.

Now, for the basic networking lesson.

When you have a wireless router hooked up to your network and plugged into your high speed internet modem you actually have two networks at your disposal. One is your WAN (wire area network, AKA the INTERNET!), the other is your LAN (local area network) which is your home computer, Rovio, laptops, any other devices that is hooked up to the internet using your home connection.

Now since you are actually running on two networks you will have a few IP addresses.

One will be your WAN IP, which is your external address that is used to access the internet. The other set will be for your home networks.

LAN addresses are limited to these numbers
10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255

Most people with home networks are in the 192.168.x.x range.

For my examples I will assume your network is 192.168.1.x

So, your wireless router actually has two IP addresses now. 192.168.1.1 which is your LAN address, and as an example we will use 122.33.7.44 for your WAN address.

Now, all your computers in your home network (including Rovio) have an address similar to 192.168.1.x

But that range is reserved for LANs only. Which means anyone on the internet cannot type in 192.168.1.100 and get access to your rovio. Only people on your home network can see that.

Imagine this,

You have a mailbox in your building that the postal service drops mail off at. But in your building you have 5 rooms, each room has 2 workers in it all doing different things at the same time. The postman dropped off 10 letters each addressed to a different section (room).
The postman does not know who is who, and who does what so he will simply drop the mail off in the big box and it is up to the building's secretary to sort through the mail.

She will look through all the letters and bring them to the person/section they are addressed to.

Routers do the very exact same thing.

So the internet sends information to your WAN address (122.33.7.44) and your router has to send the information that was sent to that address to the correct place in your home network (192.168.1.x).

So lets say Rovio's LAN IP is 192.168.1.50

You need to setup NAT (network address translation, or "port forwarding") so that when the WAN address is accessed at a certain port (port 80) it sends the request/information to your internal LAN IP for Rovio.

So, if you setup port forwarding on your router (refer to your instruction manual for your router for help to do that) you can now access your Rovio from the internet.

Remember, you now need to access the WAN IP (122.33.7.44) because the 192.168.1.50 is a private internal address and cannot be accessed from the internet.

So, if you want to access Rovio do this:

http://122.33.7.44/

This is assuming you have Rovio setup to run on port 80. If you choose another port for Rovio to use you need to make the URL different. If you make the port 8080 instead use this:

http://122.33.7.44:8080/

This concludes the basic networking lesson. Just remember, imagine a wall between the internet and your LAN, if you want to access a LAN resource from the internet you need to make a hole in the wall so you can reach through it to get what you need.

Oh, the cake was a lie. Not covering that.

eqwalker
eqwalker's picture

That was very good. I would like to ask if you would go a step further. I have two wireless routers. One is connected to the internet and is also my WPA ap. The other wireless router was a spare I had and I have plugged it's WAN port into one of the available ports on my main WPA router. I have also configured it with WEP and have Rovio connected to it. I have already configured Rovio to be accessed by the outside world by port filtering from the first router to the ip of the second router which is port filtered to Rovio. My question is how can I really make this setup as secure as possible until Wowwee issues a firmware upgrade so I can use WPA? I know static routes will come into the picture as well as MAC addresses but am a little cloudy on the issue. Both routers are Netgear with the WEP being a WGB511 and the WPA being a WGTB511T. I have already separated the channels on the wireless with one being on channel 1 and the other on 11. Thank you for your input.

Special Ed
Special Ed's picture

I would, but. It gets fairly advanced and to be honest it's hard to explain some of the more advanced stuff (iptables) but MAC filtering is fairly easy to do.

I could not help you with netgear anyways. I only have Linksys hardware for my wireless infrastructure.

jj
jj's picture

eqwalker, what you really need to do is put the two routers at the same level in your network:

|||||||||||||||||||||||||||||||||||||
|||||||||||||||MODEM|||||||||||||||||
|||||||||||||||||||||||||||||||||||||
|||||WEP||||||||||||||||||WPA||||||||
|||||||||||||||||||||||||||||||||||||
||ROVIO Network||||||||Your Network||
|||||||||||||||||||||||||||||||||||||

This would require your ISP to give you two public DHCP addresses, which I think would be standard issue. You would also need multiple ports on your modem or another switch between your modem and your routers.

Then, setup Dynamic DNS on the Rovio network router (WEP router) so you can access it by always typing in myrovio.dyndns.com, etc.

This would keep your rovio on a completely separate network, outside your private network.

OTHERWISE...............

Look into DD-WRT, which I am currently doing right now. You can install it on your Netgear router. It has the ability to have virtual wireless networks. I will let you know what I find out.

lgd9
lgd9's picture

I get the explanation Sp Ed, sort of, but as a noob, I still don't quite get it. 

 I have a Linksys router.  So I log on and the status page for it comes up.  Then I click on the "applications and games" link and get to the "port range forward" screen.  I type in "rovio" under application; "554" under start/end; set "protocol" to "both"; then I add the 3 digits in the box under IP address that represent the rovio IP--what I see is the router IP followed by the 3 digits I just put in; and then I click "enable."  I do the same thing for the 80 port.  I then open another browser, type in my router's external IP address (that I found at portforward.com), but the rovio interface doesn't come up--I just see the status page of the router.  What am I not doing right?  

 Next, I went into the network settings of rovio to change the 80 port to 8080, but when I clicked "update," it said that I need to enter an IP address.  So, does that mean I need to click the "manually" button so that I can enter an IP address?  If so, which one do I put in: the rovio IP, the router internal IP, or the router external IP?  Whichever IP I put in, it then asks for a subnet mask number--what's that?

 As you can tell, I'm lost.  So if you could give me a blow-by-blow for the Linksys setup since that's the one you have, and tell me what I'm supposed to do in the network settings in the rovio interface to make it work with whatever I'm supposed to do with the router, I'd appreciate it.

  

Special Ed
Special Ed's picture

I bet you did not check the 'enable' checkbox on the very far right side of the screen in the "Applications and Games" (port forwarding) page.

Double check that and make sure you set that, otherwise you look like you set it up correctly. One thing to consider also is that some routers don't like it if you try to access your external IP directly from inside your network. I have noticed this with some versions of the linksys firmware. Not quite sure why it happens but if you hit your WAN IP it just forces a redirect to the router's internal LAN IP (192.168.1.1) or whatever. If you do indeed have the 'enable' checkbox checked and you still get the router page try the test again except from another network (at work or school or whatever)

Rob
Rob's picture

Thanks so much for this thread and the advice on it!

eqwalker
eqwalker's picture

jj said: eqwalker, what you really need to do is put the two routers at the same level in your network: ||||||||||||||||||||||||||||||||||||| |||||||||||||||MODEM||||||||||||||||| ||||||||||||||||||||||||||||||||||||| |||||WEP||||||||||||||||||WPA|||||||| ||||||||||||||||||||||||||||||||||||| ||ROVIO Network||||||||Your Network|| ||||||||||||||||||||||||||||||||||||| This would require your ISP to give you two public DHCP addresses, which I think would be standard issue. You would also need multiple ports on your modem or another switch between your modem and your routers. Then, setup Dynamic DNS on the Rovio network router (WEP router) so you can access it by always typing in myrovio.dyndns.com, etc. This would keep your rovio on a completely separate network, outside your private network. OTHERWISE............... Look into DD-WRT, which I am currently doing right now. You can install it on your Netgear router. It has the ability to have virtual wireless networks. I will let you know what I find out.

Thanks JJ.  Keep me informed.  I'll check with my ISP on the two DHCP public addresses.

lgd9
lgd9's picture

Thanks Sp Ed.  I did have the enable boxes checked.  When I go to work today I'll try to connect to rovio from there since, as you say, the Linksys seems to keep redirecting to the internal IP. 

Special Ed
Special Ed's picture

eqwalker said:

jj said: eqwalker, what you really need to do is put the two routers at the same level in your network: ||||||||||||||||||||||||||||||||||||| |||||||||||||||MODEM||||||||||||||||| ||||||||||||||||||||||||||||||||||||| |||||WEP||||||||||||||||||WPA|||||||| ||||||||||||||||||||||||||||||||||||| ||ROVIO Network||||||||Your Network|| ||||||||||||||||||||||||||||||||||||| This would require your ISP to give you two public DHCP addresses, which I think would be standard issue. You would also need multiple ports on your modem or another switch between your modem and your routers. Then, setup Dynamic DNS on the Rovio network router (WEP router) so you can access it by always typing in myrovio.dyndns.com, etc. This would keep your rovio on a completely separate network, outside your private network. OTHERWISE............... Look into DD-WRT, which I am currently doing right now. You can install it on your Netgear router. It has the ability to have virtual wireless networks. I will let you know what I find out.

Thanks JJ.  Keep me informed.  I'll check with my ISP on the two DHCP public addresses.

There are much better ways to do this, he was close with VLans. Getting an additional IP address from your ISP would require you to get more advanced hardware then what you have (or could afford).

In the real interest in security what you want is not a DMZ, but another network that is locked down to the extreme.

Here is a good (probably the most secure) setup that is doable.

http://www.robocommunity.com/forum/thread/14189/WPA-support/#24236

Simple MAC filtering may be enough, it really depends on your area. Do you live in a heavily populated area? (apartment building, duplex housing, etc?)

There are tools you can use to do a wireless survey of the area to see if anyone has a system in range of you. Based on the amount of people you may decide additional security is not needed (at the moment) especially if you know your neighbors are not super computer savy.

Special Ed
Special Ed's picture

lgd9 said:

I get the explanation Sp Ed, sort of, but as a noob, I still don't quite get it. 

 I have a Linksys router.  So I log on and the status page for it comes up.  Then I click on the "applications and games" link and get to the "port range forward" screen.  I type in "rovio" under application; "554" under start/end; set "protocol" to "both"; then I add the 3 digits in the box under IP address that represent the rovio IP--what I see is the router IP followed by the 3 digits I just put in; and then I click "enable."  I do the same thing for the 80 port.  I then open another browser, type in my router's external IP address (that I found at portforward.com), but the rovio interface doesn't come up--I just see the status page of the router.  What am I not doing right?  

 Next, I went into the network settings of rovio to change the 80 port to 8080, but when I clicked "update," it said that I need to enter an IP address.  So, does that mean I need to click the "manually" button so that I can enter an IP address?  If so, which one do I put in: the rovio IP, the router internal IP, or the router external IP?  Whichever IP I put in, it then asks for a subnet mask number--what's that?

 As you can tell, I'm lost.  So if you could give me a blow-by-blow for the Linksys setup since that's the one you have, and tell me what I'm supposed to do in the network settings in the rovio interface to make it work with whatever I'm supposed to do with the router, I'd appreciate it.

  

Ahh ha! I just noticed what you did wrong! I misread your post the first time.

In the applications and games there are a few different pages. You were setting up on the port triggering or Port Range Forwarding page. After you click on the "Applications and Games" you should see more tabs under the "Applications And Games" link. They are probably similar to these:

"Port Range Forwarding", "Port Triggering", "Port Forwarding"

Perhaps a few others, it has been a long time since I have seen the original linksys firmware.

You want the one that says "Port Forwarding"

Click that and repeat your steps. Let me know how that goes.

lgd9
lgd9's picture

Special Ed said:

lgd9 said: I get the explanation Sp Ed, sort of, but as a noob, I still don't quite get it.   I have a Linksys router.  So I log on and the status page for it comes up.  Then I click on the "applications and games" link and get to the "port range forward" screen.  I type in "rovio" under application; "554" under start/end; set "protocol" to "both"; then I add the 3 digits in the box under IP address that represent the rovio IP--what I see is the router IP followed by the 3 digits I just put in; and then I click "enable."  I do the same thing for the 80 port.  I then open another browser, type in my router's external IP address (that I found at portforward.com), but the rovio interface doesn't come up--I just see the status page of the router.  What am I not doing right?    Next, I went into the network settings of rovio to change the 80 port to 8080, but when I clicked "update," it said that I need to enter an IP address.  So, does that mean I need to click the "manually" button so that I can enter an IP address?  If so, which one do I put in: the rovio IP, the router internal IP, or the router external IP?  Whichever IP I put in, it then asks for a subnet mask number--what's that?  As you can tell, I'm lost.  So if you could give me a blow-by-blow for the Linksys setup since that's the one you have, and tell me what I'm supposed to do in the network settings in the rovio interface to make it work with whatever I'm supposed to do with the router, I'd appreciate it.   

Ahh ha! I just noticed what you did wrong! I misread your post the first time. In the applications and games there are a few different pages. You were setting up on the port triggering or Port Range Forwarding page. After you click on the "Applications and Games" you should see more tabs under the "Applications And Games" link. They are probably similar to these: "Port Range Forwarding", "Port Triggering", "Port Forwarding" Perhaps a few others, it has been a long time since I have seen the original linksys firmware. You want the one that says "Port Forwarding" Click that and repeat your steps. Let me know how that goes.

I've been putting the numbers in the Port Range Forward tab. 

But these are the options on the "Applications and Games" tab of my router (Linksys WRT54GX): Port Range Forward, Port Triggering, DMZ, and UPnP Fowarding.  There isn't an option that just says "Port Forwarding" and I've looked under all the other tabs and don't see it either.  Do you have any suggestions?  Thanks.

jj
jj's picture

What I mentioned above with my awesome diagram, is actually the best way to do it as it keeps the two private WLANs **physically** separated. This is hands down the best way to go if you have the extra hardware.

Special, Ed.. I got the feeling that you didn't really read my post. Where did I mention VLANs...? ;) Although VLANs would actually be a decent way to do it, I was digging around in DD-DRT and noticed the ability to create virtual WLANs. If DD-WRT can create two wireless networks on a single router, and not allow the two to talk to each other except through the public interface, that would be great. I was toying around with it last night, but got to tired to finish it. Maybe later this weekend I can figure something out.

A couple of comments on your comments:
MAC filtering is a waste of time and only keeps non-tech users out. And, getting multiple IP addresses from your ISP does NOT require expensive hardware? If you really wanted to get detailed, you could simply split your WEP router's ports into two VLANs, one for the WAN connection and one for the Router to Router connection. Problem solved, no extra hardware required. DD-WRT could handle this no problem.

Also, having your rovio behind two NAT devices (as in your other post, you linked to) is not the best way to go, you're just asking for trouble. Any time you have an insecure network behind your secure network, it's not good practice. The ipTables help, but like you mentioend in your own post, it's not ideal. Therefore, I would not suggest people go that route, there are way to many alternatives to try before doing that.

Special Ed
Special Ed's picture

jj said:

What I mentioned above with my awesome diagram, is actually the best way to do it as it keeps the two private WLANs **physically** separated. This is hands down the best way to go if you have the extra hardware.

Special, Ed.. I got the feeling that you didn't really read my post. Where did I mention VLANs...? ;) Although VLANs would actually be a decent way to do it, I was digging around in DD-DRT and noticed the ability to create virtual WLANs. If DD-WRT can create two wireless networks on a single router, and not allow the two to talk to each other except through the public interface, that would be great. I was toying around with it last night, but got to tired to finish it. Maybe later this weekend I can figure something out.

A couple of comments on your comments:
MAC filtering is a waste of time and only keeps non-tech users out. And, getting multiple IP addresses from your ISP does NOT require expensive hardware? If you really wanted to get detailed, you could simply split your WEP router's ports into two VLANs, one for the WAN connection and one for the Router to Router connection. Problem solved, no extra hardware required. DD-WRT could handle this no problem.

Also, having your rovio behind two NAT devices (as in your other post, you linked to) is not the best way to go, you're just asking for trouble. Any time you have an insecure network behind your secure network, it's not good practice. The ipTables help, but like you mentioend in your own post, it's not ideal. Therefore, I would not suggest people go that route, there are way to many alternatives to try before doing that.

You are right, sorry I think I was getting two other posts mixed together in my head.

I did not know DD-WRT had feature of supporting two WAN IPs. That is quite ideal, if you are willing to pay your ISP for a second IP address.

I was only suggesting MAC filtering in the situation that he was not in a highly populated area, and in the case he knew his neighbors. I think you would be suprised at how well some simple measures like that work on the non-savy users. And that was all I was getting at.

I still think that my solution using iptables and static routes is the most secure (in the scenario that you do not want to pay for another IP from your ISP. If you read the post it makes it very secure. At the very bottom I describe making the rovio network available ONLY from the WAN IP, which duplicates the suggestion you have made.

I did know that DD-WRT allows the creation of of two virtual wireless networks, but have you been able to get two different wireless security modes working on each? I have not, if you do please let me know so I can duplicate that. I would much rather have that then have to cut down on the coverage in my home by having half my routers WEP half WPA.

jj
jj's picture

lgd9 said: I get the explanation Sp Ed, sort of, but as a noob, I still don't quite get it.   I have a Linksys router.  So I log on and the status page for it comes up.  Then I click on the "applications and games" link and get to the "port range forward" screen.  I type in "rovio" under application; "554" under start/end; set "protocol" to "both"; then I add the 3 digits in the box under IP address that represent the rovio IP--what I see is the router IP followed by the 3 digits I just put in; and then I click "enable."  I do the same thing for the 80 port.  I then open another browser, type in my router's external IP address (that I found at portforward.com), but the rovio interface doesn't come up--I just see the status page of the router.  What am I not doing right?    Next, I went into the network settings of rovio to change the 80 port to 8080, but when I clicked "update," it said that I need to enter an IP address.  So, does that mean I need to click the "manually" button so that I can enter an IP address?  If so, which one do I put in: the rovio IP, the router internal IP, or the router external IP?  Whichever IP I put in, it then asks for a subnet mask number--what's that?  As you can tell, I'm lost.  So if you could give me a blow-by-blow for the Linksys setup since that's the one you have, and tell me what I'm supposed to do in the network settings in the rovio interface to make it work with whatever I'm supposed to do with the router, I'd appreciate it.   

 Igd9: I broke down your questions and hopefully answered them sufficiently. Let me know if there's anything else you need. Thanks

1) Igd9 said: "I then open another browser, type in my router's external IP address (that I found at portforward.com), but the rovio interface doesn't come up--I just see the status page of the router.  What am I not doing right?"

1) jj reply: Make sure you have your router's external administration access page turned off. Linksys routers have the ability to be configured from the WAN. You do not want this. This is not only somewhat insecure, but also typically eats up either port 80 or port 8080. You may be able to change the port the router listens on, but I would just simply remove it. Also, for other people reading this post, many ISPs block port 80 and/or port 8080. I would use a different random port like 5543 or something. Some ISPs also block HTTP in general which in that case, you're in trouble. You would have to setup a VPN on your router and connect to it before you did anything. That's a whole other posting.

2) Igd9 said: "Next, I went into the network settings of rovio to change the 80 port to 8080, but when I clicked "update," it said that I need to enter an IP address.  So, does that mean I need to click the "manually" button so that I can enter an IP address?"

2) jj reply: Yes, click "manually" and enter in the INTERNAL IP you assigned to your Rovio. You do not want your Rovio on DHCP as it will change, and your Port Forwarding rules will stop working. Your DHCP range probably starts at 100, so pick a number that is something like 192.168.X.55 or something. X, is your network address (probably 0, 1 or 100).

3) Igd9 said: "If so, which one do I put in: the rovio IP, the router internal IP, or the router external IP?  Whichever IP I put in, it then asks for a subnet mask number--what's that?"

3) jj reply: You need to put in the static ip as I mentioned in #2. If your internal network is 192.168.1.X then assign your Rovio and IP of 192.168.1.55. You do not want to use the router's external IP. The subnet mask is typically 255.255.255.0.

jj
jj's picture

I did mention VLANs in my original post (hence the wink ;) ). But, I removed it before you replied, because I thought it was way too complicated for most users.

 The best way is to get two WAN IPs from your ISP as it is fairly easy for anyone to setup as long as they have the extra hardware. I don't think you have to pay your ISP for two **DHCP** addresses? Maybe some ISPs require you, but Charter (my ISP) used to be fine with multiple DHCP addresses. I'm on a large /23 subnet on the public side.

Yes, if I can get DD-WRT to have multiple WLANs, I will definately post it. I am not sure if you would need multiple WAN IPs or not for that. I've seen some pretty crazy stuff with open-source firewalls. pfSense, for example, can do it.

lgd9
lgd9's picture

Thanks Sp Ed and JJ.  I kept the port at 80 and put the required info in both the port range forward and in the UPnP forward screens and it worked.  I'm not sure which one worked but I can access rovio through my external IP now, so I'm a happy camper.  Now if I can just get the email photo thing to work.  I have a gmail, yahoo, and gmx account and none of them seem to work.

 Thanks again for all the info.  This has been a most helpful thread. 

coverthawk
coverthawk's picture

I have a basic question:

How do I assign a permanent IP address to the Rovio instead of using DHCP? Are there settings in the router (Linksys WRT54G) that would need to be modified in addition to the Rovio configuration itself?

Thank you in advance,
coverthawk

Rudolph
Rudolph's picture

coverthawk said:
I have a basic question:
How do I assign a permanent IP address to the Rovio instead of using DHCP? Are there settings in the router (Linksys WRT54G) that would need to be modified in addition to the Rovio configuration itself?
Thank you in advance,
coverthawk

I didn't have to change anything in my wrt54g to make Rovio a static IP. Just pick the number you want to use and set it in Rovio's Network tab (along with the default gateway and others). I just picked an IP number outside the range of available DHCP numbers for mine.

jj
jj's picture

coverthawk said: ...Are there settings in the router (Linksys WRT54G) that would need to be modified in addition to the Rovio configuration itself?

Absolutely. Whatever you assign your Rovio, you would need to set in your Port Forwarding as well. Most users have this as a network:

Network: 192.168.1.0
Subnet: 255.255.25.0
Gateway: 192.168.1.1
DHCP Range: 192.168.1.100 - 192.168.1.150

So if you picked any number from 1-99 and 151-254 you would be good.

So, pick 192.168.1.55 and you should be good to go. Then be sure to update your router's port forwarding.

ET
ET's picture

solved

coverthawk
coverthawk's picture

jj said:

coverthawk said: ...Are there settings in the router (Linksys WRT54G) that would need to be modified in addition to the Rovio configuration itself?

Absolutely. Whatever you assign your Rovio, you would need to set in your Port Forwarding as well. Most users have this as a network:
Network: 192.168.1.0
Subnet: 255.255.25.0
Gateway: 192.168.1.1
DHCP Range: 192.168.1.100 - 192.168.1.150
So if you picked any number from 1-99 and 151-254 you would be good.
So, pick 192.168.1.55 and you should be good to go. Then be sure to update your router's port forwarding.

 Thank you...setup worked perfectly.

 I have another question regarding setting up port forwarding.

I have successfullly setup port forwarding and also signed up for an account with no-ip.com.  Everything seems to be working - but there seems to be settings withing the rovio configuration "Domain" for Dynamic Domain Settings.  Would anybody mind confirming what this is for and if it replaces any manual configuration of anything?

Also, (newbie to port forwarding and networking in general) - I have installed the program provided by no-ip.com that updates the IP address of my internet connection (Comcast - dynamic IP).  My question is if my primary computer is a laptop, that comes to work with me, is there anything I need to do to prevent the program from sending the IP address of my work IP, or WWAN (Verizon Wireless)?  I ask this to confirm if perhaps the setting within the Rovio configuration utility is designed for a case like mine?

 Finally, is there a chance that my work network would block access to the IP address I created in no-ip.com?  I have confirmed that I can connect while off my home network (using Verizon wireless boradband) and also using my iPhone.  When I try to connect from my work network, it is unable to find the page.  Any ideas?

I wanted to thank you all so far for this great community!  Thank you in advance for any help you can provide with these questions also.

ET
ET's picture

coverthawk said:  When I try to connect from my work network, it is unable to find the page.  Any ideas? I wanted to thank you all so far for this great community!  Thank you in advance for any help you can provide with these questions also.

I have the same problem when try to connect from my work. The authorization request menu pops up, I enter login and password but can't get access to the rovio interface. While my brother could access rovio from his home network in Europe. It looks like my work network blocks it or something,  I haven't found solution yet.

 

 

eqwalker
eqwalker's picture

You may want to just wait for a while. I was at work and it prompted me for username and password, which I entered, then it just sit there. I just left it there and about 15 minutes later it came up. Then it was ok. I don't know what could be causing that.

ET
ET's picture

eqwalker said: You may want to just wait for a while. I was at work and it prompted me for username and password, which I entered, then it just sit there. I just left it there and about 15 minutes later it came up. Then it was ok. I don't know what could be causing that.

No, unfortunately it didn't work in my case.

Rob
Rob's picture

Yay, I was excited beyond belief to get everything set up correctly to be able to access my Rovio from outside my LAN! This felt like a great accomplishment for me, and I'm glad to feel I FINALLY have a clue how port forwarding and DNS forwarding services work (I gave up when trying to figure it all out for a different project).

Unfortunately, it seems the interface is practically unusable with my slower-than-average DSL connection. Has anyone seen suggested minimum connection speeds listed anywhere? Do the rest of you experience insurmountable differences in usability with LAN vs WAN access? With your answers, would be curious to know what your connection speed is.

jj
jj's picture

coverthawk said: I have another question regarding setting up port forwarding. I have successfullly setup port forwarding and also signed up for an account with no-ip.com.  Everything seems to be working - but there seems to be settings withing the rovio configuration "Domain" for Dynamic Domain Settings.  Would anybody mind confirming what this is for and if it replaces any manual configuration of anything? Also, (newbie to port forwarding and networking in general) - I have installed the program provided by no-ip.com that updates the IP address of my internet connection (Comcast - dynamic IP).  My question is if my primary computer is a laptop, that comes to work with me, is there anything I need to do to prevent the program from sending the IP address of my work IP, or WWAN (Verizon Wireless)?  I ask this to confirm if perhaps the setting within the Rovio configuration utility is designed for a case like mine? 

I would not put it on your laptop as yes, it will try and update with your work ip address. If you have a workstation at home that never moves around, just set it up on there. Rovio also has this ability (pg 39 in your manual "Using a domain name with Rovio"), but in my experience, unless Wowwee really paid attention to the DDNS server's requirements, chances are it'll only get your host cancelled or something else will happen. DynDNS.org is really picky for example.... But it's worth a try if you want.

coverthawk said: Finally, is there a chance that my work network would block access to the IP address I created in no-ip.com?

Most likely. It won't be your IP address that's blocked, but the ports that are the problem. Port 80 would work, but you also need another port (554 by default) which is not usually allowed through corporate firewalls unless your business has some need for streaming media (port 554 is used by the Real Time Streaming Protocol "RTSP"). If you're good friends with somene in the IT department who can change the company's firewall settings then maybe they will be willing to do it for you. But mostly likely (especially if you work in a company that has more than 100 employees), they will think your crazy for even asking. Also, as a warning, they may be upset if you even try. (I work in IT for my company, and we do not even allow end-user personal laptops on our network and they can even be written up for plugging them in. But, because of what we do, we may be a little more anal retentive than a lot of companies).

Rob
Rob's picture

Two Questions for those who know:

What security issues would I face if I publicized my DynDNS-obtained URL that forwards to my WAN IP, and Rovio?

Is it easy for hackers to figure out my real WAN IP?

jj
jj's picture

The biggest, most realistic security risk you face is if the Rovio had some security flaw that someone figured out. If they could gain control of it and run scripts to hack your internal network, that would be not cool. Definatly, do not use the same password that's on your Rovio for any other service you use (e.g. gmail, banking).

Otherwise, if you have WAN ICMP off (they can't ping you from the outside) and you limit your port exposure as much as possible, you will be very safe.

Whatever ports you do end up opening up, just make sure the programs behind those ports are fully patched.

If anyone knows your Rovio's domain (e.g. robsrovio.myrovio.com) then yes, they will know your IP (which is the point of domains (DNS).

The goal isn't really to hide your public IP as much as it is to just secure your network. However, if you don't want people knowing your IP, don't give out your domain. It is not easy for people to get other people's IP without some sort of direct communications with you. Most likely it will be some website that you visit that does not hide your IP that will give you away (such as a public forum). But, those are fairly rare and you should be aware that it is doing that.

Rob
Rob's picture

Thanks for the advice, this thread has really helped me get farther with my understanding of networking. I really REALLY owe you guys.

I did think to come up with unique passwords for my Rovio as well as my WEP-protected network. But the other advice you give is a bit over my head...

1) I don't see anything about WAN ICMP, but I do see an option for "Discard Ping To WAN". Is that the same thing? Should that be turned on?

2) How do I limit my port exposure?

3) I don't really understand your last paragraph. The only ports I've adjusted are the ports for accessing Rovio. The only other ways I see myself using other port forwarding in the near future is adding an IP camera.

While I am asking about ports...

4) Can I direct any port number to any device IP address on my LAN? Or is there some limitation of specific port ranges for specific uses?

5) My router has three protocol options for port forwarding, TCP, UDP, or Both. Do you have a quick explanation and/or direction for setting?

6) I'm still curious, does DynDNS shield my true WAN IP address from prying eyes?
Thanks so much to everyone for helping. Setting up my Rovio has done a lot to further my networking skills!

Special Ed
Special Ed's picture

DynDNS does NOT shield your IP.

It does the exact opposite. It shows/forwards people to your WAN IP.

Pages