I just updated to the latest SD card build of EmonBase. All is working well at home internally to my network.
I now want access from the outside internet. I was doing that fine with my old setup, which I’ve been running since 2012. But for some reason I can’t make it work with the new setup.
I have forwarded ports as required. Neither the web server nor ssh are working from outside. I poked around in various config files, but haven’t found anything. I’ve never had this problem with several other rasbian based setups.
Is there something that the EmonSD setup does differently that I need to tweak to get outside access?
Solved, at least enough that I’ll probably figure it all out from here.
My raspberry pi has 2 IP addresses on my LAN. One for the ethernet (like 192.168.1.200), and one for the wifi (like 192.168.1.201). I have been doing all my internal (LAN) emoncms setup via the ethernet address, so naturally I used that address when setting up port forwarding with my router. But it turns out that for some reason that doesn’t work - I need to use the wifi address for port forwarding.
Why it is this way I don’t know, but I expect a little research will clue me in.
Strangely, and probably related to this, I can’t use my wifi IP address internally to SSH or run Node-red - I have to use my ethernet IP address. As in, for Node-Red, 192.168.1.200:1880 works, but 192.168.1.201:1880 doesn’t, yet for access from the outside internet, 192.168.1.201:1880 is the one that works (via port forwarding).
Independent of your problems, I wouldn’t have the 2 network interfaces running from within the same network subnet. i.e. use Wifi, or wired, but not both, in your case the .200 and .201 addresses
If you want to get into more complicated networking you could bridge the two interfaces to provide a resilient connection, e.g. wifi is preferred and can fail over to wired if the wifi dies, but assuming that this is all off the same single wifi router device, this is unlikely to give you much benefit.
I am guessing that you problems are pure network and TCP/IP level as that setup would have created an asymmetric route, which any secure protocols (e.g ssh) would think that it is trying to be spoofed and thereby prevent connection.
To expand a little: Assuming your PC is trying to ssh to the 192.168.1.200 address, if the routing on the emonbase is set to respond via the 192.168.1.201 address, then ssh will say I attempted to connect to .200 and a response came from .201 and thereby reject this response. If you connect via the .201 address, the response comes back from the same address and hence why one works, but not the other.
By removing one of the interfaces you prevent the possibility of an asymmetric route and prevent this style of problem.
Thank you for the ideas and suggestion about subnets. I have managed to ignore subnets on my home network, and really don’t know much about the concept, but am learning more now.
I wonder if EmonBase (via the EmonSD image that I am using) is set-up differently than standard raspbian releases in this regard. I don’t recall having this issue with other Raspberry Pi setups, but maybe they are no different.