Difference between revisions of "Outside Access"

From LinuxMCE
Jump to: navigation, search
(Removed old PLUTO info and update to reflect current availability of options in LinuxMCE)
Line 1: Line 1:
{{NeedsToBeFixed}}
+
[[Category:Security]]
<p>If both of these boxes are unchecked, then it will not be possible for anyone to access any part of your system from outside the home unless you manually make changes to the firewall in the Advanced section.</p>
+
[[Category:Admin Website]]
<p>Check the first box if you want to be able to access the LinuxMCE Admin website from outside your home.  Once checked, you will be able to go to any internet browser anywhere and go to the URL http://youripaddress/LinuxMCE-admin to reach the site.</p>
+
 
<p>There are 2 potential problems, both of which are easily solved with very low-cost optional services from LinuxMCE.  The first is that to access your home system you need to know the ip address that globally identifies your computer, and put it in the "youripaddress" on the URL.  But most residential DSL and cable internet services do not provide their customers with a static ip address--it changes all the time.  LinuxMCE offers a DNS service so that instead of needing to know your ip address, you can access your LinuxMCE system by going to: http://yourusername.LinuxMCE.com. Even if the IP address changes all the time, you can still get to your home pc.</p>
+
[[Image:OutsideAccess.jpg|thumb|200px|Outside Access Admin Page]]
<p>The second problem is that if you check that box the connection will not be secure and it would be possible for someone to "listen" to your communication and intercept your password, thereby being able to control your house.  To solve this you can obtain your own SSL secure certificate from a company like Verisign.  This is what banks and online merchants use to encrypt confidential financial transactions.  With a secure certificate you would access your web site with an "https://" instead--the s means secure.  Everything would be secure and encrypted using the same method you use to access online banking and other secure sites.  However setting up your own secure certificate can be costly and complicated.  Therefore LinuxMCE offers an SSL forwarding service.  With this service you would access LinuxMCE's secure web site using https://yourusername.LinuxMCE.com, and our server would automatically setup a 'secure tunnel' that redirected you to your site.  You would still use your site the same way, the only difference is all the communication would be encrypted using LinuxMCE's secure site.  Both of these services are available for around $1/day.  Login to LinuxMCE.com and click 'My LinuxMCE' to learn more.</p>
+
If both of these boxes are unchecked, then it will not be possible for anyone to access any part of your system from outside the home unless you manually make changes to the firewall in the Advanced section.
<p>If you do check the box to allow outside access, you may find that even if you know your ip address you still cannot access your server because your ISP blocked incoming connections on port 80.  Port 80 is what internet browsers use to connect to a web server.  You can try changing the port from 80 to something else, like 3080.  If you do, then you will need to access your web site like this: http://youripaddress:3080/LinuxMCE-admin.  If that still doesn't work, you may need to talk to your ISP, or consider using LinuxMCE's SSL secure service since that does not require your ISP to permit incoming web connections.</p>
+
 
<p>The <b>Allow outside access</b> is mainly used when you want tech support to be able to help you configure or troubleshoot.  There is no 'back door' to LinuxMCE, and LinuxMCE staff have no way to connect to your system unless you check this box.  If you request tech support and you want to allow LinuxMCE to access your system, check the box and then type in a password.  You will then give the support rep the password, and with that password, the support rep will be able to login to your system, inspect the logs, look at your configuration, and run diagnostics.  As soon as you uncheck the box or change the password the connection your Core will immediately drop the connection and the support rep will not have access anymore.  When you enable remote access, the connection the support rep uses to access your system is secure and encrypted using a protocol called SSH.</p>
+
Check the first box if you want to be able to access the LinuxMCE Admin website from outside your home.  Once checked, you will be able to go to any internet browser anywhere and go to the URL <nowiki>http://youripaddress/pluto-admin</nowiki> to reach the site.
 +
 
 +
==2 Potential Problems==
 +
===Knowing your IP Address===
 +
The first is that to access your home system you need to know the ip address that globally identifies your computer, and put it in the "youripaddress" on the URL.  But most residential DSL and cable internet services do not provide their customers with a static ip address--it changes all the time.  To fix this problem, a domain name should be assigned to the core. This can be done by going to [http://dyndns.org/ dyndns.org] and creating an account and domain name for this machine. The username and password you created at dyndns.org can be entered into the web admin, so that if it changes, the core will automatically contact DynDNS to update its information appropriately.  
 +
 
 +
This can be changed from '''Advanced > Network > Dynamic DNS Settings'''
 +
 
 +
[[Image:dyndns_settings.png]]
 +
 
 +
===Secure Connection===
 +
The second problem is that if you check that box the connection will not be secure and it would be possible for someone to "listen" to your communication and intercept your password, thereby being able to control your house.  To solve this you can obtain your own SSL secure certificate from a company like Verisign.  This is what banks and online merchants use to encrypt confidential financial transactions.  With a secure certificate you would access your web site with an "https://" instead--the s means secure.  Everything would be secure and encrypted using the same method you use to access online banking and other secure sites.  However setting up your own secure certificate can be costly and complicated.   
 +
 
 +
If you do check the box to allow outside access, you may find that even if you know your ip address you still cannot access your server because your ISP blocked incoming connections on port 80.  Port 80 is what internet browsers use to connect to a web server.  You can try changing the port from 80 to something else, like 3080.  If you do, then you will need to access your web site like this: <nowiki>http://youripaddress:3080/pluto-admin</nowiki>.  If that still doesn't work, you may need to talk to your ISP.
 +
 
 +
The '''Allow outside access''' is mainly used when you want tech support to be able to help you configure or troubleshoot.  There is no 'back door' to LinuxMCE, and LinuxMCE staff have no way to connect to your system unless you check this box.   
 +
 
 +
'''This Feature is still an Option but LinuxMCE does not offer Tech Support'''
 +
 
 +
If you request tech support and you want to allow LinuxMCE to access your system, check the box and then type in a password.  You will then give the support rep the password, and with that password, the support rep will be able to login to your system, inspect the logs, look at your configuration, and run diagnostics.  As soon as you uncheck the box or change the password the connection your Core will immediately drop the connection and the support rep will not have access anymore.  When you enable remote access, the connection the support rep uses to access your system is secure and encrypted using a protocol called SSH.

Revision as of 15:35, 10 November 2007

Outside Access Admin Page

If both of these boxes are unchecked, then it will not be possible for anyone to access any part of your system from outside the home unless you manually make changes to the firewall in the Advanced section.

Check the first box if you want to be able to access the LinuxMCE Admin website from outside your home. Once checked, you will be able to go to any internet browser anywhere and go to the URL http://youripaddress/pluto-admin to reach the site.

2 Potential Problems

Knowing your IP Address

The first is that to access your home system you need to know the ip address that globally identifies your computer, and put it in the "youripaddress" on the URL. But most residential DSL and cable internet services do not provide their customers with a static ip address--it changes all the time. To fix this problem, a domain name should be assigned to the core. This can be done by going to dyndns.org and creating an account and domain name for this machine. The username and password you created at dyndns.org can be entered into the web admin, so that if it changes, the core will automatically contact DynDNS to update its information appropriately.

This can be changed from Advanced > Network > Dynamic DNS Settings

Dyndns settings.png

Secure Connection

The second problem is that if you check that box the connection will not be secure and it would be possible for someone to "listen" to your communication and intercept your password, thereby being able to control your house. To solve this you can obtain your own SSL secure certificate from a company like Verisign. This is what banks and online merchants use to encrypt confidential financial transactions. With a secure certificate you would access your web site with an "https://" instead--the s means secure. Everything would be secure and encrypted using the same method you use to access online banking and other secure sites. However setting up your own secure certificate can be costly and complicated.

If you do check the box to allow outside access, you may find that even if you know your ip address you still cannot access your server because your ISP blocked incoming connections on port 80. Port 80 is what internet browsers use to connect to a web server. You can try changing the port from 80 to something else, like 3080. If you do, then you will need to access your web site like this: http://youripaddress:3080/pluto-admin. If that still doesn't work, you may need to talk to your ISP.

The Allow outside access is mainly used when you want tech support to be able to help you configure or troubleshoot. There is no 'back door' to LinuxMCE, and LinuxMCE staff have no way to connect to your system unless you check this box.

This Feature is still an Option but LinuxMCE does not offer Tech Support

If you request tech support and you want to allow LinuxMCE to access your system, check the box and then type in a password. You will then give the support rep the password, and with that password, the support rep will be able to login to your system, inspect the logs, look at your configuration, and run diagnostics. As soon as you uncheck the box or change the password the connection your Core will immediately drop the connection and the support rep will not have access anymore. When you enable remote access, the connection the support rep uses to access your system is secure and encrypted using a protocol called SSH.