Difference between revisions of "Outside Access"

From LinuxMCE
Jump to: navigation, search
m (Enabling Remote Assistance: small typo)
 
(21 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{Versioninfo}}
 
{| align="right"
 
{| align="right"
 
   | __TOC__
 
   | __TOC__
Line 6: Line 7:
  
 
[[Image:OutsideAccess.jpg|thumb|200px|Outside Access Admin Page]]
 
[[Image:OutsideAccess.jpg|thumb|200px|Outside Access Admin Page]]
In the [[LinuxMCE Admin Website]]-->Advanced-->Firewall section, both of the following boxes must be checked to allow users to access your system from outside the home:
+
In the [[LinuxMCE Admin Website]]-->Wizard-->Security-->Outside Access section, one (or both) of the following boxes must be checked to allow users to access your system from outside the LinuxMCE LAN or outside the home:
  
 
*''Allow outside access to the website''  
 
*''Allow outside access to the website''  
*''... on port (-port#-)''  
+
:This allows access from any web browser through port 80, the default used by all browsers.
 +
*''Allow outside access to the website on port (-port#-)''
 +
:You can select a private port to use. Any external firewalls must be set to forward this port to your Core.
  
They are disabled by default at installation, for security reasons.
+
These two options are disabled by default at installation, for security reasons.
  
 
==Accessing the Admin page from the Internet==
 
==Accessing the Admin page from the Internet==
Line 18: Line 21:
 
:*''<nowiki>http://youripaddress/pluto-admin</nowiki>''
 
:*''<nowiki>http://youripaddress/pluto-admin</nowiki>''
  
::where youripaddress is either the actual IP address of your home (in the format  ''223.244.16.155'') or is the domain name assigned to your home (such as ''www.myrobothouse.org'').
+
::*where youripaddress is either the actual IP address of your home (in the format  ''223.244.16.155'') or is the domain name assigned to your home (such as ''www.myrobothouse.org'').
 +
 
 +
::*where youripaddress is in the format ''223.244.16.155:3080'' if you have specified to use port 3080, as detailed above.
  
 
==Accessing the Web Orbiter from the Internet==
 
==Accessing the Web Orbiter from the Internet==
Line 24: Line 29:
 
Similarly, You will be able to access the Web Orbiter from any browser of the Internet using the the URL:
 
Similarly, You will be able to access the Web Orbiter from any browser of the Internet using the the URL:
  
:*''<nowiki>http://youripaddress/pluto-admin/weborbiter.php</nowiki>''
+
:*''<nowiki>http://youripaddress/pluto-admin/weborbiter.php or http://youripaddress/lmce-admin/weborbiter.php</nowiki>''
  
 
==Potential Problems==
 
==Potential Problems==
 
===Dynamic IP Addresses===
 
===Dynamic IP Addresses===
The first is to identify your IP address for your home. Most residential DSL and cable internet service providers do not provide their customers with a static IP address -- it changes all the time (a dynamic IP).  A free service called [http://dyndns.org/ dyndns.org] allows you to register a domain name for your home. DynDNS keeps a constantly updated database that links the registered domain name with an IP address. A background utility on your Core sends information to DynDNS whenever the IP address changes.
+
You must know the IP address for your home. Most residential DSL and cable internet service providers do not provide their customers with a static IP address and the IP address frequently changes -- a dynamic IP address.  A free service called [http://dyndns.org/ dyndns.org] allows you to register a domain name for your home. DynDNS keeps a constantly updated database that links the registered domain name with an IP address. A background utility on your Core sends information to DynDNS whenever the IP address changes, which is updated in the DynDNS database.
  
The username and password you create at dyndns.org can be entered from [[LinuxMCE Admin Website]]-->Advanced-->Network-->Dynamic DNS Settings.
+
The username and password you create at dyndns.org can be entered into the [[LinuxMCE Admin Website]]-->Advanced-->Network-->Dynamic DNS Settings.
  
Whenever your IP address then changes dynamically, the Core will then report the updated IP address to DynDNS, which will continue to link your domain name with the new IP address.  
+
Whenever your IP address then changes dynamically, the Core will then report the updated IP address to DynDNS, which will continue to link your domain name with the new IP address.
 +
 
[[Image:dyndns_settings.png]]
 
[[Image:dyndns_settings.png]]
 +
 +
If, for example, you registered a domain name called ''robothouse.dyndns.org'' at DynDNS.org, you could access your Admin website by the URL:
 +
 +
:*''<nowiki>http://robothouse.dyndns.org/pluto-admin</nowiki>''
  
 
===Connection Security===
 
===Connection Security===
Line 48: Line 58:
 
:*''<nowiki>http://youripaddress:3080/pluto-admin</nowiki>''  
 
:*''<nowiki>http://youripaddress:3080/pluto-admin</nowiki>''  
  
===Allow outside access===
+
===Enabling Remote Assistance===
 
+
The '''Allow outside access''' was mainly used for Pluto tech support to be able to help configure systems or troubleshoot problems.
+
  
'''Although this Feature is still an Option, LinuxMCE does not offer Tech Support.'''
+
The "Remote Assistance" feature can be used to allow developers access to your core.
  
Note: There is no 'back door' to LinuxMCE. No remote access is allowed if this box remains unchecked.
+
There is no 'back door' to LinuxMCE. No remote access is allowed if this feature remains disabled.
  
To allow remote access, the box would be checked and a password entered. A remote user would need to enter the password to login.  As soon as you uncheck the box (or change the password) the Core will immediately drop the connection.  Remote access connections are encrypted using SSH and therefore are secure.
+
To allow remote access, click on "enable" and wait for your support code to appear (in red). A remote user would need to know both of them to login.  As soon as you disable this option again the Core will immediately drop the connection.  Remote assistance connections are encrypted using SSH and therefore are secure. On every enable the support code changes, so a developer knowing your old code can't login again without having the latest generated code.

Latest revision as of 22:22, 25 May 2012

Version Status Date Updated Updated By
710 Unknown N/A N/A
810 Unknown N/A N/A
1004 Unknown N/A N/A
1204 Unknown N/A N/A
1404 Unknown N/A N/A
Usage Information
Outside Access Admin Page

In the LinuxMCE Admin Website-->Wizard-->Security-->Outside Access section, one (or both) of the following boxes must be checked to allow users to access your system from outside the LinuxMCE LAN or outside the home:

  • Allow outside access to the website
This allows access from any web browser through port 80, the default used by all browsers.
  • Allow outside access to the website on port (-port#-)
You can select a private port to use. Any external firewalls must be set to forward this port to your Core.

These two options are disabled by default at installation, for security reasons.

Accessing the Admin page from the Internet

Once checked, you will be able to access the Admin Website from any browser of the Internet using the the URL:

  • http://youripaddress/pluto-admin
  • where youripaddress is either the actual IP address of your home (in the format 223.244.16.155) or is the domain name assigned to your home (such as www.myrobothouse.org).
  • where youripaddress is in the format 223.244.16.155:3080 if you have specified to use port 3080, as detailed above.

Accessing the Web Orbiter from the Internet

Similarly, You will be able to access the Web Orbiter from any browser of the Internet using the the URL:

  • http://youripaddress/pluto-admin/weborbiter.php or http://youripaddress/lmce-admin/weborbiter.php

Potential Problems

Dynamic IP Addresses

You must know the IP address for your home. Most residential DSL and cable internet service providers do not provide their customers with a static IP address and the IP address frequently changes -- a dynamic IP address. A free service called dyndns.org allows you to register a domain name for your home. DynDNS keeps a constantly updated database that links the registered domain name with an IP address. A background utility on your Core sends information to DynDNS whenever the IP address changes, which is updated in the DynDNS database.

The username and password you create at dyndns.org can be entered into the LinuxMCE Admin Website-->Advanced-->Network-->Dynamic DNS Settings.

Whenever your IP address then changes dynamically, the Core will then report the updated IP address to DynDNS, which will continue to link your domain name with the new IP address.

Dyndns settings.png

If, for example, you registered a domain name called robothouse.dyndns.org at DynDNS.org, you could access your Admin website by the URL:

  • http://robothouse.dyndns.org/pluto-admin

Connection Security

Connections to LinuxMCE from the Internet are not intrinsically secure, since data is sent as plain text. It would be possible for someone to "listen" to your communication and intercept your password and thereby be able to control your house.

To solve this you can obtain your own SSL secure certificate from a company like Verisign. (This is what banks and online merchants use to encrypt confidential financial transactions.) With a secure certificate you could access your web site with an "https://" instead of "http://". Everything would be secure and encrypted. However setting up your own secure certificate can be costly and complicated.

Choosing the port

You may find that your ISP blocks incoming connections on port 80. (Port 80 is the port internet browsers use to connect to a web server.)

Try changing the port from 80 to something else, like 3080. You would need to access your web site like this:

  • http://youripaddress:3080/pluto-admin

Enabling Remote Assistance

The "Remote Assistance" feature can be used to allow developers access to your core.

There is no 'back door' to LinuxMCE. No remote access is allowed if this feature remains disabled.

To allow remote access, click on "enable" and wait for your support code to appear (in red). A remote user would need to know both of them to login. As soon as you disable this option again the Core will immediately drop the connection. Remote assistance connections are encrypted using SSH and therefore are secure. On every enable the support code changes, so a developer knowing your old code can't login again without having the latest generated code.