Alter HC2 http 80 port

[pietervanstee 0]

Hi,

I'm using my HC2 behind a modem/router provided by my internetprovider.

This limits my port forwarding options.

Initially the http port is set to 80, is it possible to change that to another number?

*EDIT* changed the port to 80 in stead of 8080, believe that was the wrong port, but this didn't fixed the problem

Please login or register to see this image.

/emoticons/default_wink.png" alt=";)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

Thank you

Pieter

[akatar 208]

perhaps some more information, kind of router etc

maybe there are people here with the same router and/or provider

[pietervanstee 0]

You're right, that might be useful to know.

This is the setup I'm using:

- MODEM/ROUTER: EuroDOCSIS 3.0 (Provided by telenet provider)

- Switch dlink 24ports

- Fibaro HC2 @ 192.168.1.212

- Synology nas DS1815+ @ 192.168.1.4 (DMZ)

this is how the port forwarding looks like on my modem/router (very basic)

Please login or register to see this image.

Here it's not possible to route for example extIp:9020 to 192.168.1.212:80

Also because it's essential for my nas to be in DMZ, I can't place my HC2 in DMZ, which would fix this problem I guess.

Thank you

[akatar 208]

a nas in the dmz is not a wise thing to do

don't you have a function called "port redirection"?

that is able to enter through the wan with port 83, that will be redirected to 80 (example)

you can also put youre question on gathering.tweakers.net

they are the real geeks

Please login or register to see this image.

/emoticons/default_smile.png" alt=":)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

[Guest Lode]

You don't need DMZ to connect to your NAS remotely.

I have the same situation (same telenet router) as you and did a portforwarding to my NAS but you have to use port 5000.

I suppose you have setup "Externe toegang" on your NAS with a valid DDNS account.

[Hallamnet 17]

Port forwarding would be the best option.

Have a random port like 5001 redirecting via your router or firewall to port 80.

Most routers or firewalls will offer it.

Just looking at your photo, you could create a port forward for say port 5001 to 80 on the IP address of your HC.

Hope this is a help.

Hal

[pietervanstee 0]

Hi, all thanks for your replies!

@akatar:

might be true, I'll have to change that in the future, I guess I've set it up like that to make things easier... anyway, my nas has its personal firewall so that won't be a problem I guess.

a port redirection function isn't available on my modem/router, unfortunately

I'll try the tweakers forum, if I need further assistance here.

@lode:

yeah, I've got my pf setup on the 5000 port too, but I had to open up many ports for different applications and the telenet router has only a limited pf slots

@hallamnet:

that's what I wanted to do, but it's not possible on my modem/router provided by my internet provider. maybe that's for a future update... But I won't be waiting for that, I'll soon switch to a modem only solution in combination with a decent router/firewall that allows this.

for now I forwarded the 80 port to 80 internal, that seemed to work.

thank you everyone for your reply

[Guest Lode]

..............................

for now I forwarded the 80 port to 80 internal, that seemed to work.

thank you everyone for your reply

What do you mean by that ?

Are you able to sent http request this way ?

[pietervanstee 0]

..............................

for now I forwarded the 80 port to 80 internal, that seemed to work.

thank you everyone for your reply

What do you mean by that ?

Are you able to sent http request this way ?

well, as you can see in the screenshot above (not mine) you can forward ports, but not without limits. it seems you can only forward for ex, 8000 to 8000 and 8001 to 8001 (from ext to int)

forwarding the port 8000 to 6000 for ex, is impossible on this (telenet) router.

that's what I concluded after reading on different sites, if I'm wrong please let me know

Please login or register to see this image.

/emoticons/default_wink.png" alt=";)" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

so now I've configured 80 ext to 80 int (to my HC2 IP) on the router, and that works. before it was forwarded to my nas in DMZ.

[petergebruers 1,268]

... well, as you can see in the screenshot above (not mine) you can forward ports, but not without limits. it seems you can only forward for ex, 8000 to 8000 and 8001 to 8001 (from ext to int)...

I have Telenet and a CBN modem (Compal Broadband Networks), previously known as Motorola, with the same user interface (mijn.telenet.be). It has the same restriction: only 1 on 1 port translation.

[Lambik 194]

Also because it's essential for my nas to be in DMZ, I can't place my HC2 in DMZ, which would fix this problem I guess.

Just be carefull with that! Local network communication can be detected and being misused!

DMZ zones has to be extreme carefully being setup and monitored!

If you need more ports for sysadmin your Synology or local network, maybe you can setup a VPN, so you can access your local network from everywhere without the need to DMZ your local network. Also you should, at least, use https (port 5001, even better is using another not standard port, instead of http port 5000) when logging in.

For instance, I'm using the Synology VPN package with openVPN (android OpenVPN Connect app or OpenVPN on my Linux bootable USB-stick). The only forwarded ports which are opened are the mail, webserver and a (not standard 1194) high UDP OpenVPN port.

Also, another good suggestion is to use the Synology's 'Security Advisor'.....

[ Added: 2015-01-03, 12:45 ]

BTW, why do you want to port-forward the HC2 anyway? Better use the remote login from

Please login or register to see this link.

. This is making use of an encrypted ssh tunnel, which is more safe then a none-encrypted http connection.

[Guest Lode]

..................

so now I've configured 80 ext to 80 int (to my HC2 IP) on the router, and that works. before it was forwarded to my nas in DMZ.

I'm still missing something here.....

How did you do that ?

Telenet doesn't give you access to port 80.

The only thing i can imagine is that you forwarded to port 80 by using your DDNS account.

That doensn't work for me to get a http request to work.

[petergebruers 1,268]

I thought that too but when I look at my modem config it says "TCP-poorten: 25, 53, 135, 137, 138, 139, 161, 162, 445 en 1080" are blocked. I redirected 80 to my HC2 and checked with my phone connected to 3G network, it works!

[pietervanstee 0]

BTW, why do you want to port-forward the HC2 anyway? Better use the remote login from

Please login or register to see this link.

. This is making use of an encrypted ssh tunnel, which is more safe then a none-encrypted http connection.

I know you're right about the security issues and I'll look in to it...

as for the direct access to my HC2, I'd like to send commands quickly over http api, because in my opinion the login process on mobile devices can go much faster

Please login or register to see this image.

/emoticons/default_tongue.png" alt=":P" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" />

I don't know what's your opinion about that? I have to wait between 4-10 sec before my iOs app is ready to use, sometimes that's just too long

Please login or register to see this image.

/emoticons/default_tongue.png" alt=":P" srcset="https://forum.fibaro.com/uploads/emoticons/[email protected] 2x" width="20" height="20" /> (I'm using 4G on iPhone6)

Thank you for your reply

[ Added: 2015-01-03, 18:33 ]

I thought that too but when I look at my modem config it says "TCP-poorten: 25, 53, 135, 137, 138, 139, 161, 162, 445 en 1080" are blocked. I redirected 80 to my HC2 and checked with my phone connected to 3G network, it works!

Indeed, it's possible to forward port 80 w/o a problem.

I'm using business fibernet 160Mbit, don't know if every subscription has the access to every port.

The most advances subscriptions have access to all the ports...

[Guest Lode]

I thought that too but when I look at my modem config it says "TCP-poorten: 25, 53, 135, 137, 138, 139, 161, 162, 445 en 1080" are blocked. I redirected 80 to my HC2 and checked with my phone connected to 3G network, it works!

Doh !

Can you give an example of that ?

[petergebruers 1,268]

I forgot to tell I have the cheapest Telenet internet option (basic internet). A possible use case of port redirection to HC2 is when Fibaro asks for remote access. Then you redirect 22 and 80 to your box. If you don't want that, you can always ask for a teamviewer session.

[Guest Lode]

Correct, 80 is not in the list of restricted ports.

I'm just trying to do this :

'http://username:[email protected]/api/callAction?deviceID=9&name=turnOff'

but its doens't work.

[petergebruers 1,268]

Lode, are you sure the username:passw@ syntax works on your LAN? I can't get it to work. But at first I thought it did work, because I still had a browser session active (admin) on my machine. Of course, if it doesn't work on a LAN... There are some hints on authentication in this thread:

Please login or register to see this link.

[Guest Lode]

Lode, are you sure the username:passw@ syntax works on your LAN? I can't get it to work. But at first I thought it did work, because I still had a browser session active (admin) on my machine. Of course, if it doesn't work on a LAN... There are some hints on authentication in this thread:

Please login or register to see this link.

Peter, no i didn't say that.

I can't get it to work this way.

Nor LAN nor WAN.

[petergebruers 1,268]

So, we agree that the username:passw@ syntax doesn't work

Please login or register to see this image.

/emoticons/default_icon_smile.gif" alt=":-)" /> Long time ago I used c# and dotnet to establish connections with authentication, but since a year I switched to OS X so I am afraid to give old information.

The topic started with the question: "Alter HC2 http 80 port" - can we agree that your problem is not related to this? Or am I -again- missing the point?

Please login or register to see this image.

/emoticons/default_icon_eek.gif" alt=":shock:" />

[Guest Lode]

Agree...

Please login or register to see this image.

/emoticons/default_icon_biggrin.gif" alt=":-D" />