Home AMX User Forum AMXForums Archive Threads AMX Hardware
Options

G4 Web Control External Access

RicardoSiqueiraRicardoSiqueira Posts: 373
in AMX Hardware
I have a CV7 that I can access in my LAN through Internet Explorer, when I type my Master LAN IP Address. I am trying now to have access to the same panel remotely(WAN). The firewall was configured with a DMZ host pointing to the Netlinx Master and all ports opened. I can telnet, download to the Master as well as access the Master with Internet Explorer. Per AMX Tech Note#669, the Web Control link under Explorer works only in an internal network(LAN). To achieve remote access you have to add a send_command call under the DEFINE_START section of your main like that:

SEND_COMMAND 0:1:0,'G4WC "Panel Name",12.206.21.20,5900,1'

I added the send_command and now I can see the new Link 'Panel Name' under Internet Explorer, but when I click on the link a pop-up error FAILED TO CONNECT TO SERVER shows up.

Any ideas on what I need to do to make this work?

Comments

  • Options
    Spire_JeffSpire_Jeff Posts: 1,917
    First, I would remove the Netlinx Master as DMZ and only open those ports you need. Second, you will have to add a port forward to the touchpanel. You can make the external port be any number you want as long as it isn't already in use. I would not recommend this as a long term solution tho. The longer these ports stay open, the greater chance some script kiddie will find it and (especially the touchpanel) start to attack it. Depending on what your AMX system controls, you could give a stranger the ability to turn off you heat, turn all your lights on, turn all your TVs on, ......

    A much better solution would be to implement a VPN that would allow you secure access to the LAN. I understand that I am being a tad bit paranoid, but that is my current opinion.

    Jeff
  • Options
    DHawthorneDHawthorne Posts: 4,584
    I have had mixed results with G4 from the outside, and giving the panel a static IP and forwarding port 5900 to that IP does not suffice - you stll get a "no connection" message when trying to access the panel through the master's web interface. I know that VNC uses other ports; I think they need to be forwarded as well (but I don't remember the numbers off the top of my head). I am no great fan of using the NetLinx master web interface anyway; I think it sometimes raises more questions and difficulties with the customer than it's worth, especially when they go poking around inthe log and want to know what's wrong when the messages they are seeing are normal and harmless. So I use a third-party VNC viewer, the free one from Real VNC. It goes through fine with just port 5900 forwarded.
  • Options
    RicardoSiqueiraRicardoSiqueira Posts: 373
    Thanks guys for the advice. AMX should provide a better explanation on the limitations of Web Control, and possibly alternatives on how to implement it safely via VNC or other software. They also should provide a detailed TECH NOTE on how to implement Web Control and ports to forward and how to do it. For the price of the G4 panels and how they market them with the Internet capabilities, we deserve a little more detail from AMX. Maybe there is already something out there and I am just not aware of it.

    Could you please send me a screen shot of the VNC configuration that works with external Web Control.

    Sincerely,

    Ricardo
  • Options
    [Deleted User][Deleted User] Posts: 0
    I did the following to accomplish external G4 web control:

    NAT router configuration
    I forwarded port 80 to the internal IP address of the NI Master
    I forwarded port 5900 to the Internal IP address of the Modero Panel

    Master configuration
    I added a send command to add a G4 Link
    SEND_COMMAND 0:1:0,'G4WC "Panel Name",80.100.17.41,5900,1'

    The second panel name can now be accessed outside the LAN

    From somewhere on the Internet you just browse with IE to your Home Internet IP address, This will open the Master webpage and than click on the second G4 link.
  • Options
    RicardoSiqueiraRicardoSiqueira Posts: 373
    Thanks, Leon. I did the same as you did and it works fine now.
  • Options
    shr00m-dewshr00m-dew Posts: 394
    What happens on a dynamic IP? I suppose you can use the dyndns module to get an updated IP, but is there a command to remove the panel link from the master?

    IE:

    Add link when system starts
    Remove when IP changes
    Add back with new IP

    Kevin D.
  • Options
    Marc ScheibeinMarc Scheibein Posts: 811
    OK, I haven't used that feature, but my suggestion to the command is, to use the URL name in the command instead of the IP.

    The technote 669 descripes the command parameters

    Command format is: " 'G4WC "Name/Description",IP Address/URL,IP Port,Enabled' "

    So IMHO it may be possible to do it similar the following:

    SEND_COMMAND 0:1:0," 'G4WC "My Panel",myhome.dyndns.org,5900,1' "

    When using a DDNS service, you should always get the link.

    And with the last parameter I can enable or disable the WC function.

    Am I wrong?
  • Options
    [Deleted User][Deleted User] Posts: 0
    Hi Marc,

    Yes, I think this could work.
    Don't forget to set a DNS IP address on your NetLinx Master if you use a url name in stead of an IP address
  • Options
    Chip MoodyChip Moody Posts: 727
    I've tested the G4 web control remotely as well, using the domain name I have with DynDNS - works like a charm, though it's not as responsive as the G3 version.

    So who has a creative fix for one of the features you lose by going this route - access logging? With a G3 "panel" hosted on the master, it was easy to use ONLINE events to track when and what IP was accessing the system. Now with the G4 version, the panel is always online, so there's no notification of when someone accesses the system, and no way of getting the IP address...

    Thanks,
    - Chip
Sign In or Register to comment.