Setting up remote access to HeaterMeter

AlexKendall

New member
I'm having a hell of a time getting remote access to work. I've been messing with it for hours and nothing seems to work. I've done the following:
1. Setup a DHCP IP reservation on my Wi-Fi router for the HM so it keeps the same IP. That definitely appears to be working.
2. I have a Google Wi-Fi mesh network (which may be complicating things). It has port management so I can forward port 80 or 443. I've tried both ports and set random external ports but it doesn't seem to matter what I do, I cannot connect to the HM. Attaching a screenshot of my port forwarding screen.
3. I got my external router ip address from one of those websites so I'm definitely using the right address.

I feel lost...what are some things I could be doing wrong? Should I try different port numbers? I'm pretty dumb when it comes to networking.
 

Attachments

  • Screenshot_20201001-063917.png
    Screenshot_20201001-063917.png
    185.4 KB · Views: 5
Last edited:

Bryan Mayland

TVWBB Hall of Fame
Many ISPs block the web ports for users for some reason, so try maybe:
Internal port: 80
External port: 41885 (anything more than 1024, but not 8080 or 8888 just in case those are blocked too)
Select: TCP

Then try accessing http://your.external.IP.address:41885/

I'm not familiar with the Google Wifi interface though enough to tell if something else needs to be turned on or off in addition to that.
 

AlexKendall

New member
Many ISPs block the web ports for users for some reason, so try maybe:
Internal port: 80
External port: 41885 (anything more than 1024, but not 8080 or 8888 just in case those are blocked too)
Select: TCP

Then try accessing http://your.external.IP.address:41885/

I'm not familiar with the Google Wifi interface though enough to tell if something else needs to be turned on or off in addition to that.
Thanks Bryan but there must be something else I'm missing because that's not working.
 

JKalchik

TVWBB All-Star

AlexKendall

New member
Ok well I figured out the issue. It's the technology that my ISP uses that's causing the problems. I don't remember what he called it but it jumbles up the port requests. I need to get off that platform and get a static IP setup. In the works now...
 

JKalchik

TVWBB All-Star
Carrier Grade Network Address Translation is the big brother of what's running (or should be running...) in your own firewall/router. In short, everybody in the ISP is just not directly visible to the outside world. And, if they've implemented it properly, nobody else in your ISP's local network can see you either (guest protection or isolation.) Basically, what NAT does is take requests (addr/port combination) and change the fields in the packet headers to something available on the WAN side, maintaining a map of what's going where so that the returning packets can be rewritten to get to the right internal system. Think of it as a gated neighborhood. When you leave, you tell the guard shack that you're leaving from an address, and a particular door number. He'll use his address and a different door number. If a courier comes to the guard shack and asks to see you at the guard's door number, the guard will give him your address and proper door number. Yes, that's drastically over simplified and contrived, but should be a little easier to understand.

You need to be able to add rules to a NAT device to map an inbound request to an internal system. Anybody who has direct control over their firewall/router should be able to do this. Unfortunately, if you're being a CGNAT system, you won't be able to. A static IP may help. Personally, I have not had to work in that situation. To use the above example, you'd tell the guard that any time somebody asks for the guard's address and a specific door number to direct them to your house address and door number.

In all honesty, I'm sort of surprised that more ISPs have not jumped on CGNAT, and sold blocks of IPv4 addresses. That'll do 2 things, it's an immediate cash cow up front, and does provide some significant security aspects to their customers.
 

AndrewB

New member
Alternative method to port forwarding and opening your network up to the entire internet is to create a VPN
Steps:
1. Get DDNS - A static web address that leads directly to your network
2. Set up VPN using OpenVPN
3. Install OpenVPN on you mobile device
4. set up Open VPN on your mobile
5. Turn Off Wifi on your mobile
6. Log into VPN
7. Enter HM IP into browser
8. Enjoy!

I originally had my port forwarded also but feel this is a bit more secure and also easier to get working
 

AndrewB

New member
Yes, it does require the port to be forwarded for openVPN. I am not a networking expert but to my understanding the VPN option is far more secure then opening a well known port to the world with almost no security
 

Top