Setting up remote access to HeaterMeter

[M Hoskins]

Hey Everyone

I figured I would start a thread, as there seems to be snippets of information floating around, but not one source as to how to set up port forwarding/dynamic IPs.

First, I followed Brian's guide guide to setting up the network settings: https://github.com/CapnBry/HeaterMeter/wiki/HeaterMeter-4.0-Software

Then I watched this video: https://www.youtube.com/watch?v=Y_IaTJx1x2k

And everything seemed to work well. I was accessing my HM-Pi remotely, until I unplugged and restarted it.

When I restarted it, it had a different address to the original one I had port forwarded. So I could no longer access it remotely.

I then ran across this article, which suggested setting up a static IP: http://portforward.com/networking/static-win7.htm

So then, I set the settings on my HeaterMeter from DHCP client to Static IP. That didn't go over so well; I could no longer access my Pi. I had to set it back to DHCP to see it again.

So my question: how can I set up a static IP on my HeaterMeter, so that I don't need to change the port every time?

Is anyone else having these problems? I'm very new to networking, so apologies if this is a super basic topic that I am just too thick to wrap my head around. Also, please post any other port forwarding issues here.

thanks guys,

 

[John Bostwick]

On the router, you should have the ability to reserve an ip address for the hm. I have done this too, as I was always having to make sure the ip address was correct.

 

[JuanGarcia]

I have a static set on my HM.... But yeah most routers support "static" dhcp reservations

 

[M Hoskins]

Yeah, can you explain that like I'm 5?

So my understanding is that I would need to set this address as static on my router, but wouldn't it also have to be static on the HM as well?

I also have no idea what the subnet mask and destination IP are.

If it helps, I am using a Netgear AC1200 router.

 

[Lesley M]

Yeah, can you explain that like I'm 5?

So my understanding is that I would need to set this address as static on my router, but wouldn't it also have to be static on the HM as well?

I also have no idea what the subnet mask and destination IP are.

If it helps, I am using a Netgear AC1200 router.

I use a Netgear AC1900. The answer to your question is no you would not have to set the HM as static. Because every device has an unique MAC address. So when the router sees that the hm with MAC address XX:XXX:whatever it will automatically assign the IP you reserved for that device.

Here is a video that shows how to do it, assuming your Netgear interface is the same as mine.

http://youtu.be/agbTosILwuw

As for the Dynamic DNS, my netgear router has a free service built in that i use.

http://kb.netgear.com/app/answers/detail/a_id/23860/~/how-to-setup-a-netgear-dynamic-dns-account?

 

[M Hoskins]

Wow, thanks everyone for your help! I've assigned the address and now I can see my HM everywhere!

 

[John Bostwick]

Yeah, I should have referenced the Mac address in my response. Anyway you can also now use something like no-ip.com to give your hm a Web address. For instance I use UDS.servebeer.com(noip) instead of an ip address.

 

[RalphTrimble]

I went the other way, changing the WiFi setup on the Heater Meter from DHCP to Static ip, and assigning the static IP there.... That works too....

 

[Mache]

I am always conscious of Internet security. Given all the recent reports about NSA surveillance and hacking by the Chinese, I think it is imperative to protect your BBQ from all aggressive outside intruders.

Therefore, I have configured the SSH module in the LinkMeter software so that it requires a public key / private key certificate pair for SSH sign in and once signed in, use an encrypted SSH tunnel to access the HeaterMeter web page via a browser.

In my configuration, I generated 2K certificates (a public key / private key pair) and have port 6022 on the router forwarded to port 22 on the HeaterMeter. I configured the SSH app on my phone to SSH tunnel port 6080 to port 80 on the HeaterMeter. Accessing the HeaterMeter web page over the Internet requires first logging into the HeaterMeter by SSH through port 6022 using the 2K private certificate. Once logged in via SSH, I then use a browser to access the HeaterMeter web page through http://127.0.0.1:6080.

It gives me great piece of mind on those long L&S brisket cooks to be fully confident that my smoker is secure from all surveillance and any malicious intent.

-- Mache

BTW: Given the recent press about the capabilities of the NSA, I am thinking about upgrading to 4K certificates.

Also, with this setup, once SSH is running, I can also use PitDroid with a server address of 127.0.0.1:6080.

 

[CraigMW]

I am always conscious of Internet security. Given all the recent reports about NSA surveillance and hacking by the Chinese, I think it is imperative to protect your BBQ from all aggressive outside intruders.

Indeed. Just imagine the potential for weaponized brisket! All of the millions of HeaterMeter controlled BBQ pits all being hacked on Memorial Day... what potential for chaos!

 

[Mache]

Indeed. Just imagine the potential for weaponized brisket! All of the millions of HeaterMeter controlled BBQ pits all being hacked on Memorial Day... what potential for chaos!

Exactly, just think how crippling it would be if an enemy was able to disrupt Memorial Day or Fourth of July BBQ across the country. It would be a blow against our identity as Americans; we would not recognize ourselves. Armageddon!

That is why it is so important to take the appropriate measures for protection and vigilance.

 

[John Bostwick]

Well, if someone actually did break into my hm on my UDS, they could probably burn down the deck or house. But I think they are very low on the radar of hackers, I'm not to worried.

 

[Mache]

Given that it takes less than three minutes to port scan the entire Internet, I do not think it really matters that you are low interest to hackers or state actors. IPV4 restricts the Internet to approximately 4 billion ip addresses (in reality a good deal less). I believe all open ports get attention regardless of whether they are your UDS or the trading system at a major Wall Street investment bank.

 

[Steve_M]

Invest your time securing the things that really matter. For me, I used my "basement" raspberry pi that I use for all sorts of other things to act as an SSL proxy into my heatermeter. I really only did this because I could, not because I felt I was at risk for having my BBQ controller hacked into.

Jumping from 2K to 4K keys is probably not going to stop the NSA, especially if you didn't bother to use a passphrase on the keys, which most people don't because it takes the fun out of using keys!

John's right, though, the botnets and script kiddies aren't going to care about pwning someone's bbq controller.

 

[Mache]

especially if you didn't bother to use a passphrase on the keys

Of course I use passphrases on the keys. Why would I not?

John's right, though, the botnets and script kiddies aren't going to care about pwning someone's bbq controller.

I disagree. With all IPV4 addresses readily accessible, unscrupulous folks are continuously scanning all the available ports of the the entire Internet address space. They do it because they can and they hope to get lucky.

 

[Steve_M]

Let's not forget that we're using these outdoors and there's no protection on them. I'd be more worried about a neighbour fiddling with it that someone on the 'net

Never attribute to malice that which can be adequately explained by stupidity!

 

[Bryan Mayland]

I'd be more concerned about what someone can do on your home network once they take over a device on the inside. Once they're past your main firewall, they can work their way back out and brute force the router's password and set up to sniff all your network traffic or man in the middle something.

Note that the current version of the OpenWrt raspberry pi firmware has the heartbleed vulnerability. This is fixed in the next release but you can get the updated openssl package and install it manually.

 

[Russ Oz]

Bringing this thread back to life... Rather than going through the router, can I just remotely connect to my computer through something like LogMeIn? It appears that they are charging for that service these days. I also saw a setting on my Mac that allows screen sharing in OS X. Just not sure how any of that stuff works. I'm assuming that if I do go through the router that the Pit Meter app will then work on my phone (when I'm not on my network through wifi).

 

[NickMV]

Bringing this thread back to life... Rather than going through the router, can I just remotely connect to my computer through something like LogMeIn? It appears that they are charging for that service these days. I also saw a setting on my Mac that allows screen sharing in OS X. Just not sure how any of that stuff works. I'm assuming that if I do go through the router that the Pit Meter app will then work on my phone (when I'm not on my network through wifi).

1. TeamViewer is free and is a top-notch remote access app.

2. Why exactly would you want to do that, versus doing it the right way and getting the HeaterMeter routed through the router's NAT/port forwarding feature + dynDNS service? Your proposed method will be harder every time.

I'm assuming that if I do go through the router that the Pit Meter app will then work on my phone (when I'm not on my network through wifi).

3. I'm a tad confused by this question and how it relates to your main question? Are you asking if you'll be able to use the PitMeter app if you configure your router using the correct dynDNS setup procedure?


Getting your HM set up for remote access outside of your WiFi connection is quite simple.


1. Find the IP address of your HeaterMeter on your router's webpage, or look at what IP it displays on the HM screen after bootup

2. In your router's port-forwarding feature, create a new rule to route traffic from port 80 externally to port 80 of the internal IP address. This portion allows the router to pass comms to and from the HeaterMeter without issue. This step is an absolute must. See here for what one of these port forwarding screens may look like.

3. Sign up for a free dynDNS service such as noip.com, and simply "renew" the configuration every 30 days or whenever your internet resets its IP (most home connections don't change IPs very often nowadays).

That's it, you're done, you should be able to type in whatever address you set up in step #3, and it should take you to the HeaterMeter's page.

 

[WBegg]

Indeed. Just imagine the potential for weaponized brisket! All of the millions of HeaterMeter controlled BBQ pits all being hacked on Memorial Day... what potential for chaos!

Laughing so hard, I pooped my pants a little.