!!! Mediawiki has been upgraded !!!
Slack integration has been disabled for now due to an incompatibility.
If you want to testdrive the new skin (Tweeki), make sure your language settings are set to 'en - English' in your preferences!

Scarlet BBox2 (Sagem F@ST 3464)

From Brixel - Hackerspace Hasselt
Jump to: navigation, search


Project: Forwarding a machine on Scarlet's BBOX2 (Sagem F@ST 3464)
350x350px
Description: A tutorial to get a machine's data to the outside world when your home connection is served by a BBOX2
Status: Completed
Participants: Woutervddn
Expertise: DHCP, Network, Servers, DDNS, noip
Edit tags: Scarlet BBox2 (Sagem F@ST 3464)


So I've got this old, screenless, laptop that has a couple of functions at our dorm. For one it's my owncloud box, but it's also our print-server, and test-bed for new types of servers (node.js for instance). Apart from connecting to it on our local network, I really wanted to access this machine from outside.

At the moment there are 2 (+2) services which are accessible from the outside. The first one is the SSH server and the second one is apache2 (ssl) for owncloud. Both run on ports above 1024 (I had to do use ports above 1024 when we still got Telenet, I think BBOXes also require this, but I'm not certain. I didn't bother to change it).

Because I don't keep track of / remember / know the actual external IP address for our router I set up a Dynamic DNS. Basically, whenever the external address changes, this program notifies the dns server so i can just use a humanfriendly name to get to my home network. (Something like: http://my_own_name.ddns.net )

I installed no-ip using this tutorial.

Now that I was able to find my home network from anywhere in the world, it was time to figure out how to actually do something in the network. I'll save you all a lot of time and tell you what doesn't work:

  1. using a (randomly assigned) dynamic IP address via the DHCP server. It doesn't work, because the bbox only allows portforwarding from a specific IP address, it doesn't allow mDNS names like wouters-owncloud-box.local
  2. keep using the DHCP to give a (less randomly assigned) address to the local-server (i.e. the machine that runs owncloud). It doesn't work because even if you manage to make that computer send out a DHCP request for a specific ip address, the bbox will just ignore it and offer the next free address on it's list!

What does work:

  • Give your local-server a static ip address. Don't give it a low address, use an address above .60 (apparently BBox DHCP server can only handle from .1 until .64). I used .63
  • Go to http://192.168.1.1/mic
  • Enter your device serial number
  • Go to Advanced Settings > LAN servers
  • Define for each service on the local-server a name, protocol, Public start & end port, LAN start port and local ip address.
  • Also, make sure that "Access to the F@st3464 configuration from WAN" is set to no on this page.
  • Click the Save button

Now:

  • Go to Advanced Settings > Firewall
  • For security reasons make sure that you select "Typical Security" in the General tab
  • Go to the "Port Triggering" page and make an entry for the ports you use with the protocols you use on your local-server
  • Also press the Save button

At last:

  • Go to Advanced Settings > Network Interfaces & click LAN Bridge
  • Click the Settings button on the bottom of the page
  • Under "IP Address Distribution" lower the "End IP Address" field to a value lower than the static IP your local-server has. (make sure you leave enough dynamic ip's for all your other devices!)
  • Apply
  • Reboot your BBOX (if you can't access the admin section of your bbox at this point, join the club! I had to pull the plug to get it back up again)

Go drink a beer and be proud! You finally mastered the least intuitive router webinterface I've ever encountered.


Funny quirk about the BBOXes, let's say I'm in my home-network with a local ip of 192.168.1.2 and I want to access 192.168.1.4, than I can do so. Let's assume for a second that I managed to get 192.168.1.4's ports working from outside as well, than I can also access 192.162.1.4 via the remote ip xx.xxx.xx.x and via the mDNS (if configured) somename.ddns.net.

What I can't do though is go to somename.ddns.net or xx.xxx.xx.x from within your local-network if those external addresses are of your own network. The router fails to recognize that this is the same network and just tells you that it can't find the host. (pretty hard figure out until you figure that your smartphone can access the local machine via it's external address but your laptop in the LAN can't)

The above quirk also makes that setting up the Owncloud desktop sync isn't as easy as it should be. I want my laptop to sync with the owncloud server whenever I'm at my dorm. Naturally this means that I have to list http://192.168.1.63 as my owncloud server. From outside, I can't access that local ip address. I could change the owncloud server ip-address when I'm on another location, but Owncloud desktop sync "forgets" all its folders with every new connections. (I've got about 6 different folders defined and none of them are the traditional ./owncloud folder)

The way I go around this is by using an ssh-tunnel. I open a terminal execute ssh -C -D 1080 somename.ddns.net then I enable the SOCKS5 proxy in the Owncloud desktop sync with proxy-address= 127.0.0.1 and port=1080. Owncloud desktop sync now manages to find 192.168.0.63 again... :)