I am planning to create a very simple home\office monitoring system, where I will be able to connect sensors using Mosquitto broker on a Raspberry Pi. The sensors will publish data to the broker and I will be able to see the data as a subscriber.
I have a publisher that periodically publishes messages to the Raspberry Pi (Mosquitto broker) in the house in the same LAN network. But I want to connect a sensor that will be located at my office to the same broker, so the connection can't be except online.
The problem that I am facing at the moment is that I want to connect a sensor to the Raspberry Pi but I need to do it over the Internet given the limitations of hardware. How do I connect the sensor to publish to the broker that resides in the Raspberry Pi from outside the LAN network? I just checked and my public IP address could have thousands of addresses underneath it, how do I know which one is me and connect to it?!
Somewhat depends on your home network. If your ISP uses so called "Carrier Grade NAT" which is increasingly common due to the fact that few IPv4 addresses are now available, you cannot make a connection from the Internet to your local network.
Otherwise you can make a connection inwards and so your remote sensor just needs a TCP/IP connection. We would need more information on the sensor to show you how to do that. To find your public IP address, you visit https://www.whatismyip.com/ from a computer on your local network. (To find out if you are stuck with carrier grade nat, ask your ISP or do a reverse lookup on your public IP address, you may be able to tell). You will also need to configure the firewall on your router so that it allows inbound connections to a PORT that you choose (on the outside) and map that to the internal IP address of the Pi and the port configured on Mosquitto for handling MQTT traffic.
For carrier grade NAT or if you cannot configure your router's firewall to allow incoming connections, you should use another MQTT broker on the Internet somewhere. Then configure your Pi broker to bridge to the Internet broker.
The Owntracks documentation has a quick tutorial. There is also information in the Mosquitto documentation on how to do this.
In this case, your Pi broker is making a connection out to the internet which works fine on any WAN if you are not excessively blocking outgoing traffic.
In either case, do not forget that any traffic over the Internet is insecure. You will need to set up SSL certificates along with a username/password combination to secure the traffic.
Easy!
Just add a port forwarding (in your local router 192.168.x.x) to your raspberrPi ip and MQTT (usually port 1883).
Then your sensor should be connected to internet and send a topic/payload to your public IP address at home...
I do this for android apps
- owntrack
- juiceSSH
- raspicheck
- myMQTT
- openHAB
- Yatse (For Kodi remote)
But do not forget when you open a port you will need to secure it access somehow...
and your public i.p. can be automatically change by your ISP (InternetServiceProvider)
Related
I am running an Ubuntu server with my laptop through an Orcale VirtualBox and I try to maximize the bandwidth of my home server, as it really slows down my internet connection. My router supports up to 300Mbit upload/download speed and my laptop wifi's card up to 150bit.
I configured my server with the following(static IP, configured by vim /etc/network/interfaces):
auto eth0
iface eth0 inet static
address 192.168.1.240
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1
192.168.1.1 is my default gateway, and I just configured a static IP which ends with 240.
When my laptop's WIFI is on, I can easily access the server's files(.html files etc) through chrome from any computer on my house, as I just need to enter the server's IP into the browser, plus I can access the server through SSH. But when It's off, I can't even access the server's HTML files through the laptop itself, though I can see that the server is still running on VirtualBox. When I turn the WIFI once again, I can run services which require Apache2 but they really slow my internet connection, as a result I can barely surf the web. I am trying to configure the server to use only the bandwidth of my router, since my actual internet connection is 30 Mbit download and 1.90 Mbit upload(according to speedtest), and It probably interferes with it. Is it possible to access the server without WIFI connection, so it will purely use my router's speed?
Any help would be appreciated.
1) Looks like you using bridged networking in VM config. When your network adapter is connected to real network - you can interact with your VM via network bridge. When it's not connected - your bridge is also closed. If you need to interact with your VM without WiFi connection - you can add one more virtual network adapter to you VM config: use "Host-only" adapter and configure it on both VM and host PC. Your VM will use new host-only adapter to interact with your PC, and old bridged adapter to interact with other network.
2) Check your WiFi speed near the router. Maybe it's too far or provides too weak signal.
PS. Sorry for my poor english.
I have developed an IOT module which can connect to the Wi-Fi and send data to the internet, the module can send data (string) to specific IP address on the specific port.
The internet server should store that information to the data base and display that information to the user via HTTP (web page).
When I set the port to the 9081 (any random number) and my local computer IP address as IP address that module should send data to, I can see data on my local computer terminal.
My question is that how can I send that data to the internet?
What I have in mind is that I can purchase domain name, host and develop a web site (HTTP) which by default listen to port 80. The service provider only give me a basic services such as HTTP, HTTPS and FTP which make it possible to upload website and I don’t have access to other protocols and ports.
Should I purchase virtual private server or I should use any specific cloud services or the module can send data to the server on port 80 without getting conflict with web pages and web contents?
Please give me some suggestion.
I did something similar with an IoT module. There are two options that I also considered. Before we describe, there is no need to buy a domain name. You can comfortably use the IP address to connect to. If you have some spare cash go for it.
Send everything to the web server on your local computer. To have access to the local computer you must enable port 80 to be accessible over the internet. You do this on a router. This is called port forwarding. You setup a rule such that all the requests made to your IP address on port 80 should be redirected to your local computer on whatever port the web server is listening to. This is the cheapest method available. Also, there is an important limitation: you're local computer needs to be switched on all the time if you want to access the data.
Buy a droplet (virtual private server). The workflow is the same as 1, but you don't need to port forwarding anything. These are usually setup and ready to use. However, this is usually expensive. Most of these providers offer pay-as-you-go services (e.g., Digital Ocean is the one that I used). There are other providers which offer free but limited versions. These are usually developer trial versions. If you go over a number of transactions, or space, you will have to pay (have a look at Parse).
I have developed a p2p video chat using Webrtc. I am aware that STUN or TURN server is required to identify the public IP behind NAT. Currently am using Google's STUN server.
I have the application installed in the server connected to the LAN which will not have internet access, do I need to install the STUN server in my server to make Webrtc video chat work within the LAN?
Peers should be able to connect within a LAN (on the same side of a NAT) without STUN, i.e. using the host candidates. Try it out!
In general, you won't need a STUN server. However, depending on the firewall configuration, you may actually need STUN (and even TURN). For example, at the SFHTML5 WebRTC Hackathon, we were on a corporate guest WiFi network that blocked local UDP and TCP traffic. Making successful calls required a TURN server in this case.
What kind of IP address does whatismyip.com provide?
How can I get it using VB.Net code?
Also what is IP port?
Thanks
Furqan
PART 1
Okay, let's pretend you have a router in your house and that you have several computers in your house all connected to the internet through your router.
In order for the router to know where traffic goes on your network, it assigns unique IP Addresses to all computers on your home network (Usually beginning with 192.168.x.x). These IP addresses are local ip addresses, meaning only your router and computers/devices connected to it in your house knows about them. If you open a command prompt and do command IPConfig you will see the IP address that your router has assigned your computer.
So what is the IP address that WhatIsMyIP.com showing you? In much the same way that your router assigns addresses to all the computers on your network, your internet service provider hands out unique IP addresses to all of their customers. Now, because you have a router, the only thing the ISP can see on your network is that router and your ISP assigns an IP address to it. This is why routers are also called hardware firewalls, because people on the other side of it, can't tell how many computers or devices are connected to it.
What this means is, when you are visiting websites on the internet, the only IP address they see is your routers external IP address (the one assigned by your ISP). So no matter which computer in your house you use, the website wouldn't know the difference because all it can see is your router's IP address. Go ahead and try it; go to www.WhatIsMyIP.com on several different computers in your house. You will see that they all show the same IP address. However, if you did IPConfig in your command prompt on each computer, that shows you the local address your router assigned and it would be different on every computer in your home.
So, now that you understand the difference between local and external IP addresses, how would you retrieve your external IP address in VB or C# .net code that is running on your PC? Well the only IP address your computer is actually aware of is that local IP that we talked about. The only way you can see your external IP address is to go to a website that tells you what address the request came from (which would be your router's IP address).
What you would need to do is write up some code in your VB.net program that would navigate out to WhatIsMyIP.com (or some other website that can give you your IP address) and tell the code to grab it. I have written a web service located at http://www.u413.com/test/terminal/myip that returns only your IP address as the entire HTTP response. Find something similar though for your application because this little sample will not stay there forever; I only put it up there as a temporary example on a domain I already own.
Visit http://www.vbdotnetheaven.com/UploadFile/kbawala/WebRequestClass04182005054320AM/WebRequestClass.aspx to see how to make web requests from code running on your computer.
NOTE: You may not be aware of what DNS is either if you are unaware of how IP addresses work. Everything on the net has an IP address, including the servers that serve up website pages. But what a pain that would be, trying to remember up to 12 digit IP addresses for all your favorite websites. That is what DNS servers were invented for. DNS servers take a domain name (e.g. www.facebook.com) and translates it into the correct IP address. That way all you need to remember is facbook.com instead of 69.63.181.12 (this is facebook's IP address. Go ahead, try it! Put that IP in your browser's address bar and you will see facebook.), domain names are much easier to remember!
If you want to see the IP address associated with a website, open up a command prompt. Once the prompt is open type PING [websitedomain] (e.g. PING Facebook.com) and your computer will send 4 test requests to the address which is displayed for you.
PART 2
Let's pretend your IP address is like the address of an apartment buliding. The pizza delivery boy needs to know the address to the apartment building in order to deliver your pizza. But what is he going to do when he gets there? There are hundreds of doors/apartments to choose from. He needs to know the apartment number (port number on your computer).
Your computer has thousands of ports, and programs can listen on any one of them for requests from the outside world. When you go to a website almost all websites are served on port 80. Port 80 is the default port for web pages. When you go to facebook.com you are actually going to facebook.com:80, you just don't see the :80 because it is implied since it is the default. If I put up a web server, I could decide any port to serve websites on. If I served web pages on a different port than port 80, then you would have to include it in your URL. http://www.SomeDudesCustomWebServer.com:1337.
Outgoing requests use a port too, but that one is usually unimportant and your computer just picks one that is available. So when you go to Facebook.com, the facebook web servers are all serving up pages over port 80, but the port your computer opened up to send the request does not have to be port 80 because it picks an available port and then sends the port with the request. Then when facebook sends its response, it sends the reply back to the ip address and port that made the request.
Outgoing ports are only used for the duration of the request. Ports that must listen for connections must stay the same otherwise the computers making requests would have no idea what port to send the request to.
Easy huh!
Hope that helps you understand a bit better.
EDIT:
Port Forwarding
Okay, in light of the chat application you want to use/create, if you want it to communicate over the net you'll have to learn about port forwarding. Basically, because all you could see of your friend's network would be his external ip address, you will have to use that address to connect to his chat server (or vice versa if he is connecting to your chat server then it will be your external IP). Because of this, the connection request would only get as far as the router that has the external IP, but it would not know what computer on the network to forward the request to.
You will need to access your router's firmware and set up port forwarding so that the router knows to forward requests on a specific port, to a specific computer on the network. Visit http://portforward.com/ for more detail on how to setup port forwarding.
EDIT 2:
Firewall
When setting up stuff to communicate with your computer using your PC, you may start getting frustrated that it just won't connect. What is likely stopping you is your firewall. By default, most ports on your PC are completely blocked by the windows firewall. For each port that you want to communicate on you will want to go into the firewall and create a rule that will open up the port. Go here http://www.top-windows-tutorials.com/windows-7-firewall.html for a video on how to use the windows firewall. I did not watch it, but it is what came up first on a google search.
Do not simply disable the firewall. Even though this is an easy and quick solution to open up all your ports, you are leaving yourself open to attack. Viruses love to set themselves up in your computer if they can and listen on an open port for a connection from their beloved creator so he can obtain access to your PC. Only open the ports you need.
UDP vs TCP
When opening and forwarding ports you may notice that it asks for UDP (User Datagram Protocol) or TCP (Transmission Control Protocol). What they stand for may not make sense but all you need to know is this: UDP is for single packet transmissions which means that two packets sent by a pc may or may not be related to each other. These types of data packets are usually used for broadcasts on a local network. An example I would use is LAN games. When you host a game on a LAN the other computers/devices can see the name of the game and join it. That is because the computer hosting the game is transmitting a UDP broadcast across the entire LAN so that any devices can see the game. Those UDP transmissions usually contain the name of the game and the connection info required to connect to the game.
TCP is for continuous packet transmission. TCP requires an established connection, any packets transmitted on this connection are always related to that one connection/request. To continue my example from the last paragraph, once you click connect on the LAN game, your computer then establishes a TCP connection with the host and uses that connection for the duration of the game or games. TCP is the most commonly used connection type and your chat program would likely communicate over TCP, especially if you are connecting across the net because UDP broadcasts are useless across the internet. UDP is only really useful on a LAN.
You should be safe forwarding and unblocking only the TCP ports, but sometimes when I'm unsure I just do both UDP and TCP just to be safe. In fact, many routers and firewalls have 3 options: TCP, UDP, or Both which saves you from having to create two rules for both types of the port.
When in doubt, open/forward both.
What's my ip provides your IP v4 public address.
It's really easy to retrieve it, this topic explain how to proceed : How to get the IP address of the server on which my C# application is running on?
The code is only a few lines long, so the language (c# in this example) does'nt matter.
They provide your external internet facing IP.
This IP will depend on how you connect to the internet. If you connect straight from your computer to your ISP without any kind of router or firewall in between, it might be the same as your internal IP, but in most circumstances this will not be the case.
If you're at home and you've connected via a router of some kind, then you might be able to query it for the IP, but there is no standard way of doing this.
There is no standard way of getting hold of your external IP from the client it self. If you've got access to a server on the internet where you could deploy some code you could connect to that server from your client PC and ask it what IP you're connecting from.
IP Port Numbers
I also needed external IP using command line, but because I didn't find it I wrote small application using vb.net. You can use reflection for source code or ask on app home page for it. Basically application opens web page that provide your IP and parse it using regular expression, but because is designed with this purpose uses many "tricks" for this (can use more web pages at once, uses fastes page, etc). Check source for details.
I created a vb .net app and basically it connects to the server (my brother's computer at his house) and sends messages. The problem I'm having is, we both have routers. The only way I'v gotten all of this to work, is by both of us connecting ppeo broadband and then our ips work, otherwise the "real ip" is used for all the pcs in my house. How can I connect tcp to him wothout him having to connect broadband. Because to connect broadband he needs to be connected to an ethernet port, so then he cannot be wireless.
Thanks
I don't know what you mean by "connect broadband", but if the computers are not on the same local network, and you have a NAT router in between, you will either have to connect them via a VPN (like Hamachi for example) or configure port forwarding on both sides on the routers.
See: How do you get Java sockets working with public IPs?
Some routers also have "Dynamic Port Forwarding", where if you are using, say port 8084 for your traffic, both your and your brother set your routers to dynamic port forward port 8084.
The router then listens for client computers connecting across port 8084, and when it sees that traffic, it will route traffic across that port to the client computer that first requested it.
Another popular "NAT-traversal" technology is UPnP. See this SO question and associated article for more information on how to use .NET to control UPnP. Again, router hardware must support it and be configured to use UPnP.
Edit: Untested, but you could try also to use and IPv6 tunneling software such as the one from go6 to create a public IP. This is like VPN, but one-sided, and less private.
Rather than router configuration, you could use a VPN. Hamachi is free and easy.