Accessing Domoticz from 2 interfaces

[GeoBeBee]

I’m trying to access the Domoticz Web Service (port 8080) on my Raspberry Pi via both of the following interfaces (which have static IPs):

Ethernet (eth0, 172.22.0.99, connected to a Netgear router).
Wi-Fi (wlan0, 172.24.1.1, providing an Access Point).

Currently, I can only access the web service if I connect to eth0 and gain an IP address 172.22.0.x.

If I connect to the Wi-Fi Access Point on wlan0 then I correctly acquire an IP Address 172.24.1.x, hence SSH works, but the web service is inaccessible (both http://172.22.0.99:8080 and http://172.24.1.1:8080).

I’ve been testing the above using a Windows 10 laptop. The actual problem is that I have a number of Arduinos which can connect to the Pi’s Wi-Fi Access Point (wlan0), but cannot then access the Pi’s Web Service. Hence instead I’m currently having to connect them via the Netgear router, and hence the Pi’s eth0. This is what I’m trying to avoid.

Aside: the Pi is also running:

OpenVPN, hence eth0 is bridged (br0, tap0).
A Wi-Fi sniffer (wlan1alfa, renameX).
172.22.0.100/102/106/113 examples of a working Arduinos

Any pointers very welcome…, thanks in anticipation

Geoff

Having created the following post (with lots of information about my setup):
https://unix.stackexchange.com/question ... -interface
I realised the issue might be specific to Domoticz.

I found a possible area for investigation:

https://unix.stackexchange.com/question ... -ssh-to-it

It can be the case that the webserver is listening only on localhost(127.0.0.1) instead of listening on all interfaces(0.0.0.0)

Code: Select all

$ sudo netstat -taupen | grep LISTEN

On my Pi, note the ":::8080":

$ sudo netstat -taupen | grep LISTEN

Code: Select all

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          15295       1847/smbd
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      1000       11927       1437/Xtightvnc
tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN      1000       11924       1437/Xtightvnc
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      0          14462       1154/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          14453       1143/sshd
tcp        0      0 0.0.0.0:1880            0.0.0.0:*               LISTEN      1000       15768       716/node-red
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN      0          11708       903/mosquitto
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          15294       1847/smbd
tcp6       0      0 :::139                  :::*                    LISTEN      0          15293       1847/smbd
tcp6       0      0 :::8080                 :::*                    LISTEN      1000       4902627     25249/domoticz <<---
tcp6       0      0 :::53                   :::*                    LISTEN      0          14464       1154/dnsmasq
tcp6       0      0 :::22                   :::*                    LISTEN      0          14455       1143/sshd
tcp6       0      0 :::1883                 :::*                    LISTEN      0          11709       903/mosquitto
tcp6       0      0 :::445                  :::*                    LISTEN      0          15292       1847/smbd
tcp6       0      0 :::6144                 :::*                    LISTEN      1000       4902635     25249/domoticz

A bit more investigation found the startup parameter '-wwwbind' in domoticz.sh:

Code: Select all

DAEMON_ARGS="$DAEMON_ARGS -wwwbind 0.0.0.0"

So I'm one step closer, note the "0.0.0.0:8080":

$ sudo netstat -taupen | grep domoticz

Code: Select all

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1000       21943078    27425/domoticz   <<---
tcp        0      0 172.22.0.99:8080        172.22.0.102:52060      ESTABLISHED 1000       21949101    27425/domoticz
tcp        0      0 172.22.0.99:8080        172.22.0.100:52135      ESTABLISHED 1000       21949100    27425/domoticz
tcp        0      0 172.22.0.99:58528       172.22.0.99:1883        ESTABLISHED 1000       21946463    27425/domoticz
tcp6       0      0 :::6144                 :::*                    LISTEN      1000       21943086    27425/domoticz

I still get the following:

http://172.24.1.1:8080/ (on laptop 172.24.1.42)

Code: Select all

The connection has timed out

The server at 172.24.1.1 is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

I must be missing something...?
Geoff

[GeoBeBee]

I was indeed missing something: properly flushing my NAT rules!

I had been using just:

Code: Select all

sudo iptables -F

Once I started using the following before creating my rules it worked (no other change):

Code: Select all

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X

sudo ipset flush
sudo ipset destroy
sudo ipset list

Apparently I should also do:

Code: Select all

sudo iptables -t raw -F 
sudo iptables -t raw -X

So now if I connect to the Pi's Wireless Access Point on 172.24.1.1 (wlan0) and get IP address 172.24.1.x I can access the Domoticz Web Server on the Pi via http://172.24.1.1:8080, which is what I want.

It was previously the case that I had to go via a separate router (172.22.0.1), get IP address 172.22.0.x, and access the Pi via eth0: http://172.22.0.99:8080.

https://unix.stackexchange.com/question ... 641#501641