Domoticz

Hi.

I consider myself a layman in networking though I'm not completely non technical. I have Domoticz running on Pi 3b+ with Aeon Labs Z-Wave USB Adapter and RFXtrx433XL. All is working well with KAKU, Ikea Tradfri lamps, some temp sensors and our ThermoSmart Thermostat.
All within my local network.

Next step is to be able to connect to my Domoticz app via internet from elsewhere. I tried with port-forwarding but I must be doing something wrong.

Internet reaches the house via a Ziggo Connect Box then a Netgear Router R7000 to which my Pi is connected.
On that R7000 is also a Asustor NAS connected which I also want to access from out side.

Who can advice / guide me?

Brgds Kees

Hi Kees,

You made yourself a complex solution.
Why do you have 2 routers in cascade ? Your ziggo is a router and the Netgear is a router too.

Eigther make the Ziggo a Bridge ( you must open a case as in ipv6 mode the ziggo does not do bridging ) or use your netgear as a switch/AP only
and therefore bypass the router function.

Simple test : Connect the Ziggo output to 1 of your 5 switch ports ( so not the wan connection). Please stop the dhcp service on your Netgear.
having 2 dhcp services on your network does give unpredictable output. If you did your port forward on the ziggo stuff you might reach your Pi.

You are correct in do a port forward on a router. That's the way to go.
Please mind you open up to the whole ( terror) internet and hacker scripts will attack your poor Pi......

Hope this helps you a little,

Frank

Why not use a service like: my.domoticz.com
Does asus not have simular service?

And are your sure that ziggo is not possible in bridge mode? I have a Ziggo Ubee modem in Bridge. I had to ask Ziggo customerservice for this.

I agree that you have to think carefully if you want to open your network by port forwarding. Have you thought about VPN to one of your modems? With Ziggo modem in bridge mode, that would be possible is it not?

freijn wrote: ↑Wednesday 27 November 2019 10:09 Please mind you open up to the whole ( terror) internet and hacker scripts will attack your poor Pi......

Just forwarding https (port 443) with a user/password combo setup in domoticz that is not too obvious to guess is IMO no great deal: Only logged attempts come from indexing robots that gives up on the login page and that's a few ones per hour.

That's really nothing compared to forwarding ssh port (22), that can be attacked several times per second by user/password brute-forcing robots.

Always better to setup some fail2ban, even for https to silence some script kiddies, just in case... but no reason to be afraid.

Thanks for your advices!

I've set up my.domoticz.com which seem to work. Not sure if it is what I'm looking for as so far I need to logg in into my.domoticz.com and then to the local domoticz instance.

But let's see. I can keep my LAN apart from the outside and frightning world.

Also I'm going to see if I can reset my NetGear Router following the Ziggo router, ri have these options; Not sure what the options do, but I'll find out.

Thanks again.
Brgds Kees

Hi Kees,

First question why are you using 2 routers on your LAN?

It's easier to use only the Ziggo router and if you need more wired ports connect a switch on it, and if you need more wifi through your house just buy an access-points.

A router routes subnets (just like 192.168.178.0/24 which is default ziggo) between routers, a simple unmanaged switch is not a router but switches packets within the same subnet. In a common home situation you don't need more subnets, unless you want to seperate things like guests and so on.

If you use only one router like to the ziggo, just create a port forwarding to your nas ip.

if you use more routers then you need to create a port forwarding on your ziggo router with the internal ip of your netgear router and on your netgear router create another portforwarding to with the local ip of the nas.

what i should do in your situation because you already have the netgear is to set him in AP mode and buy a simple netgear switch and connect the AP to the switch and your nas etc also. Because i guess your NAS is not in the same room as the ziggo router.

Gr Jurgen

Be aware that this could potentially be a double NAT problem.

If you have both a Ziggo router and a Netgear router, you need to have the Ziggo router in bridge mode.
Simply said, is you connect your laptop to the Ziggo router, what IP address do you get?

If it is between one of these, you have a double NAT construction and your Ziggo router is NOT in a BRIDGE mode.
These IP addresses are private range IP addresses:
10.0.0.0 – 10.255.255.25
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Ziggo will mostly use the IP address 192.168.178.1 for it's router.
That is private range....

This will not work properly with a second Netgear router behind it and results in double NAT...
Best thing you could do is to remove the Netgear router until you have a better understanding of networks.

More info:
https://nl.wikipedia.org/wiki/RFC_1918
https://en.wikipedia.org/wiki/Private_network

Should you wish to continue, Ziggo provides you with instructions to configure the modem in bridge mode:
https://www.ziggo.nl/klantenservice/wif ... dge-modus/

To check your IP address in Windows:

1. Press the CTRL+R key combination
2. Enter "CMD" (without the " ") and press Enter
3. Type "ipconfig /all" (without the " ") and copy-paste the results here

Also, if you wish, copy-paste the results of the tracert command: "tracert domoticz.com" (without the " ").
This last command will include your IP address, if you send it to me with a private message it's safer.

Perhaps I can help you with further steps with that info...
It will give us details about your current network configuration