Reply
AdelaidePete
Posts: 5
Registered: ‎02-19-2012
Accepted Solution

Letting Application Through WAG160Nv2 Firewall

I want to control my homes X10 Devices (lights on/off, close garage door, etc) using an iPhone application.
This technolgy has potential to be a life saver in turning on sprinklers etc without going home when a bushfire/wildfire comes.
The app to do this has two parts: a server element on the computer and a component on the phone.
The X10 Commander server element for me is in Windows 7 in a Parallels 7 Virtual PC on my MacMini-2010 now running Lion OS 10.7.3
That server element tells me that my Host is 10.211.55.4 as does ipconfig in a COM window started in the Windows environment. Strangely, the router thinks the IP address is 101.103.32.25?
I responded to a spontaneous Windows 7 Prompt to allow the application on port 6003 through its firewall.
I also setup Kasperski Pure Firewall in that same virtual PC to allow the X10 App to communicate TCP and UDP.
On opening the app on the iPhone, it tells me:
   Server Error
   Server Disconnected
   Check host 10.211.55.4 and port 6003 are correct in main Settings application.
Next, I need to letting the application through my  WAG160Nv2 firewall...
So, opening my browser at 192.168.1.1 it connects to the setup pages for my Cisco Linksys browser WAG160Nv2.
There seems to be no trace of the host IP address (10.211.55.4) I need to enable port 6003 for,
They all start with 192.168.something? I guess these are relative or local and the other is absolute or external?
I hypothesised that 192.168.1.100 or >100 can be treated as an alias for my actual IP address and added the X10 application with port 6003 as enabled with IP address 192.168.1.101 but that did not help.
How do I open the specific port needed in my Router firewall?
If I could figure out how to do it, would there be a risk to my PC environment in doing so? 
Could I use the big button on the router itself to somehow allow the X10 Commander App through the firewall?
If so, just what sequence would present me with th ecahnce to do that?
It should not be this difficult.
Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Letting Application Through WAG160Nv2 Firewall

It seems as if you have configure Virtual PC to do NAT. You must configure Virtual PC to bridge the VM to the ethernet connection. Only then the VM is directly connected to your LAN. Otherwise, virtual PC will route between the LAN and the virtual ethernet adapter. This would mean you would have to set up port forwarding in Virtual PC to make it accessible.

AdelaidePete
Posts: 5
Registered: ‎02-19-2012

Re: Letting Application Through WAG160Nv2 Firewall

[ Edited ]

I thought that I had implemented Network Address Translation (NAT) by adding a line in my Linksys setup pages?:

 

Applications & Gaming Tab.

   Application: X10

   External Port: 6003

   Internal Port: 6003

   Protocol: UDP

   IP address: 192.168.1.102 (this is shown in the MacMini4 System Report for Network as my WI-Fi IPv4 address)

   Enable: tick

Administration Tab.

   UPnP: Enable

   Management via WLAN: Enable

 

I am hoping that despite using a dynamically allocated IP address externally, the router is smart enough to know
that I want port 6003 open no matter what is allocated... does not yet work for me. In the Virtual PC, ipconfig is still

showing the IPv4 address as 10.211.55.4 (Preferred) as does the virtual-PC-resident X10 Commander app window.

I have tried both local (192.168.1.102) and external (10.211.55.4) as the Host (i.e. IP Address) datum in my iPhone Setup.

By the way, I have enabled X10 Commander in both the Windows 7 Firewall and the Kaperski Pure Firewall in the virtual PC.

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Letting Application Through WAG160Nv2 Firewall

You have double NAT. Your routers does NAT. And your Virtual PC software does NAT. Virtual PC is a NAT router between your Linksys LAN and the VM LAN. That's why you have 192.168.1.* addresses in the Linksys LAN and 10.211.55.4 as address for your VM. Between the Linksys LAN and the LAN of the VM is another NAT router: Virtual PC.

If you wanted to do double NAT you have to configure port forwarding in Virtual PC for the same port to the IP address of your VM (if Virtual PC can do that).

However, as you want your VM to be connected to the Linksys LAN and not separated by another NAT router, you should reconfigure the network adapter of your VM into bridge mode. I don't know Virtual PC but other VM software supports that. In bridge mode the VM is directly connected to your Linksys LAN and gets an IP address from your Linksys router (i.e. the VM gets another 192.168.1.* address different from the one of the MacMini).

That's your problem. The forwarding in the WAG works. You just forward UDP port 6003 to 192.168.1.102. However, the computer doesn't know what to do with it because you did not set up Virtual PC to accept that port and forward it to the VM. That has nothing to do with the dynamic WAN IP.

You should never run two firewalls on a computer (or VM). Use only one. Two firewalls are worse than one firewall because they can interfere.
AdelaidePete
Posts: 5
Registered: ‎02-19-2012

Re: Letting Application Through WAG160Nv2 Firewall

I am pretty sure that the virtual PC I am using, Parallels 7, simply intercepts and maps everything a PC interfaces with to the appropriate MAC equivalent interface. So no special NAT processing is appropriate at that point. I have tried turning off both Kapershi Pure's and Windows 7 Firewall with no consequential improvement (so I then put them back on). Can you suggest something concrete I can try next?

AdelaidePete
Posts: 5
Registered: ‎02-19-2012

Re: Letting Application Through WAG160Nv2 Firewall

I just found a Network Settings dialog window in Parallels 7 Preferences - Advanced and could enable port forwarding there.

I forwarded MAC port 6003 to the VM port 6003 using UDP and IP Address 10.211.55.4 but still get a server error on the iPhone

:smileysad:

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: Letting Application Through WAG160Nv2 Firewall

First of all, can we clear up what you are using. Do you use Microsoft Virtual PC or Parallels Desktop 7? It is very confusing that you always write about "virtual pc" which suggests the Microsoft product... The thing you are running inside this software is a VM or "virtual machine" not a "virtual pc".


AdelaidePete wrote:

I am pretty sure that the virtual PC I am using, Parallels 7, simply intercepts and maps everything a PC interfaces with to the appropriate MAC equivalent interface. So no special NAT processing is appropriate at that point. I have tried turning off both Kapershi Pure's and Windows 7 Firewall with no consequential improvement (so I then put them back on). Can you suggest something concrete I can try next?


The VM has an IP address 10.211.55.4 which is meaningless in the Linksys LAN. Virtual PC cannot "map everything" just like your WAG router cannot "map everything" from the internet to the "appropriate MAC equivalent interface". Virtual PC does NAT and by default that means that the VM is inaccessible unless you define port forwarding.

 

As I wrote before, I highly recommend not to do double NAT and bridge the VM directly into the LAN. Switch the network interface to bridge mode. See this: http://kb.parallels.com/4948  Currently you are running "Shared Networking" or maybe even "Host-Only Networking". Switch to "Bridged" and your VM will get an IP address from the Linksys router and you can adjust the port forwardings on the router to forward that port directly to your VM.

AdelaidePete
Posts: 5
Registered: ‎02-19-2012

Re: Letting Application Through WAG160Nv2 Firewall

:smileyvery-happy:

Success! That fixed everything and I now hove connectivity... at least at home.

I changed the Virtual Machine configuration Network to Default Adapter (for Bridge Mode).

I turned off both software firewalls.

I modified the iPhone Setup to use 192.168.1.110 as host IP address.

I changed the port forwarding for the router to use the same IP as that.

I turned on my ActiveHomePro software in the Parallels 7 hosted Windows 7 on my MacMini4.

I opened my X10 app on the iPhone and there are all the devices listed and they turn on and off fine.

Thanks for you patience and help.