HAI Omni IIe remote access problems

[nieldm]

Hi, I was wondering if anyone can point me in the right direction, I have been banging my head against the wall for weeks now.

Not sure if this is a networking problem or a HAI problem but am tending towards the latter. I am having terrible trouble accessing my Omni IIe remotely (via Snaplink or PC Access) from an external location via IP. I have a Dynamic DNS host setup and have forwarded port 4369 (UDP and TCP) on my router, but it simply doesn't connect. The DynDNS host name is in the connection field in PC Access.

What worries me is that I can connect to other hosts in the same location (a Crestron controller for example) and have to say I am pretty confident of my port forwarding skills. When I am local I can connect without issues to the HAI controller. I have also tried another port (changing the port on the HAI console and in the software and the router) with the same result.

If I use an open port checker, it tells me, for example, that the Crestron ports are open but the HAI port is closed.

I am probably missing something really simple here, but if anyone could help me maintain my sanity that would be great!

Many thanks
Marc

 

[Frunple]

If it works locally it's gotta be a port forwarding issue, especially since the port checker is telling you the same thing.

 

[nieldm]

I would agree with you, but I have been over and over this and am even starting to suspect my router is doing something odd. I forgot to mention that it is also intermittant, in that it may work for a day or two then stop working. When I get to the house I reboot the Omni IIe and the router and it may work for a day or so after I leave then stop.

 

[HAI_fjh]

The port forwarding setup for an Omni is pretty standard. I have lost count of how MANY times I have set this up and it is usually no problem. The few times I have had problems it turned out to be something dumb...

It is unlikely that the ISP is blocking 4369, and since you say the port forwarding for other services works then I believe your ISP supports inbound connections. Not all do.

Skipping ahead common problems I have seen:

- When entering the WAN/external address in PC Access do not put http:// (or anything else) in front of it. Just use me.dyndns.com (or whatever).

- Triple check for typos. Can't tell you how many times dyslexia has bitten me.

- Make sure you are using the correct address for the Omni in the port forwarding setup. Again typos; I have seen several routers forwarding to the wrong address.

- If you have more than one router, like people with Vonage often do, you may have to set up port forwarding through both routers and yes this does work but each router must use a different subnet.

- Make sure that the router's firewall is not blocking the port forwarding. Some routers require you to set up port forwarding and also make an entry in the firewall to allow incoming packets on that port. Some may also require a schedule.

- If you have another port forwarding setup that works, like remote desktop or something, compare all of the settings in both setups.

- Try deleting the setup rebooting the router and starting over again. I have seen where everything looked fine but it didn't work. I delete the port forwarding rules, rebooted the router, reentered the same settings and then it worked. (router can be evil!)

- You may also want to check some sites like http://portforward.com/ and see if they have any notes specific to your router.

I hope this helps.

 

[HAI_fjh]

I would agree with you, but I have been over and over this and am even starting to suspect my router is doing something odd. I forgot to mention that it is also intermittant, in that it may work for a day or two then stop working. When I get to the house I reboot the Omni IIe and the router and it may work for a day or so after I leave then stop.

Try upgrading your router firmware or gettnig a new and hopefully better router.

 

[nieldm]

Guys thanks for all the responses. I will go through everything again at the weekend.

On the subject of using a different router, I was just checking on that. I am using the all-mighty BT over here in the UK and they supply what they think is the mutts nuts of a router. It actually isn't bad but it is dumbed down to the lowest common denominator (which, over here, means low...) which can make it inflexible. Apparently it is possible to use my own router and I have a dd-wrt d-link handy, which I will try if I can't crack it this weekend. Given that my remote Crestron connection works (sorry to use bad language Fred) I am on the point of forgetting the HAI apps and modding my Crestron program to talk to the Omni, which is far from optimal!

I will report back on which particular dumb mistake I have been making....

Thanks again
Marc

 

[nieldm]

I meant to add, as part of the dumbing down BT don't allow users to update the firmware, it's done automatically. More I think about it, the more I realise I should change it out!

 

[pete_c]

I've always preferred to kept the router / Firewall separate. In Florida Verizon provided a combo modem, access point, switch and router. I just bridged the connections and went to a DD-WRT configured Linksys which does OK for me. In Illinois I have just a Comcast modem.connected to a Smoothwall firewall. The ISPs here also keep the modems FW locked and they control the updates.

If you are into the DIY thing; the Smoothwall firewall will run on just about anything with two network cards and can be an old PC just sitting around. Its a plug n play set up and very robust; never breaks.

 

[nieldm]

Interesting. I appreciate this is getting a tad off topic, but can you give me a little more of a steer on how to set this up?

Right now I have my DSL connection coming into the house connecting to the BT router. I connect that router to my dd-wrt router via CAT5 simply using it to create a second wireless network (for temperamental Crestron wifi remote controls). The dd-wrt router is configured as a DHCP Forwarder.

What would I need to change to have the port forwarding handled by the second router?

Hope you don't mind the question. If I try it I will eventually get there but the ear bending I would receive from the other half when the network is down makes it a dangerous exercise!

Thanks
Marc

 

[pete_c]

Right now I have my DSL connection coming into the house connecting to the BT router.

Is there more than one device plugged into the BT router? I mean is only the DD-WRT router plugged into the BT router?

Is the DD-WRT router only set up as a wireless AP device?

Is your stuff set up like this?

LAN-1 is one subnet / LAN-2 another subnet?

BT DSL Firewall/Router = = >
LAN - 1 = = > wired networked devices which follow rule set from BT DSL firewall router
====> DD-WRT ==> Wireless AP (using same subnet as LAN-1 or is it on LAN-2 different subnet than LAN-1?) = LAN - 2?
you can configure DD-WRT OS such that wireless is on the same network or using the firewall on a different network.
====> other devices on LAN - 1

 

[nieldm]

Not quite, it's all one subnet and there are also devices, both wired (Omni IIe, Apple TV, Crestron controller) and wireless (my and my wife's laptops, printer) connected to the wireless network on the BT router. The second wireless network is as I said, just for wifi remotes. For convenience there is also an IP phone connected directly to the dd-wrt router.

if it's best that I leave the BT router simply as a DSL gateway and firewall then I will be short of a few ethernet ports, but I have a spare 8 port switch I can deploy if that is better.

I really appreciate you taking the time to advise here, this is invaluable to me.

Marc

 

[pete_c]

View attachment 4236 Redid the drawing.

If the DD-WRT router is on the same network; then unless you did something special (bridge) then the firewall rule set doesn't do anything on the DD-WRT router.

 

[nieldm]

That's pretty much it. So going back to your original post, would you recommend and changes to make things easier/simpler? As I said, I could simply take the BT router out of the equation, run the DSL connection and the firewall on the dd-wrt device and use an external switch to give me the wired connectivity. The wifi remotes are a whole lot more comfortable on their own network but I could create a virtual network on the dd-wrt device too.

I won't bug you further on this, but some final thoughts before I embark on a weekend of hurt would be appreciated!

Marc

 

[pete_c]

You mention the HAI controller on the BT router network and that you cannot access it with the port forwarding configured on same said device (BT router?)?

All the router/firewall configurations from the ISP box (BT) should be plug n play and easy to configure.

The DDNS configuration on the DD-WRT router inside of the network should work. The DD-WRT router's logs should show that the DDNS worked or didn't work. I am guessing that is it working cuz you have access to the other hosts. You have me looking now at my configuration on the HAI OPII that I have configured in Florida. I am now in Illinois.

In Florida its set up similiar to your setup. (two firewall / routers).

I am connecting to my HAI OPII via the DDNS name / port just fine here. Now let me go to the firewall over there....which is a DD-WRT configured combo AP/Firewall Router.... (I have one port on the Verizon FIOS combo AP /router / FW bridged to the DD-WRT)....while typing checked my connectivity to the HAI OPII there in FL....

Basic HAI Port forwarding setup on the DD-WRT router BUT I am not using the FIOS combo router firewall for anything but bridging the network over to the DD-WRT router.

I do have two networks there though; one Verizon FIOS connected network and two a DDWRT connected network.

Is your HAI OPII connected to the BT box directly? Or it is connected to the network ports on the DD-WRT router?

How do the WiFi remotes connect to the second AP? (SSID, N,G or B? and Encryption (WEP or WPA?))

 

[nieldm]

I will have an intensive play this weekend and report back, you have given me plenty of food for thought.

Very many thanks for your help.

Marc