Firewall Port Forwarding for Omnia Processor access

Get advice from the Nerd Herd!
Post Reply
User avatar
jantonuk
Posts: 55
Joined: Mon Nov 19, 2012 1:52 pm
Location: Fairbanks, AK

Firewall Port Forwarding for Omnia Processor access

Post by jantonuk » Mon Nov 19, 2012 2:01 pm

I just installed the 2nd Omnia ONE processor at the FM site.
I was able to forward ports for metering just fine for the 1st unit but am wondering about the new unit.

The processor has a web server on port 80
Browsing to this web page and looking at the live meters uses ports 4545 and 4546.

I am able to forward these ports through the Linksys E1200 firewall to the original Omnia just fine.

I can foward a non-standard port 8011 external to internal port 80 on the new 2nd unit and see it's web server just fine.

If I was using some kind of remote control application software I could probably tell it to use 4547 and 4548 externally and then forward those ports to 4545 and 4546 on the 2nd unit too.

The Omnia has a place where you can change the metering port to something other than 4545 if I want I don't see how that is going to help me since I don't see a way to tell the web browser to use some other port for metering display.

Is anybody else using multiple Omnia processors at their sites and been able to achieve functional port forwarding through their firewall to monitor more than one unit?

73,
John AL7ID in Fairbanks, Alaska

User avatar
Deep Thought
Posts: 3209
Joined: Thu Mar 20, 2008 9:23 am
Location: La Grange, IL
Contact:

Re: Firewall Port Forwarding for Omnia Processor access

Post by Deep Thought » Mon Nov 19, 2012 2:44 pm

What web browser are you talking about? Any browser should be able to request a page from any port simply by appending the port number to the address, i.e. http://a.b.c.d:port
Mark Mueller • Mueller Broadcast Design • La Grange, IL • http://www.muellerbroadcastdesign.com

User avatar
jantonuk
Posts: 55
Joined: Mon Nov 19, 2012 1:52 pm
Location: Fairbanks, AK

Re: Firewall Port Forwarding for Omnia Processor access

Post by jantonuk » Mon Nov 19, 2012 4:32 pm

Either Firefox or Internet Explorer.

Let me give the details.
The processor is on the LAN at 192.168.1.10
It has a built-in web server that listens on port 80.

So far, so normal.

I can set up a port forwarding rule on the firewall that allows me to do what you suggested i.e.
http://mypublicip:8010
and have that redirected onto 192.168.1.10 on the LAN.
That works fine.

But here's the rub.
The Omnia processor streams out meter readings on port 4545.
The Omnia processor receives return commands from the user's web browser on port 4546.

I can forward port 4546 from the outside to the 192.168.1.10 port 4546 on the inside and all works OK.

HERE COMES THE PROBLEM.
I have two Omnias.

I can change the metering and command ports on the second Omnia to something other that the default 4545/4546 such as 4747/4748.
But how do I tell the user's web browser which port to receive meter readings on and send back commands on?

John

User avatar
Deep Thought
Posts: 3209
Joined: Thu Mar 20, 2008 9:23 am
Location: La Grange, IL
Contact:

Re: Firewall Port Forwarding for Omnia Processor access

Post by Deep Thought » Mon Nov 19, 2012 11:13 pm

Pardon the stupid questions (I have not used remote metering on an Omnia...I'm a transmitter and antenna guy) but is this run using a browser plug-in or some kind of local front-end? A web browser doesn't know nor care what port data comes in or out on as long as you specify the port if it is other than 80 for http or 443 for https. If it is a plug-in/front end there may not be a way to specify the control and monitoring ports. I know I'm not helping much right now but the more detail you can supply the better. How (specifically) is this set up on the user end?
Mark Mueller • Mueller Broadcast Design • La Grange, IL • http://www.muellerbroadcastdesign.com

User avatar
jantonuk
Posts: 55
Joined: Mon Nov 19, 2012 1:52 pm
Location: Fairbanks, AK

Re: Firewall Port Forwarding for Omnia Processor access

Post by jantonuk » Mon Nov 19, 2012 11:24 pm

It is not set up on the user end. That's my conundrum.
In this case, standard port 80 web browsing.
But the metering display on the user's web browser uses a JAVA applet which delivers the data from the processor to the web browser on port 4545.
While the controls are driven by commands coming back from the user's JAVA applet to the processor on port 4546.

If I change these metering and command ports on my 2nd unit, how will the web browser's JAVA applet know where to get and send data/commands?

John

User avatar
jantonuk
Posts: 55
Joined: Mon Nov 19, 2012 1:52 pm
Location: Fairbanks, AK

Re: Firewall Port Forwarding for Omnia Processor access

Post by jantonuk » Mon Nov 19, 2012 11:47 pm

Apparently there must be communication on port 80 between the web server in the processor and the Java applet that runs in the user's browser that relays the port information so the end user does not need to know which ports are being used for metering and R/C.

Anybody else care to venture an educated guess?

John

User avatar
KPJL FM
Posts: 565
Joined: Fri Nov 16, 2007 9:28 am
Location: planet Earth, 3rd rock from sun

Re: Firewall Port Forwarding for Omnia Processor access

Post by KPJL FM » Tue Nov 20, 2012 8:45 am

i think what you're saying will require a second public IP for the second Omnia to work. Use the same ports on the second IP, configure the router to forward those ports on the second IP same as you're doing for the first IP.
Trim to fit, paint to match, tune for minimum smoke.

eadler
Posts: 411
Joined: Mon Dec 15, 2008 2:23 pm
Location: Binghamton, NY
Contact:

Re: Firewall Port Forwarding for Omnia Processor access

Post by eadler » Tue Nov 20, 2012 10:24 am

Why not create a VPN or SSH tunnel instead of port forwarding? Either of these will add a layer of security that you don't currently have and allow you to reach other systems on that connection and (more) easily change what you're looking at.
Eric "tonsofpcs" Adler
http://www.videoproductionsupport.com/
Twitter: @eric_adler

User avatar
rockmanac
Moderator
Posts: 1201
Joined: Wed Nov 14, 2007 9:18 am
Location: St. Paul, MN
Contact:

Re: Firewall Port Forwarding for Omnia Processor access

Post by rockmanac » Tue Nov 20, 2012 10:26 am

eadler wrote:Why not create a VPN or SSH tunnel instead of port forwarding? Either of these will add a layer of security that you don't currently have and allow you to reach other systems on that connection and (more) easily change what you're looking at.
If you can't get a 2nd public IP, that is going to be your best solution. Though, you may have an issue with the Linksys not being able to handle VPN.
Addie Chernow
Director, WCCO-TV
WWW - @chernowa - KC9JHY

Formerly:
OverDrive Operator, WKOW-TV
Director/Technical Director, WKOW-TV
Director/MCO, WREX-TV

User avatar
jantonuk
Posts: 55
Joined: Mon Nov 19, 2012 1:52 pm
Location: Fairbanks, AK

Re: Firewall Port Forwarding for Omnia Processor access

Post by jantonuk » Tue Nov 20, 2012 1:18 pm

I was able to make both units work by changing the ports on the 2nd unit. Apparently the 2nd unit communicates via the port 80 connection to the browser which ports to use for metering and control.
It works.

I agree that port forwarding is less secure than VPN but oh well.

I'm not using port 80 or 443 so "security by obfuscation" at least.....

John

So... Does anybody else have 2 Omnias at the same site inside a firewall/router?

Post Reply