I have been googling all day for a comprehensive set of instructions that will allow an Arduino with Ethernet Shield to be visible to the whole world versus just being visible to my local area network. I did this example:
but of course it only works with a local connection. I would like to be able to access my arduino remotely from anywhere but there doesn't seem to be a lot on the web about it. I have a cable internet modem connected to a linksys E1200 wireless router. I have found a few things that I don't understand very well such as dynamic dns and port forwarding and I am sure that I have found some of the pieces, but I just don't know how to put them together. Can someone help me out with this?
I would like to be able to access my arduino remotely from anywhere but there doesn't seem to be a lot on the web about it.
Perhaps because there is nothing Arduino-specific in what you want to do.
Your Arduino is connected via a cable to some physical device - usually a router. The router allows the Arduino exclusive use of an IP address that is local to the network that the router manages. The router may, or may not, perform port-forwarding of data it gets to the Arduino.
If the router is set up to forward all data that arrives on port 60, for instance, to the Arduino, then the Arduino will be accessible from computers not on the network using "http://router-ip:60".
Of course, this means that you need to know your routers IP address, as assigned (generally temporarily) by your internet service provider.
You can get a static IP address, so that the router's IP address never changes, but be prepared to pay for that. Sometimes a lot.
Alternatively, you can have code on a PC connected to the router that periodically checks the IP address assigned to the router, and updates DNS data (worldwide) mapping the router's IP address to a domain name (that you host/pay for). Then, the world will access your Arduino (via your router) by name, rather than IP address.
As your internet service provider changes your router's IP address (typically weekly), DNS will be updated to know where your router went, and the Arduino will remain visible, except for the few minutes just after the router's IP address is changed.
Fantastic explanation PaulS! I appreciate that! So it sounds like I need to do two things. First I need to take advantage of a service like dynDNS and second would be to enable port forwarding on my router. I think my router should take care of updating dynDNS when the IP Address changes (I hope).
ofey:
This is a useful thread. Can I just ask is the router-ip the same as IPv4 address, which is found in cmd->ipconfig?
There are a few different systems but generally no. The cable modem gets a real IP address from the cable system. It then hands out "fake net" addresses to the computers and other devices using a protocol called DHCP (dynamic host control protocol). So the cable modem / FiOS router / whatever might have an IP address like 72.249.12.17 and the computers on your network would have an IP address like 192.168.1.5, 192.168.1.6 and so on.
Is it true to say that the computers IP, (got by Googling 'what is my ip') is different from IPv4 which is the routers IP?
Well, yes and no.
First, IPv4 is a system of IP addresses, which has 4 octets (so xxx.xxx.xxx.xxx). IPv4 is not a reference to the IP on our cable modem.
Yes the computer has its own IP, but the cable modem / router / whatever device translates packets from your PC that go to the Internet so they look like they come from the real IP address. It keeps track, so packets that are supposed to go to your PC get sent to your PC and so on. This is called NAT (Network Address Translation).
As a result of NAT, everything that comes from any PC or device on your network looks like it comes from the one IP address on the cable modem.
Port forwarding is a mechanism where by you tell the cable modem that if a packet comes to your real IP address for port 8080, it should be forwarded to fake IP address 192.168.1.5 (or whatever). That way, an Arduino web server can answer requests.
Thanks for your clear explanation. I understand much better now.
I am trying to manually fill in the snip of code below from a tutorial on the Instructables website.
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; //physical mac address
byte ip[] = { 192, 168, 1, 177 }; // ip in lan
byte gateway[] = { 192, 168, 1, 1 }; // internet access via router
byte subnet[] = { 255, 255, 255, 0 }; //subnet mask
EthernetServer server(80); //server port
The first thing is the mac[] address which is on a sticker on my Ethernet shield. In some tutorials I'm told this rarely needs to be changed in the code, I've read that any mac address will work. But can it still work without the specific MAC address from the Ethernet shield being put into the code?
The next thing is the ip[] which must be the ip of my Ethernet shield. This I can get from running the example sketch "DHCP-based IP printer" and the Ethernet shield's ip pops up in the serial monitor.
The next thing then to be filled in is the gateway[], which say from your example would be 72.249.12.17, in other words the router ip or the ip I get when I Google "what is my ip". (If this is true it is a pity the example ip given in the code is misleading, it looks like the ip of a computer inside the network, not like a router's ip.)
The subnet mask is 255.255.255.0 this is what it says for the subnet mask in cmd->ipconfig
Be aware that using DHCP may not work well if your arduino server is behind a router. Normally one would assign a static lan IP and port in the arduino code, then set the router to foward the incomming request to the arduino. In my setup I would assign the arduino an IP/port like 192.168.1.105 and port 85. then using a dynamic IP address service the outside address for the arduino would look like zoomkat.dyndns.com:85 to connect to the arduino behind the router. Note that the dynamic IP service usually requires an application running on another computer behind the router, or some routers have provisions to keep the IP service updated on the current assigned IP provided to the router by the internet connection provider.
Yes, exactly what Zoomkat said, especially the part about manually assigning a static IP instead of letting the Arduino (or any other device) get a DHCP IP. The IP assigned by DHCP is temporary and may change, although usually not. Still, it can happen. In your router / cable modem / whatever, you can control the range of IPs that can be assigned to other devices using DHCP. So, you could tell it that addresses for use by DHCP are from 192.168.1.2 to 192.168.1.31. Then, you can use 192.168.1.40 or any other IP address outside this range on your Arduino. Just make sure its a 192.168.1.x IP address.
The gateway address is not the "real" IP address on the router. Usually, in examples like this, its the .1 address for the class C you're using. The class C is everything like this: 192.168.1.x. A different class C is 192.168.2.x. So the gateway for 192.168.1.20 is probably (but not required to be) 192.168.1.1. This gets just a little complex, and outside the scope of this thread, but if you set the gateway as 192.168.1.1 you're probably safe. Again, the router configuration will tell you this.
Its best to set the MAC address to whatever is on the sticker of your shield.
Hm, I think that covers your questions. Let us know if you have more and/or how you make out.
In my router under DHCP setup it says start address is 192.168.1.1 and the pool size in 200 so I presume that means the ip could be 192.168.1.201 or with anything greater than 200 on the end. In the router the under TCP/IP the lan ip is 192.168.1.254 so i think that's what I set ip[] to.
My shield's mac address is 90-A2-....... I'm sure that's filled in as 0x90, 0xA2, .... etc.
I have the gateway[] as 192.168.1.1 and the
I've filled it all in like this: (hope I'm not putting too much information on the net!)
byte mac[] = { 0x90, 0xA2, 0xDA, 0x00, 0xFB, 0x94 }; //physical mac address
byte ip[] = { 192, 168, 1, 254 }; // ip in lan
byte gateway[] = { 192, 168, 1, 1 }; // internet access via router
byte subnet[] = { 255, 255, 255, 0 }; //subnet mask
EthernetServer server(80); //server port
When it comes to connecting in a browser from outside my home network, 192.168.1.177:80 won't work because 192.168.1.177 is only for inside my network. So should i use my router's ip followed by :80?
The above isn't even working locally. So I had to change the ip[] line to
byte ip[] = { 192, 168, 1, 177 };
and now that works inside my network.
Also is there any easy way to test if it's working outside my home network. I have to keep calling a friend and asking him to see if it's working. But as I said in the post before I am not even sure what should be typed into a browser exactly.
What are the security issues with forwarding the arduino. Could someone crash(bog down) the arduino with denial of service attacks.
What I'm working on is a home automation system. I'm using my pc for a gui using vb.net program to talk to the arduino.
If I use arduino webserver and forward that ip, so I can control my home automation system from the internet. What issues could I have. I might use a service like cosm.com and have the arduino post the data to that site, so I don't have to forward the arduino ip and leave it hidden.
192.168.1.1 is your routers internal address. you need to find out what you routers external address is. It can tell you in the router, but you can also find out by going to something like ipchicken.com.
once you have you external address, you need to forward a port through your routers firewall. if your worried about security, pick something obscure like 61230 and forward it to port 80 at the arduino's ip address. i think you set that to 192.168.1.254 in you previous comment.
generally you cannot access you external address form you internal network. your router just gets confused. to access it you will need to be "outside" your network. i usually connect my laptop to the internet via my smartphone. do that if you can, because calling your friend 1000 times to test might make them less of a friend
access it by connecting to you external address in a browser and specify a port number by using a colon.
eg 58.7.1.3:61230
Your post is very helpful. So the router has an external and an internal ip. I understand the external ip. But is the internal ip different from the ip of each computer inside the network which are usually 192.168.1.1 or 192.168.1.2 etc.
I'm just a little confused still when you say:
once you have you external address, you need to forward a port through your routers firewall. if your worried about security, pick something obscure like 61230 and forward it to port 80 at the arduino's ip address. i think you set that to 192.168.1.254 in you previous comment.
I didn't realise that one port forwards to another, I thought it was just the external ip ports to the arduino's ip. That's really stupid of me considering it is called 'port' forwarding!
In my router the port configuring has an start port and an end port. So i suppose they would be the 61230 port and the 80 port. Is that correct?
My router tells me that the end port has to be greater than the start port. So I put 80 as the start and 610 as the end. But does that mean someone outside my network should be trying
router's external ip:80
and in the Arduino code the port should be 610 ? Or is it just the other way around? I guess I'll just have to test it!
I have noticed that unless the Arduino code is set to port 80 nothing works (locally). So I am forwarding to port 80 and so on my router I must have a start port which is less, say 62 and an end port of 80. Why can't I just have 80 as the start and end port?
Shane,
What model and make is your router. I'll get the manual and be able to help more. In most cases, the start and end port should be the same. It's for forwarding a range of ports. You can forward 80 to 80, the reason you wouldn't is that when post scanners scour the Internet they usually only an the first few thousand ports, so I'd you pick a high number you are more likely to be passed by by potential hackers. 80 can be fairly insecure. But depends if that's an issue for you.
Your modem interface, does it say port forwarding or virtual server or Nat?
It should go something like this:
Start port: 64000(whatever) end port: 64000(same) ip: 192.168.1.254(arduino ip) start port: 80 end port: 80
Or not have the end port options. But as I said, get me make n model n I can e more specific.
ofey:
I have noticed that unless the Arduino code is set to port 80 nothing works (locally).
What do you mean by that? I'd suspect you have a firewall somewhere that is allowing the HTTP but blocking other ports by default. But without more details about the symptoms, it's hard to guess.
My router is a Zylex and the model number is P-660HW-T1 v3 The manual is here. I've also attached a screen shot of the port forwarding setup page on the router.
I am now setting the start and end port to 80.
When I said that nothing works locally i mean that in the arduino code unless the port is set to 80 I cannot even upload my sketch.
