Yun access from other networks

Hi there. Please somebody help me. I m trying to connect with my arduino yun via my mobile 4g internet connection but nothing happens. The connection between my arduino and any other device in the same home network works perfectly The sketch that i m trying is the "Bridge"

So when i m on the same home network i give orders to my yun like 192.168.1.70/arduino/digital/13/1 or /0 and the led on pin 13 works.

When i m trying access from my mobile while first i have configured a port forwarding for ex. 5555 giving the order 192.168.1.70:5555/arduino/digital/13/1 nothing happens

I have followed all the procedure "port forwarding" for my router.

My router is the Technicolor TD5136v2

I configure a port forwading step by step as this guide in the link below describes. (https://support.zen.co.uk/kb/Knowledgebase/Broadband-Technicolor-TG-582-Configure-Port-Forwarding)

I have tried many differents ports like 5555, 80,24

i also have tried to turn off my windows firewall when i make the test but nothing again..

Pleaseeeeee somebody help me !!!!

i dont like to use any external service like dyndns etc...

PALAVRAS: When i m trying access from my mobile while first i have configured a port forwarding for ex. 5555 giving the order 192.168.1.70:5555/arduino/digital/13/1 nothing happens

You are still using your Yun's private address: any address that starts with 192.168... is a private address and will not / can not be routed over the Internet.

When trying to access your networked devices from the Internet, you need to use your home network's public address (the address assigned to your router's WAN port.) Then, you set up the router to forward incoming connections on a specific port to a specific computer on your local network.

Odds are that you set up the port forward so that incoming connections on port 5555 are routed to 192.168.1.170. In that case, all you need to do to access it from the public Internet is to use your public address instead of 192.168.1.170.

Keep in mind that there are some risks/limitations with this technique:

  • The Yun's address can change in the future, and you will have to update the port forwarding rule to point to the new address. (Giving the Yun a static address can solve that.)
  • Your router's public address can change in the future, requiring you to determine the new address and use that instead. (A dynamic DNS service can solve that.)
  • You will be exposing your Yun to the public Internet, bypassing your router's firewall. If a hacker gains access to your Yun, and compromises it's limited security, he could use it as a vector to gain access to the rest of your network.

thank you sooooo much for the quick response !!!

i tried what you suggest me but still nothing …

please can somebody take a look to the following attached screenshots to check if i have to make any changes in the configuration of my arduino yun board network settings…

PALAVRAS: check if i have to make any changes in the configuration of my arduino yun board network settings....

Are these screen shots of the Yun's configuration? If so, you don't need to make any changes to the Yun, and shouldn't set up port forwarding on the Yun. As long as you can access the services you want from the local network, the Yun's configuration is good and does not need to be changed. In fact, setting up a port forward on the Yun itself could break the configuration so that it no longer works even on the local network.

You need to set up the port forwarding rules on the router that serves as the bridge between the Internet and the network to which the Yun is attached. Basically, your router (not the Yun!) acts as the gatekeeper between the Internet and your private network. It lets any traffic go through from your private network to the Internet, and lets responses to that traffic come back from the Internet to your private network, but any other traffic that originates from the Internet is normally blocked and not let through.

If a computer on the Internet tries to access your public IP address, that request goes to the router. Normally, it will block it. What the port forward is doing is telling your router that when traffic comes in on a specific port (like 5555 that you mentioned in your first port) it should accept the connection and pass it on to your local network, sending it on to a specific computer (in your case, port 80 on your Yun at 192.169.1.170.) Your Yun will receive the request and process it, just like it would if it were a local request from your private network.

Now, some caveats - even if you set up the router properly, there is still a chance that it won't work. It all depends on your Internet Service Provider (ISP) and what rules they impose. Some ISPs will allow incoming connections on any port. Some will block a few ports, some will block most ports, and some will block all ports.

Now, some caveats - even if you set up the router properly, there is still a chance that it won't work. It all depends on your Internet Service Provider (ISP) and what rules they impose. Some ISPs will allow incoming connections on any port. Some will block a few ports, some will block most ports, and some will block all ports.

i realy didnt know that. I have to check it out .... Thank you so much for your time !!!!!!!!!!!!!!!!!! thanks thanks thanks....

Yun/Yun shield as DMZ host:

In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.

|500x325

Setup Yun/Yun shield as static IP address for DMZ:

Method I:

Set static ip at lan (Wifi port)

Method II:

Set static ip at wan (ethernet port)

Method III:

Address Reservation:

The choice between DHCP and static addressing basically boils down to convenience vs. control, but with a DHCP feature called address reservation, you can have the best of both worlds: You get automatic assignment and management of IP addresses without giving up the ability to assign specific addresses set aside for the exclusive use of specific devices. When a network device requests an IP address in a standard DHCP configuration, the DHCP server simply issues the first one available in its address pool. Later on, when the device comes back for an address renewal, it may or may not get the same address. But address reservations allow you to associate a device's unique MAC address with a particular IP address. Therefore, when that device requests an IP address, its MAC address is recognized by the DHCP server, which in turn issues the specific IP address set aside for it.

ShapeShifter: ... Now, some caveats - even if you set up the router properly, there is still a chance that it won't work. It all depends on your Internet Service Provider (ISP) and what rules they impose. Some ISPs will allow incoming connections on any port. Some will block a few ports, some will block most ports, and some will block all ports.

It is ture. But it is seem all the ISPs (exclude satellite ISP , might be cell phone one) leave port 22 or 2222 open since they need them to manage their own equipment on network.

sonnyyu: It is ture. But it is seem all the ISPs leave port 22 or 2222 open since they need them to manage their own equipment on network.

I have also personally run into the situation where a cellular Internet device was issued a private (non-routable) address from the ISP. Outbound connections could be made, and I'm sure the ISP could make inbound connections to the device using the private address that their router hands out, but I could never make an inbound connection on my own to the device - to do so, I would've had to have access to the ISP's upstream router and create a port forward on that router: something I clearly could not do.

My point wasn't to dwell on details, but only to point out that in some situations you can set everything up properly, and still not be able to make an incoming connection. In the case of the cellular Internet device just mentioned, that was the Internet access method for the whole house, so during the few years I had that device I could never make any sort of incoming connection.

ShapeShifter:
I have also personally run into the situation where a cellular Internet device was issued a private (non-routable) address from the ISP. Outbound connections could be made, and I’m sure the ISP could make inbound connections to the device using the private address that their router hands out, but I could never make an inbound connection on my own to the device - to do so, I would’ve had to have access to the ISP’s upstream router and create a port forward on that router: something I clearly could not do.

My point wasn’t to dwell on details, but only to point out that in some situations you can set everything up properly, and still not be able to make an incoming connection. In the case of the cellular Internet device just mentioned, that was the Internet access method for the whole house, so during the few years I had that device I could never make any sort of incoming connection.

from time to time I use LTE (4G), It is seem not block port 22?

VPN or Reverse SSH tunnel is definitely help here.

I hit the same situation, yun on home wireless router works fine, but when it connected to my 4g mobile phone(hotspot), tools->serial port ->greyed out , any solution on it ? thanks

First of all, the Linino function of uploading a hex program on the startup page does not work. Don't waste time with that.

You will need to add a program to the Yun that will allow it to do SFTP data exchange.

Using a linux shell, open the nano word editor. In the shell, enter

"nano /etc/resolv.conf"

change the nameserver to the router's gateway server - 192.168.1.254 or whatever it is. See below for how to get the router's gateway. Sorry it's out of sequence. Save the file.

Then, again in the Linux shell-

opkg update opkg install openssh-sftp-server

this is so filezilla can talk to the Yun via FTP and SFTP.

What follows is what I did - it works. I can remotely program my Yun's Arduino controller with HEX files generated by the Arduino IDE, access all of the the Linux side files with Filezilla and control it with the Linux shell using PUTTY. I can restart the Arduino program running my device and I can reboot the entire system from my home in another state. I can also access the Luci web pages to reconfigure the Linux side via a remote web browser, any way I want. I can only tell you what works on my windows system; sorry if you have Apple or Linux.

Get local network access to your router. Go to the search bar of your computer, type "cmd", go to the shell window, type "ipconfig" and look for the ip address of the default gateway. Write it down. Open a browser, type in the ip address, either with or without "http://" first. You are now in the router setup pages and you are SOOO on your own for a while, because you will have to set up port forwarding for ports 22, 23, 80 and 8080. Ports 22 and 23 are for FTP and SFTP communication protocols and 80 and 8080 are for connecting to the web browser. Every router is sadistically different on how to do this.

With port forwarding, you will be able to access your yun through your router using SFTP and HTTP from the outside ONCE you know the outside internet address of your home router. Be aware though - opening ports through your router exposes you to some hacker risks.

Go into the linino or arduino Luci shell using your browser, go to the network tab, to the firewall tab and "accept" both input and output on the LAN. Hit save and apply. Go to the network tab, interfaces, hit "edit" on LAN, a new page will appear, change the protocol to "static", create a local network address for the yun like "192.168.1.150" with a netmask of 255.255.255.0 and type in the default gateway address that you learned above, leave "broadcast" blank and hit "save and apply"

Call your internet provider tech support and have them give you a static port for your router. The first couple of DDEs (deliberately dumb employees) won't know what that is and you will need to insist on moving up the supervisor chain until you find somebody who can do it. This may take hours or days. They should do it for free.

Now you will need two programs. "PUTTY" and "Filezilla". Download them. They are free.

Use Filezilla and access your Yun from inside your network first, using its internal static address. - fill in the username and your password for the Yun. Explore the Linux file system with your windows computer to get used to how the program works. Watch out, if you signed in as root you can do damage by deleting files. Now use an external computer (or use your iPhone hotspot instead of your home wifi) and use the external router static IP address to see if you can access the Yun with Filezilla from the outside. Troubleshoot as needed. If the Yun is listening for port 22/23 and if the router is forwarding port 22/23, it will work. So now you can write and read Yun files from the outside using drag and drop into the Filezilla program. Put a picture of your dog onto the Yun. Good boy.

You need PUTTY to get in to the Linux shell. Type in the IP address (either the internal router static address if you are on your home router, or the external static IP address of your router if you are on the outside) and port 22. A shell will pop up, you will enter your username (root) and password and you are the in a user shell for the Linux system. "Reboot" reboots the whole thing, "reset-mcu" resets the program without resetting the linux side. You are almost there.

So how do you put in a new arduino program from outside the local network since the Arduino web feature for doing this does not work? It is cludgey, but after doing it for a while it only takes a minute.

On your Windows Arduino IDE preferences change the IDE to go to "verbose output"

Compile and save the sketch on the IDE

the last line or 2 of the output (the stuff you usually ignore at the bottom) will tell you where the IDE is stashing the hex file

find it using file explorer - In my case it's in the NEWEST hex file folder at C:\Users\micha\AppData\Local\Temp\

Sort them in order of last modified - my most recent one was in a folder called "arduino_build_974710" for example. It has the date and time in file explorer to help you identify it.

arduino_build_974710\scratchpad.ino.with_bootloader.hex was the one I just used, for example

you want to use the hex file that has had the bootloader added to it.

Using file explorer, copy this hex file to another arbitrary folder on your desktop

use filezilla to copy the hex file to the /etc folder on the Yun (but it could go anywhere on the Yun as long as you know where it is)

Go into putty, open the shell and then from any directory that you are in, enter

" run-avrdude /etc/whateveryourhexfileiscalled.withbootloader.hex "

( run-avrdude /etc/scratchpad.ino.with_bootloader.hex) in my case was the last hex file I compiled.

HOLY CRAP - it actually works.

Of course, your mileage may vary. I am so tired of reading wrong advice on these forums, but like I said, this works for me. Good luck.