Read the statement by Michael Teeuw here.
ipWhitelist HowTo
-
Thanks! but i don´t like this feature in the moment… i`m travelling with my “mirror” (home-work-home-work…) I´m not finishend yet, so its only a raspi with a screen in a small box XD
-
Thank you for posting this! However, I still haven’t got it working yet. Access via VNC works fine, but not via a remote web browser.
1: When I ran the command tail -f ~/MagicMirror/nohup.out I got this:
Loading module helpers …
Initializing new module helper …
No helper found for module: helloworld.
All module helpers loaded.
Starting server op port 8080 …
Server started …
Connecting socket for: updatenotification
Sockets connected & modules started …
Fontconfig warning: ignoring UTF-8: not a valid region tag
Launching application.Nothing more happens. I’ve tried to access the mirror both via Chrome and Safari. Both before and after I run the command. Nothing shows up in the log.
My desktops IP is 10.0.0.95, so I added the ipWhitelist line:
ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1", "::ffff:10.0.0.95"],Still, I get the same error:
This device is not allowed to access your mirror.
Please check your config.js or config.js.sample to change this.I experimented with various writings, such as: “::fff:10.0.0.1/120” No dice.
Is there a way to disable the whitelist function completely?
-
@mochman thanks topman been trying to get this back up and running
-
@looolz When you run the mirror through VNC. If you leave the terminal open then try to open the mirror on your other computer, do you see the
“This device is not allowed to access your mirror.
Please check your config.js or config.js.sample to change this.”message? If so, does anything pop up in your terminal?
Another thing to look at, if you run
ifconfigand take a look at your wlan0 (assuming you are using wifi to get internet) do you see a “inet6 addr:”? If not, just try adding"10.0.0.95"to the whitelist. -
A way to tell if you need to use
"::ffff:192.168.1.120"or just"192.168.1.120"
Runnetstat -lnpt, if you see something like:tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1271/electron.jsThen you are using IPv4 and should add
"YO.UR.IP.AD"or"YO.UR.IP.AD/24"to the whitelist.If you see:
tcp6 0 0 :::8080 :::* LISTEN 1170/electron.jsYou are using IPv6 address schemas and need to add
"::ffff:YO.UR.IP.AD"or"::ffff:YO.UR.IP.AD/120"to the whitelist.
If you have IPv6 and want to turn it off, add
ipv6.disable=1to your/boot/cmdline.txtand restart your pi. -
Not a fan of this addition; would have rathered it was something you enable rather than disable.
For anyone wondering how to allow all ips, use:
ipWhitelist: ["::fff:0.0.0.0/1", "::fff:128.0.0.0/2", "::fff:192.0.0.0/3", "::fff:224.0.0.0/4", "127.0.0.1", "::ffff:127.0.0.1", "::1"], -
Thanks! That worked for me!
-
Thanks, I do see a inet6 address with the command ifconfig.
I tried to add 10.0.0.95 to the config with no success :-(
But @xer0design’s tip worked!
-
@xer0design verry nice thx!
-
This post is deleted! -
@mochman I have put “/24” in my ipWhitelist. Looking around the forum, I’ve seen that “/120” might help. What I have now seems to be working for my devices, so is there a difference between “/24” and “/120” that I should know about? Which is better?
-
@AAPS If /24 is working for you then stick with it. The /120 just allows less IPs the ability to access your mirror.
If you aren’t forwarding your pi’s ports outside your local network it really shouldn’t matter.
-
Hi all, anybody else having trouble accessing the mirror remotely? I have reinstalled mm (development branch and nodejs v7.7.3), default config. only added allow access from my “lan”.
The mirror shows up on the local screen, so it works.Mirrors IP: 10.0.0.112/24
ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"],Still I get
0|mm | Access denied to IP address: 10.0.0.99In the log.
My client IP: 10.0.0.99/24
Just to be sure, here is my full config:
/* Magic Mirror Config Sample * * By Michael Teeuw http://michaelteeuw.nl * MIT Licensed. */ var config = { port: 8080, ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"], language: "en", timeFormat: 24, units: "metric", modules: [ { module: "alert", }, { module: "updatenotification", position: "top_bar" }, { module: "clock", position: "top_left" }, { module: "calendar", header: "US Holidays", position: "top_left", config: { calendars: [ { symbol: "calendar-check-o ", url: "webcal://www.calendarlabs.com/templates/ical/US-Holidays.ics" } ] } }, { module: "compliments", position: "lower_third" }, { module: "currentweather", position: "top_right", config: { location: "New York", locationID: "", //ID from http://www.openweathermap.org appid: "YOUR_OPENWEATHER_API_KEY" } }, { module: "weatherforecast", position: "top_right", header: "Weather Forecast", config: { location: "New York", locationID: "5128581", //ID from http://www.openweathermap.org appid: "YOUR_OPENWEATHER_API_KEY" } }, { module: "newsfeed", position: "bottom_bar", config: { feeds: [ { title: "New York Times", url: "http://www.nytimes.com/services/xml/rss/nyt/HomePage.xml" } ], showSourceTitle: true, showPublishDate: true } }, ] }; /*************** DO NOT EDIT THE LINE BELOW ***************/ if (typeof module !== "undefined") {module.exports = config;}Everything is default, no modules installed… What am I missing?!
-
Have you tried adding
"10.0.0.1/24"to the list since it looks like your client is using an IPv4 connection? -
@mochman Hmm… Clearly I have missunderstood something. I thought this: “::ffff:10.0.0.1/120” was to allow my 10.0.0.x network to access, I have used that from the beginning and it has worked. But yesterday it stopped working. So I added as you suggested “10.0.0.1/24” and it works… So, Thank you! :)
In the instructions in the first post, it’s suppose to be “::ffff:10.0.0.1/120” for a full C-Net. But… Not any more obviously. :)
Thanks again! I’m all happy now!
-
It looks like your raspberry pi started using IPv4 instead of IPv6. the
::ffff:before your ip shows that it’s trying to use a IPv6. That’s where"::ffff:10.0.0.1/120"was working. Seems like something changed though that it’s now using the IPv4 address.
So to cover all your bases, keep both"::ffff:10.0.0.1/120"and"10.0.0.1/24"in and you shouldn’t run into this problem again. -
@mochman Will do, thank you, no idea what changed the behavior. :) But at least I have a totally fresh install now! :)
-
Hi @mochman !! I can access from the same device where I run the MM, but can’t access from external devices (smartphone ie)
Any idea why?Kind regards
-
Is the smartphone on your wifi? If it is, just follow the steps to add your whole subnet.
If you’re trying to access it while using the phone’s network, that’s going to be harder. You’re going to have to configure your router to allow port forwarding to your pi, then figure out what your phones IP is. Then you could be safe and only allow that IP. The problem with that is when your IP changes, you’ll have to edit your whitelist again. You could try to add the class C or D subnet if you don’t want to worry too much about this, but you’ll be opening up your network to the internet in the process so good luck!
-
@mochman Yes, it is in the same network, also I’ve tried sharing internet from my smartphone, and nothing.
Which steps should I follow?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login