Read the statement by Michael Teeuw here.
ipWhitelist HowTo
-
@mochman I have put “/24” in my ipWhitelist. Looking around the forum, I’ve seen that “/120” might help. What I have now seems to be working for my devices, so is there a difference between “/24” and “/120” that I should know about? Which is better?
-
@AAPS If /24 is working for you then stick with it. The /120 just allows less IPs the ability to access your mirror.
If you aren’t forwarding your pi’s ports outside your local network it really shouldn’t matter.
-
Hi all, anybody else having trouble accessing the mirror remotely? I have reinstalled mm (development branch and nodejs v7.7.3), default config. only added allow access from my “lan”.
The mirror shows up on the local screen, so it works.Mirrors IP: 10.0.0.112/24
ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"],Still I get
0|mm | Access denied to IP address: 10.0.0.99In the log.
My client IP: 10.0.0.99/24
Just to be sure, here is my full config:
/* Magic Mirror Config Sample * * By Michael Teeuw http://michaelteeuw.nl * MIT Licensed. */ var config = { port: 8080, ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"], language: "en", timeFormat: 24, units: "metric", modules: [ { module: "alert", }, { module: "updatenotification", position: "top_bar" }, { module: "clock", position: "top_left" }, { module: "calendar", header: "US Holidays", position: "top_left", config: { calendars: [ { symbol: "calendar-check-o ", url: "webcal://www.calendarlabs.com/templates/ical/US-Holidays.ics" } ] } }, { module: "compliments", position: "lower_third" }, { module: "currentweather", position: "top_right", config: { location: "New York", locationID: "", //ID from http://www.openweathermap.org appid: "YOUR_OPENWEATHER_API_KEY" } }, { module: "weatherforecast", position: "top_right", header: "Weather Forecast", config: { location: "New York", locationID: "5128581", //ID from http://www.openweathermap.org appid: "YOUR_OPENWEATHER_API_KEY" } }, { module: "newsfeed", position: "bottom_bar", config: { feeds: [ { title: "New York Times", url: "http://www.nytimes.com/services/xml/rss/nyt/HomePage.xml" } ], showSourceTitle: true, showPublishDate: true } }, ] }; /*************** DO NOT EDIT THE LINE BELOW ***************/ if (typeof module !== "undefined") {module.exports = config;}Everything is default, no modules installed… What am I missing?!
-
Have you tried adding
"10.0.0.1/24"to the list since it looks like your client is using an IPv4 connection? -
@mochman Hmm… Clearly I have missunderstood something. I thought this: “::ffff:10.0.0.1/120” was to allow my 10.0.0.x network to access, I have used that from the beginning and it has worked. But yesterday it stopped working. So I added as you suggested “10.0.0.1/24” and it works… So, Thank you! :)
In the instructions in the first post, it’s suppose to be “::ffff:10.0.0.1/120” for a full C-Net. But… Not any more obviously. :)
Thanks again! I’m all happy now!
-
It looks like your raspberry pi started using IPv4 instead of IPv6. the
::ffff:before your ip shows that it’s trying to use a IPv6. That’s where"::ffff:10.0.0.1/120"was working. Seems like something changed though that it’s now using the IPv4 address.
So to cover all your bases, keep both"::ffff:10.0.0.1/120"and"10.0.0.1/24"in and you shouldn’t run into this problem again. -
@mochman Will do, thank you, no idea what changed the behavior. :) But at least I have a totally fresh install now! :)
-
Hi @mochman !! I can access from the same device where I run the MM, but can’t access from external devices (smartphone ie)
Any idea why?Kind regards
-
Is the smartphone on your wifi? If it is, just follow the steps to add your whole subnet.
If you’re trying to access it while using the phone’s network, that’s going to be harder. You’re going to have to configure your router to allow port forwarding to your pi, then figure out what your phones IP is. Then you could be safe and only allow that IP. The problem with that is when your IP changes, you’ll have to edit your whitelist again. You could try to add the class C or D subnet if you don’t want to worry too much about this, but you’ll be opening up your network to the internet in the process so good luck!
-
@mochman Yes, it is in the same network, also I’ve tried sharing internet from my smartphone, and nothing.
Which steps should I follow? -
Please follow the steps outlined at the top of this page. Let me know what you’re seeing when you do those steps.
-
@mochman It’s working! Thanks!
-
The default of [] doesn’t work at all for me. I’m happy to let all devices on my network access my mirror, how do I do this?
It’s not the simplest of features is it!
Hoping someone can help me here :/
-
@Mitchfarino Are you sure?, Can you show the config/config.js ?
There some logs when did you run and access it?
-
I’m just at work at the moment, so I’ll post my config when I get home.
When I leave it as it originally was in the config, the mirror loads but I can’t get MMM-RemoteControl to work as it gives me the permission error
Then when I replace it with [] it fails to load the mirror and tells me to create a config.js file
-
The remoter control module is not working for me to any extent, when I whitelist the IPs for my school’s wifi (following the HowToWhitelistIP thread’s directions) in every way stated, I get the “this device is not allowed to access…” message. Then, when I allow all IPs access I get the “cannot get remote/html” message. Any help would be great! Thanks!
-
Hi @mochman,
I was wondering, if the whitelist could be used to limit the access to different MM sub-sites? I would like to have the MM screen itself open to a larger set of IP addresses but would like to lock down the MMM-RemoteControl & MMM-AdminInterface sites and limit access to my own devices.
Any idea how to achieve this?
Thanks for your advice! -
It helps to read a little…
http://searchsecurity.techtarget.com/definition/application-whitelisting+|
ipWhitelist| The list of IPs from which you are allowed to access the MagicMirror². The default value is["127.0.0.1", "::ffff:127.0.0.1", "::1"]. It is possible to specify IPs with subnet masks (["127.0.0.1", "127.0.0.1/24"]) or define ip ranges (["127.0.0.1", ["192.168.0.1", "192.168.0.100"]]). Set[]to allow all IP addresses. For more information about how configure this directive see the follow post ipWhitelist HowTo | -
@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?
-
@rudibarani said in ipWhitelist HowTo:
@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?
Honestly the best thing to do is ask the creator of those modules ;) I don’t do the ipWhitelist.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login