Navigation

    MagicMirror Forum

    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Unsolved
    • Solved
    • MagicMirror² Repository
    • Documentation
    • Donate
    • Discord

    ipWhitelist HowTo

    Tutorials
    35
    78
    64099
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mochman
      mochman Module Developer last edited by mochman

      Since a couple people are having issues with the ipWhitelist (me included), I’m putting this up to help people use the whitelist correctly.

      For starters, the easiest way to whitelist your IP is to start up Magic Mirror with the default settings. Try opening it up remotely from the computer you want to grant access to. You’ll probably see an error that says:

      “This device is not allowed to access your mirror.
      Please check your config.js or config.js.sample to change this.”

      Now you need to check your MagicMirror logs.

      • If you are VPN’d into (or running directly on your pi), take a look at the terminal output.
      • If you are running MagicMirror using SSH and DISPLAY=:0 nohup npm start & to start your mirror, take a look at your nohup.out file (tail -f ~/MagicMirror/nohup.out) to see the output.
      • If you are using pm2, run tail -f ~/.pm2/logs/mm-out-0.log

      You should see an error in there stating something like

      Access denied to IP address: ::ffff:192.168.1.120

      Change/Add your ipWhitelist in your config.js.
      If you upgraded to MM 2.1.0 you’ll probably need to add the line
      ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1", "::ffff:192.168.1.120"], to your file, otherwise just add the IP that was denied to the list.


      If you want to give all of your network IPs access to your MagicMirror
      You’ll have to use IPv6 CIDR.
      For example, you have a couple devices with the IPs of 192.168.1.120, 192.168.1.155, 192.168.1.230 and you want to give them all access (along with everything else in the 192.168.1.X range), you should put "::ffff:192.168.1.1/120" in your ipWhitelist.
      If you want to allow 192.168.0.0 - 192.168.255.255 access, you should use "::fff:192.168.1.1/112"


      Restart MagicMirror to update your changes


      The reason why “/24” works
      A couple different threads state to add /24 to the end of the IP address. (I’ve put a couple of those up before doing some research too). While this will indeed allow your network devices access to your magic mirror, it will also allow any device with an IPv4 based address access to your mirror (obviously your router would need to be configured to allow this).
      This “/24” in IPv6 CIDR allows 20,282,409,603,651,670,423,947,251,286,016 different IP addresses access. (IPv4’s total addresses are 4,294,967,296).


      More information
      If you’d like to learn more or have different sub-netting needs, I found this page useful.

      lolobyte T A rudibarani K 6 Replies Last reply Reply Quote 6
      • lolobyte
        lolobyte @mochman last edited by

        @mochman

        Thank you.

        Now i understand this thematic a bit better an can solve my issue.

        1 Reply Last reply Reply Quote 0
        • schlachtkreuzer6
          schlachtkreuzer6 last edited by

          Thanks! but i don´t like this feature in the moment… i`m travelling with my “mirror” (home-work-home-work…) I´m not finishend yet, so its only a raspi with a screen in a small box XD

          1 Reply Last reply Reply Quote 0
          • L
            looolz last edited by looolz

            Thank you for posting this! However, I still haven’t got it working yet. Access via VNC works fine, but not via a remote web browser.

            1: When I ran the command tail -f ~/MagicMirror/nohup.out I got this:

            Loading module helpers …
            Initializing new module helper …
            No helper found for module: helloworld.
            All module helpers loaded.
            Starting server op port 8080 …
            Server started …
            Connecting socket for: updatenotification
            Sockets connected & modules started …
            Fontconfig warning: ignoring UTF-8: not a valid region tag
            Launching application.

            Nothing more happens. I’ve tried to access the mirror both via Chrome and Safari. Both before and after I run the command. Nothing shows up in the log.

            My desktops IP is 10.0.0.95, so I added the ipWhitelist line:

                ipWhitelist: ["127.0.0.1", "::ffff:127.0.0.1", "::1", "::ffff:10.0.0.95"],
            

            Still, I get the same error:

            This device is not allowed to access your mirror.
            Please check your config.js or config.js.sample to change this.

            I experimented with various writings, such as: “::fff:10.0.0.1/120” No dice.

            Is there a way to disable the whitelist function completely?

            mochman 1 Reply Last reply Reply Quote 0
            • T
              toonazd @mochman last edited by

              @mochman thanks topman been trying to get this back up and running

              1 Reply Last reply Reply Quote 0
              • mochman
                mochman Module Developer @looolz last edited by

                @looolz When you run the mirror through VNC. If you leave the terminal open then try to open the mirror on your other computer, do you see the

                “This device is not allowed to access your mirror.
                Please check your config.js or config.js.sample to change this.”

                message? If so, does anything pop up in your terminal?

                Another thing to look at, if you run ifconfig and take a look at your wlan0 (assuming you are using wifi to get internet) do you see a “inet6 addr:”? If not, just try adding "10.0.0.95" to the whitelist.

                L O 2 Replies Last reply Reply Quote 0
                • mochman
                  mochman Module Developer last edited by mochman

                  A way to tell if you need to use "::ffff:192.168.1.120" or just "192.168.1.120"
                  Run netstat -lnpt, if you see something like:

                  tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1271/electron.js

                  Then you are using IPv4 and should add "YO.UR.IP.AD" or "YO.UR.IP.AD/24" to the whitelist.

                  If you see: tcp6 0 0 :::8080 :::* LISTEN 1170/electron.js

                  You are using IPv6 address schemas and need to add "::ffff:YO.UR.IP.AD" or "::ffff:YO.UR.IP.AD/120" to the whitelist.


                  If you have IPv6 and want to turn it off, add ipv6.disable=1 to your /boot/cmdline.txt and restart your pi.

                  1 Reply Last reply Reply Quote 2
                  • X
                    xer0design last edited by

                    Not a fan of this addition; would have rathered it was something you enable rather than disable.

                    For anyone wondering how to allow all ips, use:

                    ipWhitelist: ["::fff:0.0.0.0/1", "::fff:128.0.0.0/2", "::fff:192.0.0.0/3", "::fff:224.0.0.0/4", "127.0.0.1", "::ffff:127.0.0.1", "::1"],
                    
                    L schlachtkreuzer6 2 Replies Last reply Reply Quote 3
                    • L
                      looolz @xer0design last edited by

                      @xer0design

                      Thanks! That worked for me!

                      1 Reply Last reply Reply Quote 0
                      • L
                        looolz @mochman last edited by

                        @mochman

                        Thanks, I do see a inet6 address with the command ifconfig.

                        I tried to add 10.0.0.95 to the config with no success 😞

                        But @xer0design’s tip worked!

                        1 Reply Last reply Reply Quote 1
                        • 1
                        • 2
                        • 3
                        • 4
                        • 5
                        • 6
                        • 7
                        • 8
                        • 1 / 8
                        • First post
                          Last post
                        Enjoying MagicMirror? Please consider a donation!
                        MagicMirror created by Michael Teeuw.
                        Forum managed by Paul-Vincent Roll and Rodrigo Ramírez Norambuena.
                        This forum is using NodeBB as its core | Contributors
                        Contact | Privacy Policy