ipWhitelist HowTo

BenRoe

This post is deleted!

AAPS

@mochman I have put “/24” in my ipWhitelist. Looking around the forum, I’ve seen that “/120” might help. What I have now seems to be working for my devices, so is there a difference between “/24” and “/120” that I should know about? Which is better?

mochman

@AAPS If /24 is working for you then stick with it. The /120 just allows less IPs the ability to access your mirror.

If you aren’t forwarding your pi’s ports outside your local network it really shouldn’t matter.

Snille

Hi all, anybody else having trouble accessing the mirror remotely? I have reinstalled mm (development branch and nodejs v7.7.3), default config. only added allow access from my “lan”.
The mirror shows up on the local screen, so it works.

Mirrors IP: 10.0.0.112/24

ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"],

Still I get

0|mm       | Access denied to IP address: 10.0.0.99

In the log.

My client IP: 10.0.0.99/24

Just to be sure, here is my full config:

/* Magic Mirror Config Sample
 *
 * By Michael Teeuw http://michaelteeuw.nl
 * MIT Licensed.
 */

var config = {
	port: 8080,
	ipWhitelist: ["::ffff:10.0.0.1/120", "127.0.0.1", "::ffff:127.0.0.1", "::1"],
	language: "en",
	timeFormat: 24,
	units: "metric",

	modules: [
		{
			module: "alert",
		},
		{
			module: "updatenotification",
			position: "top_bar"
		},
		{
			module: "clock",
			position: "top_left"
		},
		{
			module: "calendar",
			header: "US Holidays",
			position: "top_left",
			config: {
				calendars: [
					{
						symbol: "calendar-check-o ",
						url: "webcal://www.calendarlabs.com/templates/ical/US-Holidays.ics"
					}
				]
			}
		},
		{
			module: "compliments",
			position: "lower_third"
		},
		{
			module: "currentweather",
			position: "top_right",
			config: {
				location: "New York",
				locationID: "",  //ID from http://www.openweathermap.org
				appid: "YOUR_OPENWEATHER_API_KEY"
			}
		},
		{
			module: "weatherforecast",
			position: "top_right",
			header: "Weather Forecast",
			config: {
				location: "New York",
				locationID: "5128581",  //ID from http://www.openweathermap.org
				appid: "YOUR_OPENWEATHER_API_KEY"
			}
		},
		{
			module: "newsfeed",
			position: "bottom_bar",
			config: {
				feeds: [
					{
						title: "New York Times",
						url: "http://www.nytimes.com/services/xml/rss/nyt/HomePage.xml"
					}
				],
				showSourceTitle: true,
				showPublishDate: true
			}
		},
	]

};

/*************** DO NOT EDIT THE LINE BELOW ***************/
if (typeof module !== "undefined") {module.exports = config;}

Everything is default, no modules installed… What am I missing?!

mochman

Have you tried adding "10.0.0.1/24" to the list since it looks like your client is using an IPv4 connection?

Snille

@mochman Hmm… Clearly I have missunderstood something. I thought this: “::ffff:10.0.0.1/120” was to allow my 10.0.0.x network to access, I have used that from the beginning and it has worked. But yesterday it stopped working. So I added as you suggested “10.0.0.1/24” and it works… So, Thank you! :)

In the instructions in the first post, it’s suppose to be “::ffff:10.0.0.1/120” for a full C-Net. But… Not any more obviously. :)

Thanks again! I’m all happy now!

mochman

It looks like your raspberry pi started using IPv4 instead of IPv6. the ::ffff: before your ip shows that it’s trying to use a IPv6. That’s where "::ffff:10.0.0.1/120" was working. Seems like something changed though that it’s now using the IPv4 address.
So to cover all your bases, keep both "::ffff:10.0.0.1/120" and "10.0.0.1/24" in and you shouldn’t run into this problem again.

Snille

@mochman Will do, thank you, no idea what changed the behavior. :) But at least I have a totally fresh install now! :)

pepemujica

Hi @mochman !! I can access from the same device where I run the MM, but can’t access from external devices (smartphone ie)
Any idea why?

Kind regards

mochman

Is the smartphone on your wifi? If it is, just follow the steps to add your whole subnet.

If you’re trying to access it while using the phone’s network, that’s going to be harder. You’re going to have to configure your router to allow port forwarding to your pi, then figure out what your phones IP is. Then you could be safe and only allow that IP. The problem with that is when your IP changes, you’ll have to edit your whitelist again. You could try to add the class C or D subnet if you don’t want to worry too much about this, but you’ll be opening up your network to the internet in the process so good luck!