Read the statement by Michael Teeuw here.
ipWhitelist HowTo
-
@mochman Will do, thank you, no idea what changed the behavior. :) But at least I have a totally fresh install now! :)
-
Hi @mochman !! I can access from the same device where I run the MM, but can’t access from external devices (smartphone ie)
Any idea why?Kind regards
-
Is the smartphone on your wifi? If it is, just follow the steps to add your whole subnet.
If you’re trying to access it while using the phone’s network, that’s going to be harder. You’re going to have to configure your router to allow port forwarding to your pi, then figure out what your phones IP is. Then you could be safe and only allow that IP. The problem with that is when your IP changes, you’ll have to edit your whitelist again. You could try to add the class C or D subnet if you don’t want to worry too much about this, but you’ll be opening up your network to the internet in the process so good luck!
-
@mochman Yes, it is in the same network, also I’ve tried sharing internet from my smartphone, and nothing.
Which steps should I follow? -
Please follow the steps outlined at the top of this page. Let me know what you’re seeing when you do those steps.
-
@mochman It’s working! Thanks!
-
The default of [] doesn’t work at all for me. I’m happy to let all devices on my network access my mirror, how do I do this?
It’s not the simplest of features is it!
Hoping someone can help me here :/
-
@Mitchfarino Are you sure?, Can you show the config/config.js ?
There some logs when did you run and access it?
-
I’m just at work at the moment, so I’ll post my config when I get home.
When I leave it as it originally was in the config, the mirror loads but I can’t get MMM-RemoteControl to work as it gives me the permission error
Then when I replace it with [] it fails to load the mirror and tells me to create a config.js file
-
The remoter control module is not working for me to any extent, when I whitelist the IPs for my school’s wifi (following the HowToWhitelistIP thread’s directions) in every way stated, I get the “this device is not allowed to access…” message. Then, when I allow all IPs access I get the “cannot get remote/html” message. Any help would be great! Thanks!
-
Hi @mochman,
I was wondering, if the whitelist could be used to limit the access to different MM sub-sites? I would like to have the MM screen itself open to a larger set of IP addresses but would like to lock down the MMM-RemoteControl & MMM-AdminInterface sites and limit access to my own devices.
Any idea how to achieve this?
Thanks for your advice! -
It helps to read a little…
http://searchsecurity.techtarget.com/definition/application-whitelisting+|
ipWhitelist| The list of IPs from which you are allowed to access the MagicMirror². The default value is["127.0.0.1", "::ffff:127.0.0.1", "::1"]. It is possible to specify IPs with subnet masks (["127.0.0.1", "127.0.0.1/24"]) or define ip ranges (["127.0.0.1", ["192.168.0.1", "192.168.0.100"]]). Set[]to allow all IP addresses. For more information about how configure this directive see the follow post ipWhitelist HowTo | -
@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?
-
@rudibarani said in ipWhitelist HowTo:
@cowboysdude Thanks for your reply. My white Lists work fine for the MM2 screen. I was looking for a way to separately limit access to the sites generated by the Remote Control and Admin interface module. Any ideas?
Honestly the best thing to do is ask the creator of those modules ;) I don’t do the ipWhitelist.
-
@cowboysdude Maybe you’ll be able to help, I’ve tried doing [ ], I’ve tried whitelesting all IPs as shown in here, and the only thing I have been able to get to work is whitelisting specific IPV4 and IPV6 addresses. That was fine because my most used devices have static IPs anyway however the issue comes now that I have port forwarding and am trying to open it up to any IP (I am aware of the security ramifications)
-
@mochman I’m experiencing a similar problem to the one @looolz describes above.
I can access through SSH (putty) no problem. I’ve seen the logs “Access denied to …” and added the two addresses (my laptop and mobile) to the ipWhitelist.
I’ve also added the “…1.1/120” and “…1.1/112” to the list but I still get access denied.
I did get both devices working for a while - but was then denied access through putty! I’d really like to be able to access through mobilebrowser for MMM-remotecontrol AND SSH for other work.
The reason for this comment is that I checked wlan0 and I have an inett6 addr listed.
You mention this above but don’t say what to consider next. If you’re still around and have any thoughts about this I’d appreciate it!
resulted in me being able to connect from mobile/laptop but meant that SSH stopped working. -
@roblocksrocks Lets see if @mochman answers because honestly I don’t use it and really have no working knowledge of it or how to use it.
-
@open_book The ipWhitelist should have no affect on your SSH ability. This sounds like there is some problem with either your network or the pi itself. The ipWhitelist just affects what can connect to the MagicMirror software.
Can you give me your network setup and how you’re trying to access it through SSH? I’m guessing that you are trying to SSH in from inside your network and not from somewhere else.
I haven’t used the remote control module so I’m not to sure how it works with the whitelist. From how you’re describing it, it sounds like whatever the IP of the device you use the remote control with is what the MagicMirror needs whitelisted. If that’s the case, are you just trying to access your mirror from devices on your internal network or are you using a data plan with your mobile? If so, that IP probably changes frequently.
Those IPs you listed (
"...1.1/120"), are those IPv6 or IPv4 IPs? -
Hi @mochman thanks for your reply!
You’re correct that I’m SSH’ing to the mirror from within my home network. I use putty from a laptop that is connected to my wireless router and uses an IPv4 address. The setup looks like this if I run ipconfig from the laptop:
Link-local IPv6 Address . . . . . : XXXX::XXXXX:XXXX:XXXX:XXXX%XX
IPv4 Address. . . . . . . . . . . : 192.168.X.XX
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.X.XI can gain access through my mobile and laptop as long as I open for all devices. But as soon as I limit it to even a broad range of ip addresses - they get shut out.
Here’s the setup on the mirror:
wlan0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX XXX ff:ff:ff:ff:ff:ff
inet 192.168.0.19/24 brd 192.168.0.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 XXXX::XXXX:XXXX:XXXX:XXXX/XX scope link
valid_lft forever preferred_lft foreverHere’s the full ipWhitelist I’m trying at the moment:
[“127.0.0.1”, “::ffff:127.0.0.1”, “::fff:192.168.1.1/112”, “::1”, “::ffff:192.168.1.1/120”, “::ffff:192.168.0.14”, “::ffff:192.168.0.16”]
Any tips, or anything else I can supply to help?
EDIT: mobile ip config looks the same as the laptop ip config.
-
@open_book Just looking at your pi’s IP. It looks like it’s using 192.168.0.X and you’re whitelisting the 192.168.1.X IPs. Can you try adding
"::ffff:192.168.0.1/120", "192.168.0.1/24"to your whitelist and see if that fixes it up?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login