I’m new to the Home Automation world.
Just received my iHost and I was wondering if there is any possibility to do a simple remote access to the control interface (usually reached locally using ihost.local address) from the Internet.
I understand we shall use Tailscale (which I haven’t looked as of now)
But I have some other services running on a local machine that I usually reach from the outside world, just by forwarding specific ports within my Router, directly to the targeted IP on the local network.
I have tried to do something similar by re-routing a chosen port , directly to the port 80 on the iHost IP (fixed in my router , not going through DHCP).
That seems to not work at all.
Is that done on purpose, or is there a possibility to achieve what I described ?
In theory, NAT rules configured through the router can also be accessed through the Internet. You can remotely access the ihost via IP and port by configuring port mapping on the router
Thanks for the reply.
Yes that is what I thought also… but since I cant reach it, I was wondering if there is some sort of ‘check’ within the iHost FW to see if the incoming connection is coming from a local machine (not even sure this can be done anyway)
Neverthelss, my setup is as follows:
→ Main ISP Modem/Router just used to receive internet from Fiber ONT box. Wifi disabled. (subnet 192.168.1.XXX)
→ Connected (ethernet) on ISP router, I have another router/wifi used as the main/master node for Wifi Mesh network (plus 3 other nodes seen as slaved). This Router is providing DHCP service, on subnet 168.1.31.YYY
→ all my devices are connected on the 192.168.31.X network
On the Main ISP Router, I re-route (NAT) all specific ports that I use, to the Master router of the Wifi Mesh. So basically ports translation from 192.168.1.1 to 192.168.31.75 (this is the fixed IP on the Wifi Mesh Router)
From within this Master router, I dispatch (route) all the used ports to the proper machines on the local subnet. So basically ports forward from 192.168.31.75 to 192.168.31.X (X changing depending on the machine I target)
This works seamlessly on several Apps that I use.
So I did the same for the iHost: Pickedup a port (26767), and forward incoming traffic as per:
192.168.1.1:26767 to 192.168.31.75:26767 to 192.168.31.16:80
(192.168.31.16 is the IP of the iHost device)
But that does not work… No idea why …
That doesn’t sound safe as standard traffic is unencrypted and you’re trusting the IHost interface to be safe even if it is exposed.
I’ve been wondering about whether they should implement SSH and 2-Factor-authentication. At the moment Tailscale is a nice safe alternative. Why do you not like it?
Can’t use SSH from Work (firewall is closely monitoring this type of traffic, I don’t want to take risks )
Tailscale is a VPN, and using VPN from within local work network to outside world is prohibited (so i wont even try if this works)
A simple HTTP will go through (but of course can be blocked, but that’s not the case as of now )
Yeah I agree remotely accessing the iHost on port 80 is not ideal, but I hope they’ll implement port 8080 some days
Nevertheless, I do not understand what is blocking right now… very strange.
Turn off wifi on your phone? I don’t think TailScale has an option for “trusted networks” so it’d not automatically turn on/off and you’d need to turn it on, but previously when I’ve had to avoid work restrictions I’ve just set up unusual ports for things. They just blocked particular ports, but didn’t look at the traffic on other ones. Don’t know if TailScale has the option to change port though.
I connect from Work, using a Laptop (not phone)
I did that (pick up a random port (like 28006) on Home PC) but does not work.
From the exact same Work laptop, i can connect to other ports on my Home PC though…
Weird. This is why I’m starting to think there is something on the iHost side… ?
Can you remote access a PC at home using a PC at work? I used to backup my data despite a harsh firewall at work to a laptop at home. I’m pretty sure I just setup an SSH tunnel between the two computers.
Maybe you should install a reverse proxy. I think it would even be safer than directly exposing iHost to the Internet. The other option would be to use Cloudflare Tunnel (Argo tunnel/Zero trust)
I use the vpn wireguard integrated in the router fritz