The Sprint-supplied router has no mechanism to work with dyndns.org or equivalent. I think the Sprint service blocks incoming traffic on port 80, but I can work around that by using port 8090 as the external access http port. I have the apache on the pi listening on both 80 and 8090. Sprint does allow incoming on port 22 (ssh), so I've been able to do some administration from home. The static ip is just so we can find the pi web server (on 8090) from outside, for administrative purposes. There won't be a lot of traffic, and only Evan and select few others will be using that, to allow updating the museum kiosk content from home. The next job that needs to be done is to delete the (useless) port forward for port 80 to the pi, and add a port forward to port 8090 on the pi. The pi is now static at 192.168.0.5. I was able to set that up in the Sprint router (mac address -> fixed IP address). Long term, I may move the listen port for ssh from 22 to something less obvious (security by obscurity), OR change the pi's ssh to only use public/private key authentication. Because our external IP is in a block usually used by cell phones, that means that it won't normally be a target for hackers, as they don't expect open ssh ports on cell phones. Any questions, don't hesitate to contact me. Bill Dudley This email is free of malware because I run Linux. On Sun, Apr 16, 2017 at 8:05 AM, Dean Notarnicola via vcf-midatlantic < vcf-midatlantic@lists.vintagecomputerfederation.org> wrote:
Thanks. I think our service let's us reserve one public IP. I'll work directly with Bill.
On Sun, Apr 16, 2017 at 3:44 AM dave.g4ugm--- via vcf-midatlantic < vcf-midatlantic@lists.vintagecomputerfederation.org> wrote:
If the routers external IP address changes you need some kind of external service to find it. I use a dynamic DNS service from www.mythic-beasts.com. There is a scheduled task on my windows PC that updates the address.
Dave
-----Original Message----- From: vcf-midatlantic [mailto:vcf-midatlantic- bounces@lists.vintagecomputerfederation.org] On Behalf Of Evan Koblentz via vcf-midatlantic Sent: 16 April 2017 07:12 To: Vcf <vcf-midatlantic@lists.vintagecomputerfederation.org> Cc: Evan Koblentz <evan@vcfed.org> Subject: Re: [vcf-midatlantic] Museum report
We can setup internal static IP addresses on the router, and setup port forwarding so that they are accessible from the internet. No outside service necessary.
That's what Bill did, but there were issues related to the router's IP changing, various ports being blocked (we think), and the router itself misbehaving.