Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 5353 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access sprinkler controller externally?

sopfwal092

Can't seem to access my Rain Bird controller externally. Internally I can access and control the sprinklers just fine.

There is nothing in the logs. It only shows the controllers local IP accessing Google DNS. - Web protection excluded.

I tried a DNAT rule with automatic firewall rule: Traffic from Controller > Using Any > Going to External WAN Address - Change the destination to Controller.

I have similar DNAT rules for cameras and I can access them externally without issue.

Anyone have experience with sprinkler controllers?



This thread was automatically locked due to age.
Parents
  • 0

    Hi sopfwal092,

    could you please make a screenshot of your DNAT rule.

    I would say that your rule definition is incorrect.
    Make a rule that looks like this:

    Source: Any or Internet
    Service: If it is an Webservice select HTTP/HTTPS or the used ports you need
    Destination: External WAN Address
    NAT Destination: Controller

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    It's a controller where you use an app to connect to your wifi, similar to cameras, lights etc. What's strange is that the sprinkler app only works when connected to the same SSID when it was configured. If you connect to another access point you cannot access the sprinkler controller using the app.

     

    This is logged for the device using the app to access controller: 


    name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="xx:xx:xx:xx:xx:4e" dstmac="xx:xx:xx:xx:xx:dd" srcip="10.10.1.119" dstip="255.255.255.255" proto="17" length="35" tos="0x00" prec="0x00" ttl="64" srcport="xxxxx" dstport="xxxxx"


    This one is odd because it seems the controller has an ip in a different address space and there is an invalid packet logged:

    name="Invalid packet" action="invalid packet" fwrule="60007" initf="eth1" outitf="eth0" srcmac="xx:xx:xx:xx:xx:71" dstmac="xx:xx:xx:xx:xx:dd" srcip="192.168.0.1" dstip="192.168.0.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="xxxxx" tcpflags="ACK FIN"


    Source MAC ending in 71 is sprinkler controller.

  • 0 in reply to sopfwal092

    The first packet that was dropped because it is an broadcast packet where no rule exist.

    It seems that your app has only the capability to find controllers via broadcast.
    This explains why it only works within the same SSID.

    Is it possible to set a destination ip?

    If not you can make an DNAT Rule.
    So that the broadcast will be forwared to your controller ip.

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    Not sure I'm getting the rule right. Could you provide an example?

  • 0 in reply to sopfwal092

    Try this:

    Source: Your Network where the request come from
    Service: Your Controller Ports
    Destination: 255.255.255.255

    NAT Destination: IP adress of the controller
    NAT Service:

    If automatic firewall rule is not ticked you have to create one.

    Best Regards
    DKKDG

Reply
  • 0 in reply to sopfwal092

    Try this:

    Source: Your Network where the request come from
    Service: Your Controller Ports
    Destination: 255.255.255.255

    NAT Destination: IP adress of the controller
    NAT Service:

    If automatic firewall rule is not ticked you have to create one.

    Best Regards
    DKKDG

Children
No Data
Unfiltered HTML