Logic Machine Forum
Port 3671 is blocked from any public IP address - Printable Version

+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Port 3671 is blocked from any public IP address (/showthread.php?tid=3364)



Port 3671 is blocked from any public IP address - domotiqa - 12.05.2021

Hello,
I used to have remote program on demand for my customer. I press a button wich open 3671 port temporely, then program, then push off the buton with a script. I also have a script wich close it at 24h00 just in case of forgot.

My Problem, is that, since 2.6.1 firmware on SL/HL, they put security update:

security: disallow KNX/IP Tunneling connections from external IPs (Port 3671 is blocked from any public IP address)

I did'nt understand why it was'nt working anymore, but it was the explanation.

My question, is there a way to allow it, or at least allow my office IP ...


ANy help, would be precious.
Best regards


RE: Port 3671 is blocked from any public IP address - Daniel - 12.05.2021

Hello, We also blocked this functionality on LM. We scanned the network and we found nearly 2000 devices with permanently opened KNX port. Unfortunately people are not responsible and anybody now can take control of such project. For LM this is not a problem as we can now use ZeriTier for secure remote connection, also ETS download. Unfortunately SE does not provide this solution yet. From fw 2.6.1 every firmware. package has to be signed by SE, due to this we no longer can provide direct software update for SE customers.
We provided to SE package which will allow you to specify an external IP which will allow the connection. It is now up to them to deliver this to you.


RE: Port 3671 is blocked from any public IP address - Erwin van der Zwart - 12.05.2021

I already discussed this with our team and they are aware, so Daniel you will get some feedback on it (:

From my point of view we need an option to open it by a menu command and it closes after x period again to make it at least possible, current situation will give lots of questions like above as everyone is using the controller as a remote accesspoint...

TBC..

Edit: I see that we get the option to enter a external IP, that will work for me, but auto closing after xx period would be even more secure..


RE: Port 3671 is blocked from any public IP address - Daniel - 12.05.2021

Erwin, you will be able to open it only for a specific external IP.


RE: Port 3671 is blocked from any public IP address - Erwin van der Zwart - 12.05.2021

(12.05.2021, 09:25)Daniel. Wrote: Erwin, you will be able to open it only for a specific external IP.

Yes perfect, i already edit my previous post (:


RE: Port 3671 is blocked from any public IP address - domotiqa - 13.05.2021

(12.05.2021, 09:04)Daniel. Wrote: Hello, We also blocked this functionality on LM. We scanned the network and we found nearly 2000 devices with permanently opened KNX port. Unfortunately people are not responsible and anybody now can take control of such project. For LM this is not a problem as we can now use ZeriTier for secure remote connection, also ETS download. Unfortunately SE does not provide this solution yet.  From fw 2.6.1 every firmware. package has to be signed by SE, due to this we no longer can provide direct software update for SE customers.
We provided to SE package which will allow you to specify an external IP which will allow the connection. It is now up to them to deliver this to you.

ok great, the problem is known and people react Big Grin 

Of course I know people are not aware about security, but as you said, other do stuff well.

I guess we need to be able to put a Ip adress OR a DNS alias also. Some customer should have dynamic address and use service like dyndns...
Thank all for your feedback


RE: Port 3671 is blocked from any public IP address - toujour - 09.06.2021

Hi Erwin,
where I can found the package for LSS100100 ?

BR


RE: Port 3671 is blocked from any public IP address - domotiqa - 09.06.2021

+1
we are waiting for it Big Grin


RE: Port 3671 is blocked from any public IP address - Erwin van der Zwart - 10.06.2021

Not released yet as far as i know, will ask the guys for an eta..


RE: Port 3671 is blocked from any public IP address - toujour - 02.09.2021

Any news ?


RE: Port 3671 is blocked from any public IP address - domotiqa - 02.09.2021

(02.09.2021, 09:34)toujour Wrote: Any news ?

no news also...
I still use the 2.6.0 version since no patch... But this version has difficult issu to program spacelogic Schneider product (programing stop before the end)? I don't have the issue with 2.5.0 firmware. Strange.

I also see a 2.6.2 
--> system config: add CORS origin settings for the HTTP server

but don't think it s the patch


RE: Port 3671 is blocked from any public IP address - Daniel - 02.09.2021

It is included in 2.6.2


RE: Port 3671 is blocked from any public IP address - domotiqa - 02.09.2021

what do you mean.
Where do we put our Ip adress or hostname ? it s this CORS functionnality or other setup?


RE: Port 3671 is blocked from any public IP address - Daniel - 02.09.2021

You need a Script to run for the KNX IP will send you PM. The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.


RE: Port 3671 is blocked from any public IP address - Jose - 25.03.2022

(02.09.2021, 10:11)Daniel Wrote: You need a Script to run for the KNX IP will send you PM.  The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.

Hello Daniel,

Please, can you explain how to remotely access port 3671 of the wiser??
Thank you very much in advance.
Best Regards.
Jose


RE: Port 3671 is blocked from any public IP address - Daniel - 25.03.2022

(25.03.2022, 10:01)Jose Wrote:
(02.09.2021, 10:11)Daniel Wrote: You need a Script to run for the KNX IP will send you PM.  The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.

Hello Daniel,

Please, can you explain how to remotely access port 3671 of the wiser??
Thank you very much in advance.
Best Regards.
Jose

You cant, in LM we have solution, wiser does not. You can create VPN network on site.


RE: Port 3671 is blocked from any public IP address - FatMax - 13.05.2022

Is this an issue with local IP addresses as well? I can use 3671 locally if I set the IP to the standard factory one, but if I change the internal IP to 172.10.11.10 I can't reach it through ETS.

No ports are open to the internet, this is locally only.

Wiser with 2.7.0.


RE: Port 3671 is blocked from any public IP address - admin - 13.05.2022

Class B range is 172.16.0.0 - 172.31.255.255, 172.10.11.10 is a public IP address.


RE: Port 3671 is blocked from any public IP address - FatMax - 13.05.2022

Ok - thanks. It is a managed network, so I'll contact the admin.