Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 5224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access sprinkler controller externally?

sopfwal092

Can't seem to access my Rain Bird controller externally. Internally I can access and control the sprinklers just fine.

There is nothing in the logs. It only shows the controllers local IP accessing Google DNS. - Web protection excluded.

I tried a DNAT rule with automatic firewall rule: Traffic from Controller > Using Any > Going to External WAN Address - Change the destination to Controller.

I have similar DNAT rules for cameras and I can access them externally without issue.

Anyone have experience with sprinkler controllers?



This thread was automatically locked due to age.
Parents
  • 0

    Hi sopfwal092,

    could you please make a screenshot of your DNAT rule.

    I would say that your rule definition is incorrect.
    Make a rule that looks like this:

    Source: Any or Internet
    Service: If it is an Webservice select HTTP/HTTPS or the used ports you need
    Destination: External WAN Address
    NAT Destination: Controller

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    It's a controller where you use an app to connect to your wifi, similar to cameras, lights etc. What's strange is that the sprinkler app only works when connected to the same SSID when it was configured. If you connect to another access point you cannot access the sprinkler controller using the app.

     

    This is logged for the device using the app to access controller: 


    name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="xx:xx:xx:xx:xx:4e" dstmac="xx:xx:xx:xx:xx:dd" srcip="10.10.1.119" dstip="255.255.255.255" proto="17" length="35" tos="0x00" prec="0x00" ttl="64" srcport="xxxxx" dstport="xxxxx"


    This one is odd because it seems the controller has an ip in a different address space and there is an invalid packet logged:

    name="Invalid packet" action="invalid packet" fwrule="60007" initf="eth1" outitf="eth0" srcmac="xx:xx:xx:xx:xx:71" dstmac="xx:xx:xx:xx:xx:dd" srcip="192.168.0.1" dstip="192.168.0.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="xxxxx" tcpflags="ACK FIN"


    Source MAC ending in 71 is sprinkler controller.

Reply
  • 0 in reply to DKKDG

    It's a controller where you use an app to connect to your wifi, similar to cameras, lights etc. What's strange is that the sprinkler app only works when connected to the same SSID when it was configured. If you connect to another access point you cannot access the sprinkler controller using the app.

     

    This is logged for the device using the app to access controller: 


    name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="xx:xx:xx:xx:xx:4e" dstmac="xx:xx:xx:xx:xx:dd" srcip="10.10.1.119" dstip="255.255.255.255" proto="17" length="35" tos="0x00" prec="0x00" ttl="64" srcport="xxxxx" dstport="xxxxx"


    This one is odd because it seems the controller has an ip in a different address space and there is an invalid packet logged:

    name="Invalid packet" action="invalid packet" fwrule="60007" initf="eth1" outitf="eth0" srcmac="xx:xx:xx:xx:xx:71" dstmac="xx:xx:xx:xx:xx:dd" srcip="192.168.0.1" dstip="192.168.0.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="xxxxx" tcpflags="ACK FIN"


    Source MAC ending in 71 is sprinkler controller.

Children
Unfiltered HTML