(0 comments, 42 posts)
This user hasn't shared any profile information
Posts by James L2
I have an extensive home automation implementation that I have built over the years based, for the most part, on Insteon technology. I recently decided that I wanted to integrate my Ademco security system into my setup so I could take advantage of its vast array of sensors.
I have been using an ISY-99i controller module and an Smarthome 2412S PLM to drive my Insteon network and have been pretty happy with that configuration. One of the main attractions of the ISY-99i appliance is the fact that it can stand alone, without the need for a computer. Since hacking my security panel into my system will require a computer to drive the programming interface, the ISY-99i starts to loose its appeal.
Since I already have a Mac machine that serves up files and other services in the house, I thought I would go ahead and use that box to power the Ademco interface as well as take over the management of my Insteon network. My preference would be to use an opensource project like Misterhouse to drive my solution but for a number of reasons, I decided to investigate the Indigo solution from Perceptive Automation.
The first step to investigating the Indigo Software was to interface my Mac, running Snow Leopard, to my Insteon Network. Since the 2412S PLM is a serial device and Mac computers do not ship with serial ports, you have to find a way to make the two talk to one another. The Indigo online manual provides some very helpful information on interfaces. Since I already have a 2412S PLM, that will be my interface of choice.
As stated in the help document, it will also be necessary to use a USB to Serial adapter to connect the PLM’s RJ-45 to 6-Conductor cable to a USB port on the Mac. I was pretty certain that I had seen a USB to Serial adapter on the shelf at my local Best Buy, so I started there. Sure enough, there was an overpriced ($37) Dynex DX-UBDB9 adapter sitting on the shelf. Since I had the free time to work on the project right then and not a few days later, I decided to buy the unit even though I could have ordered one (or parts to build my own) for a fraction of the price elsewhere.
I unboxed the adapter and attached it to my computer and the PLM and was hoping that OS/X would see the device and just work. Unfortunately it did not. The disk that came with the device only contained Windows drivers so I started searching the web. I found a Mac driver on the manufactures website but it didn’t work. I also found a driver on the Apple support forum but that driver didn’t work either. I noticed that the Indigo help document referenced the FTDI Virtual COM Port driver for USB to Serial connectivity on the Mac. My next thought was to try that, but again, no good.
At this point I began to suspect that there might be an incompatibility between my adapter and OS/X. I opened up System Profiler to see if my Mac was seeing anything on the USB Bus that might be helpful. Right away I noticed that the chipset on my adapter was different than expected and upon further investigation learned that their are two primary chipsets used on USB to Serial adapters. One of those chipsets is by Future Technology Devices International, referenced above, the other is from Prolific Technology and, as it turns out, is the maker of the chipset in my Dynex Device. After more trial and error, I finally came across a project on github that updated the Mac driver for the Prolific 2303 chipset to work on OS/X Snow Leopard.
I downloaded the driver package and installed it on my machine and I immediately saw a new device that was referenceable by Indigo!
Now that I can see the PLM via Indigo, I will need to perform extensive testing to ensure that the COM driver is reliable while also ensuring that Indigo will meet my needs as a replacement engine for my Insteon network as well as provide a suitable interface to my Ademco panel.
Until next time … geek out!
I have had an open item on my To-Do-List to set up a WebDAV Server for well over a year now. I needed a good distraction from my work activities for the weekend so I decided I would –finally- make this list item a reality.
For those that don’t know what WebDAV is, let me give you a quick overview. First off, WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to HTTP that allows people to edit and manage files collaboratively on remote web servers. In short, it’s a web accessible folder; this is what Apple gives you with their iDisk service.
Since my current file server is a Mac Mini running Snow Leopard, I wanted to use that as my WebDAV platform. Apple’s OS/X has been WebDAV friendly for quite some time and Apple even makes setting up your own WebDAV server pretty easy. Keep in mind that the software that makes this possible isn’t Apple’s but is all open source. That said, Apple includes all of the necessary pieces with Snow Leopard, so its just a matter of configuring those pieces and then turning them on.
Step 1 – Enable Apache Web Server
Since WebDAV is an extension of HTTP, we have to have an HTTP server if we want to accomplish our goal. Luckily Snow Leopard ships with the best web server available, Apache! Apple makes enabling an instance of Apache very simple, just go to System Preferences > Sharing and check the box labeled Web Sharing.
Once that’s complete, your web server is up and running. To validate this, click one of the two links shown in the configuration pane. If you don’t get a connection error then you’re in business.
Step 2 – Configure Apache Web Server
Now we need to edit our http configuration file. The file that we need to modify is http.conf which is located in /etc/apache2/. The best way to do this is to fire up a terminal window and use vi to make the change:
sudo vi /etc/apache2/http.conf
Look for the following lines and if commented (proceeded with a “#”) then remove the comment.
LoadModule dav_module libexec/apache2/mod_dav.so LoadModule auth_digest_module libexec/apache2/mod_auth_digest.so
Now we need to tell Apache to load our WebDAV configuration file. To do this, locate the line below and remove the comment (towards the bottom of the file):
Step 3 – Configure WebDAV
Now we need to edit our http-dav.conf file. The default configuration will work as long as the folders exist and the appropriate rights are set up. That said, the file locations didn’t meet my needs so I changed them along with a number of other settings. Following is what I ended up with:
DAVLockDB "/Library/WebServer/DavLock/DAVLockDB" DAVMinTimeout 600 Alias /webdav "/Volumes/USB1/Shares" <Directory "/Volumes/USB1/Shares"> Dav On Order Allow,Deny Allow from all AuthType Digest AuthName WebDAV-Realm AuthUserFile "/usr/var/webdav.passwd" AuthDigestProvider file <LimitExcept GET HEAD OPTIONS> require user admin </LimitExcept> </Directory>
A couple of items you might find helpful:
- The DAV ON directive MUST be within the Directory tags to work correctly
- Notice that I have DAVLockDB at the end of my path for the option with the same name … this shouldn’t be required, but I couldn’t get my instance to run without it
- My LimitExcept configuration REQUIRES that admin be authenticated
There is plenty of information available on configuring WebDAV for Apache … search Google for more options.
Step 4 – Bring It All Together
The first thing we need to do is create our folders.
sudo mkdir /Library/WebServer/DavLock sudo mkdir /usr/var
Now let’s set the folder rights.
sudo chown www:www /Library/WebServer/DavLock sudo chown www:www /usr/var chmod 770 /Library/WebServer/DavLock chmod 770 /usr/var
Now on to accounts and passwords. If you’ll notice in the http-dav.conf configuration above, we are using an authorization type of “digest”. One reason for going down this path is that many have reported problems using WebDAV with “basic” authentication with Windows 7. Making this work with Windows 7 was a requirement for me so I figured I would start with digest since it has been reported to work with Windows 7. The other reason for using digest is that it does not transmit credentials in clear-text which makes it a far safer option from a security perspective.
Now let’s create our user / password and assign our file to the appropriate group which we do as follows:
sudo htdigest -c /usr/var/webdav.passwd WebDAV-Realm admin sudo chgrp www /usr/var/webdav.passwd
Step 5 – Test
Now we need to tell Apache to use our updated configuration and then validate that everything works as it should.
To accomplish this, let’s stop Apache, test our configuration and then start Apache back up.
sudo apachectl stop sudo apachectl configtest sudo apachectl start
Assuming you didn’t receive any errors when you ran the second command, you should be ready to go.
To test, Open Finder and then press Command-K and type localhost/webdav. You should be prompted for your credentials and then the folder should open just like any other. Be sure to test creating, changing, moving and deleting files.
My son has a number of game consoles and has really been into his XBOX 360 of late. He recently acquired a new title that was complaining about our network configuration and refused to let him play.
After hearing his description of the message, I figured the issue had something to do with my very tight firewall configuration. I went up and had a look at the error and sure enough, the complaint was regarding my NAT (Network Address Translation) configuration which it wanted me to resolve by enabling UPnP (Universal Plug and Play). I’m not a gamer but I know that many of the gaming platforms make extensive use of UPnP to ease firewall configuration by automatically port forwarding the ports needed for their particular platform. Since I have so much of my home “wired” to the internet, I’m pretty particular about my configuration and refuse to allow automatic rule insertions on my firewall regardless of how benign they might be. That meant Microsoft’s suggestion to enable UPnP was not an option.
If you read this blog with any regularity, you know that I am fond of the DIY approach to meeting my family’s technology needs. That means I tend to build many of the solutions that we use every day, including my router, which I built using a small form factor Shuttle case and then installing pfSense which is a BSD based router distribution. If you use a Linksys or Netgear router, you may find options in the configuration menu specifically for gaming, however no such options exist in pfSense.
My first thought was to figure out what ports the XBOX was wanting to use then login to my router and set up NAT rules for those ports. One way to figure out what ports I would need to focus on would be to fire up an instance of Wireshark and analyze the traffic from the XBOX, but since the XBOX 360 is such a mainstream device I figured this would be a pretty common problem and a quick Google search would turn up the needed information. Just as I suspected, the port information was readily available, but there was plenty of conflicting data that, in this case, centered around single ports versus port ranges. To test whether or not a few simple port forwarding rules would work, I did the following:
- Set up a static DHCP lease for the XBOX so I could ensure that the device always had the same IP address
- Set up a rule to port forward ports 87-89 UDP and port 3073-3075 TCP/UDP from the WAN interface to the XBOX
After a quick test, we found that the problem persisted. At this point I started to focus on the text of the error message that mentioned “Open NAT” … what the heck is that!? I’m not a networking expert, but I certainly know my way around a router and know my networking terms but I had never heard of “Open NAT” so I started to poke around and couldn’t find anything that really explained that term. Finally I ran across a site that explained that they were Microsoft terms that were slight variations of already existing open standards; no wonder I couldn’t find any explanatory information … makes you wonder why Microsoft didn’t just use the existing terms :)
|Microsoft Term||Standard Term|
|Moderate||Cone shaped NAT with port filtering or with UPnP turned off|
|Open||Cone shaped NAT with no port filtering or with UPnP turned on|
Now that I knew that the I needed a Full-Cone NAT setup, I had to figure out how to change these settings on my router.
By default pfSense is configured for what it calls “Automatic outbound NAT rule generation (IPsec passthrough)”. This setting causes the ports the be “scrambled” which, in turn, causes many games for the XBOX 360 and other platforms to fail. The other option is to tell the router to use “Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))” which will allow port information to flow in and out of the router without needing any kind of translation.
After making this change we performed another test and voilà – it worked!
Remember the conflicting information that I mentioned earlier regarding ports? I didn’t want to just let that go, so I then went back and performed a number of tests and found that we were able to get by with only forwarding ports 88 and 3074.
Note that this configuration may not work on networks with multiple XBOXs but if you have a single XBOX and have been struggling with NAT errors, this solution works like a charm.