APC Remote Power Management

[pctech64]

Hello All;
I'm facing a new problem;
As I'm finishing my home Lab Rack, I bought a couple of APC's AP9211 Master Switches to be able to remote access my lab from anywhere.
I configured ip addresses for both, inside my home network and I connected them to my Dlink DIR-655 Home Router.
I can access both units from inside my home network with my Mac Book Pro using Mac Terminal or ZTerm; from my Windows PC I can access them using HyperTerminal or TeraTerm Pro. I can also use the web browser on both machines to type their IP Address and I'm in; I can turn outlets on, off or the whole rack and telnet to my routers and switches and play; life is great and fun!!....all until I went to the public library with my mac and tried to connect to my APC's IP Addresses...couldn't do it.
I have google for some time now and don't find the solution to how exactly set this up or what to use
Troop to the rescue will be welcome.
I have a cable modem ( Cox high Speed Int.) my Dlink DIR-655 wireless home router and 3 cables that go to my Lab Rack; 2 for the APC's Ethernet cards; 1 for internet access to one of my lab switches; but everything start with those APC's; from there I control all the Lab; I figure accesing it from outside my house I don't need my PC just my laptop or any means of connection, as long as I can get to my router.
I have the WAN configuration of my home router as well as the LAN
Please advise!!

 

[Lemon13]

do you have a static public ip?
if not, you need to use a service like dyndns.com and a router that can update your ip in case the ip changes

M. Knorr

MCSE, MCTS, MCSA, CCNA

 

[pctech64]

I don't have static ip. I leave my Dlink DIR-655 wireless home router on 24/7 and so my cable modem.
dyndns is supported by my home router but the service cost $48.00 for the year or they just gives you only 1 free name; i need access to 2 ip addresses in my internal LAN from the outside to be able to turn on/off all 16 outlets controlled by the two APC's
any ideas?

 

[pctech64]

my router hasn't changed the public ip in 40 days; I understand the benefit of the dyndns service but is it possible to run 2 equipment with only 1 connection to my internal LAN? from the inside I need to log in twice to be able to work the 2 power management APC's; in the future if this lab grows, it will be 3 APC's!! each APC controls 8 outlets and needs 1 ip address configured for you to access it from the LAN or WAN

 

[Lemon13]

you only have 1 public ip, so one account is enough, and thats free

your router is doing nat to map the public ip to the private ips of your network

i recommend get a vpn-server capable router or set up a small box as vpn server (the Dlink DIR-655 only supports vpn-passthrough)

see if you can do something at the nat section of the dlink

M. Knorr

MCSE, MCTS, MCSA, CCNA

 

[unclerico]

have you opened the port(s) necessary to allow inbound traffic through your router??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

unclerico; no , I don't know exactly how to do that on the Dlink it does have a port forwarding section and a virtual server section, even a routing section it does not have anything that indicates I can play with NAT settings.
I was googling about how to use other ports # than defaults for SSH (22) but I don't know how to fill those boxes at the router; ej; if I set two diferent ip addresses to be forwarded to port 22, I get a popup box stating the setting conflicts! and can't save it.
The UI in this router is intuitive but it does not explain how to work with it; just what it does.
At this point I can't afford to buy any service or additional routers, nor I think I have to; I just need the proper way to set this up exactly step by step; it shouldn't be difficult for the one who knows

 

[unclerico]

so it looks like you'd set up the virtual server. you'll need to use two different port numbers on the public side, but you can have the virtual server then redirect them to the appropriate port on the inside. so if you have two units both using https you'd define one public port as 443 and then a second public port as 444 (or something else) then the private ports for both entries will be tcp/443. make sense??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

I did that as you explained unclerico and saved in my router; and had no conflicts saving it.
now lets say I go to the library with my Mac; open terminal service; new connection; choose SHH > Ip address of unit > connect?
OR- I need to do it by the browser Safari like this; 192.168.1.25:443? doing that way for both set ip addresses in my private LAN?
OR - do I need to type the WAN Ip address in the browser?
How exactly I connect or what is the steps? if this is going to work lol
Sorry for looking so lost; it is my first time dealing with this so I'm learning in the process

 

[unclerico]

no, it's cool, don't worry about it. I'm assuming that the APC units have a web interface (HTTPS to be exact)?? If that's the case you'll go to the library (or any other spot outside of your local lan), open a web browser, type in

https://<your_public_ip>:<port>

and hit Enter. <your_public_ip> should be self explanatory; it is the IP provided to you by your ISP. The <port> will be what you have entered in your Virtual Server configuration on the D-Link. For example, if you entered TCP/443 and TCP/444 in your Virtual Server config and your public IP is 1.1.1.1 so you'll enter

https://1.1.1.1:443

or

https://1.1.1.1:444

and when that traffic hits your outside interface it will be translated from the public iport to the internal iport. Make sense??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

unclerico, unfortunately I can't connect yet ; I logged into another network with my mac and did what you instructed and no results; I was told that this router model won't allow that connection to take place because the firewall set in place and it is not designed for outside access; I wonder what is it with all those virtual servers page and port forwarding page in the router interface; I was told those are for use in the LAN not from the WAN.I was told if I want to access from anywhere outside, I would have to get a VPN router and set it between my cable modem and home wireless router; I saw one on ebay which is in bid process but I can't afford to buy any more network stuff, for now.
Please tell me this is not true and yhat I can configure that Dlink to connect from the outside without the need to set it all having to buy a VPN router/swith; I could configure one of my switch on the rack for this ; like the 2950 but leaving it on always will put a dent on my electric bill!!! is not the dame like leaving on the home router.
Please advise ...some more lol

 

[unclerico]

whoever told you that is completely wrong. port forwarding and in this case virtual server configuration is meant to provide external access to internal resources. in fact there is also a place where you can specify a dmz host. anyway, when you access the apc unit from inside the lan, do you access it via http or https or ssh or some other proprietary protocol?? also, i believe that there is the ability to enable diagnostic logging on the unit so i would turn that on and take a look at those logs.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[unclerico]

oh, one last thing. directly from the user manual of hte router (the web and ftp services are just examples, they are not the only protocols supported):

The DIR-655 can be configured as a virtual server so that remote users accessing Web or FTP services via the public IP address can be automatically redirected to local servers in the LAN (Local Area Network).
The DIR-655 firewall feature filters out unrecognized packets to protect your LAN network so all computers networked with the DIR-655 are invisible to the outside world. If you wish, you can make some of the LAN computers accessible from the Internet by enabling Virtual Server. Depending on the requested service, the DIR-655 redirects the external service request to the appropriate server within the LAN network.
The DIR-655 is also capable of port-redirection meaning incoming traffic to a particular port may be redirected to a different port on the server computer.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

then why it is not workin?

 

[pctech64]

when I access the apc's from inside the LAN I just use terminal service on my mac laptop or safari web browser. from my PBC I can use hyper terminal TCP/IP Winsock, port 23 or Tera Term, same way (Telnet) or typing address in Internet explorer http; where only one address can be accessed and the other apc's ip address returns an error 400.
The virtual server page is configured as best I can and as per your instructions but still got a message from the web browser safari on my mac, connected to a neighbors network, that the address <public:443> can' be found because it can't find the server with this address.
It has to be something I'm doing wrong or omitting

 

[unclerico]

ok, so you are using just regular http and not https. alter your virtual server config and put in TCP/80 and remove the TCP/443

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

ok;I finally connected from the outside WAN to my LAN following your instructions; new problem is I couldn't telnet; even setting ports 22 for ssh and 23 for telnet; renew ip address; typed new ip like ssh//:70.11.140.x:22 and nothing;
tried to use terminal services on my mac as well and same result.
to reach the access server address, the Internet Ethernet cable comes first to a switch configured properly , I think, and from one of itsports out to the access server; in this fashion, I can access it from inside my LAN; from that access server I access every one of the rest of the lab!
I got tyred and I bought a linksys 4 port VPN router/switch for $96.00 @ eBay.
I'll set the VPN between the cable modem and wireless router
I only need three tunnels out of 30 and only one of the wan ports but hey !! I've been dealing with this s... for quite a while!
I couldn't afford the VPN I happens to win on eBay so when I have the money to pay for it I'll wait and set my network; I never realized it would be so hard for me to set this up but the bright side is I'm learning in the process and I don't have experience from before!

 

[unclerico]

just to be sure, you can access the apc unit via ssh/telnet from inside your lan correct??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[pctech64]

correct