Remote access via the Internet

Excluding the S-Play Show controller, Typically, ENTTEC Ethernet devices are not designed to be connected directly to the internet without sufficient web security in place.


ENTTEC recommends keeping your lighting network (Art-Net /sACN/ KiNet/ ESP) separate from an Internet connection. This will improve the predictability, stability and overall security of your installation.


If this is unavoidable, ensure your network firewall provides security on your network, and you have sufficient extra bandwidth to deal with influxes of traffic.


ENTTEC Ethernet devices can be accessed remotely through the Internet. There are three key methods to achieve this:

  • Remote Desktop Access through a local Computer
  • Port Forwarding
  • Through a VPN

Remote Desktop Access Through a local Computer

One of the most straightforward and user-friendly methods to access your ENTTEC devices remotely is to use remote connection software on a computer on the same network as your ENTTEC devices.


As the name suggests, this requires a computer on the same network as your installation, constantly running and ready to connect. This is a good solution for those already using a computer as part of their installation to run lighting control software that may require periodic programming modifications (i.e. ENTTEC’s ELM).


Examples of off the shelf remote access software include:

  • TeamViewer
  • Logmein
  • Real VNC

By connecting the local computer on your installation to the internet, configuring it to boot once power is received, and for the remote access software to start automatically, you will be able to remote in to make modifications to your system at any time.


ENTTEC recommend using a separate network interface (or USB-> Ethernet adaptor) to keep your lighting network data separated from a wider network or internet connection.

Port Forwarding

Port Forwarding (or Port Redirecting) Is relatively easy to set up if supported by your router. Each router is different, so it's advised to consult your specific router’s documentation for precise configuration details. Some routers refer to Port Forwarding as ‘NAT Options’ (Network Address Translation - Options).


Warning: Port forwarding is the least secure option in this list; security is based heavily on the model of the router and the Firewall settings you select.


If your port forwarding setup does send multiple requests from differing IPs, as a workaround, you may want to enable your router DMZ options when port forwarding. In some scenarios, this has been known to reduce the chance of multiple commands causing issues with web sockets. DMZ allows only one device on the network to connect to the internet. Consequently, this workaround is only helpful for installers looking to remote into a single machine.


When setting up port forwarding, check the list below to ensure all ports used by ENTTEC products are being forwarded:

Port

Use

Port 55555, Port 80

Web Interface & Web API

Port 13132, Port 13133,

TCP/UDP/Websockets

Port 443

Web Socket Default

Port 3333

NMU Discovery

Port 6454

ArtPoll

Art-Net or sACN port numbers are not included in the table - these should not be sent over the internet.

VPN

Advanced routers support the option to create a VPN (Virtual Private Network). Alternatively, one can be made on a PC local to your installation. VPNs take considerably more time to configure than the other options in this article but provide a very secure method to remotely connect to the local private network your ENTTEC devices are on.


When using a VPN, your ENTTEC device can be accessed in an identical method as if you were on the same network.