# Can't Get Password Protection Working on TivoWebPlus



## Avenger (Mar 26, 2002)

Hi!

I have TivoWebPlus running on my Zippered HR10-250, and it works great. But I'm running into one issue. I have opened port 80 on my router to gain access to TivoWebPlus from outside my firewall, but I don't want every two-bit script kiddie ravaging my Tivo. So I edited tivoweb.cfg to put in a username and password. Which is fine, except that I absolutely CANNOT authenticate from any web browser outside the firewall. (I don't need to authenticate from inside, as I left that configuration option at default.) 

Is there some secret to entering this information into tivoweb.cfg? I know it's in there, because closing and re-opening the file in the joe editor shows the results of any changes i have made. And I have done a full reload after each change to the cfg file. Should I be putting the password and username in quotes? Apostrophes? I've tried absolutely everything, and no matter what, I can't seem to use the password and username I have chosen to gain access to TivoWebPlus.

Any ideas?


----------



## luder (Sep 7, 2006)

Avenger said:


> Hi!
> 
> I have TivoWebPlus running on my Zippered HR10-250, and it works great. But I'm running into one issue. I have opened port 80 on my router to gain access to TivoWebPlus from outside my firewall, but I don't want every two-bit script kiddie ravaging my Tivo. So I edited tivoweb.cfg to put in a username and password. Which is fine, except that I absolutely CANNOT authenticate from any web browser outside the firewall. (I don't need to authenticate from inside, as I left that configuration option at default.)
> 
> ...


I never tried this setup but, i'm willing to give it a try..

what's your Eivo ip? does it start as 192.168.x.xxx or 168.xxx.xx.xx?

I would assign a different port other then 80


----------



## Avenger (Mar 26, 2002)

My internal Tivo IP is 192.168.0.100.


----------



## luder (Sep 7, 2006)

Avenger said:


> My internal Tivo IP is 192.168.0.100.


Ah i see ... see anything that starts in 192.168 is nat (private network) 
in order view it outside the private network you have to forward it outside the privite network .. since it's in nat you don't really need to worry about it much i would change the port.. and you should be fine :up:

if you want a pop up for eivo inside NAT go into tivoweb.cfg and change LAN_Auth = 0 to LAN_Auth = 1

what kind of router are you using?


----------



## BTUx9 (Nov 13, 2003)

What version TWP are you using? If >=1.4, then are you sure you're editing the correct .cfg file?


----------



## luder (Sep 7, 2006)

BTUx9 said:


> What version TWP are you using? If >=1.4, then are you sure you're editing the correct .cfg file?


Omg ... I'm not worthy is this the true BTUx9 i'm seeming here.. word around the camp fire says 2.0 is a green light is this true?


----------



## BTUx9 (Nov 13, 2003)

dunno about green light... there are still quite a few external modules that haven't been rewritten to work with it, but it's a MUCH more stable version (especially for machines with a large # of channels, like dtivos)

There are some nice new features, too, (if I do say so myself) like native folder support for S2s, and the ability to customize the format of some screens like NPL


----------



## luder (Sep 7, 2006)

BTUx9 said:


> dunno about green light... there are still quite a few external modules that haven't been rewritten to work with it, but it's a MUCH more stable version (especially for machines with a large # of channels, like dtivos)
> 
> There are some nice new features, too, (if I do say so myself) like native folder support for S2s, and the ability to customize the format of some screens like NPL


This kinda sounds good to me .. I tried 1.4 and i have to say it wasn't a walk in a park .. I'm glad that 2.0 sounds more pleasant in my eyes sounds like it took a big jump from 1.4 i have to say we got to Eivo Idols lol... Hope i'm not scaring you  
any other Modules that are comming up..

I have a question hope this is okay with avenger
I have a few prob with 1.3.1 if i were to go 2.0 will it fix them or should i hang on intill i fix the errors?


----------



## Avenger (Mar 26, 2002)

Actually, the port 80 is open on the router. If I remove the password and username from the cfg file, I can access TWP externally without a problem. The issue is specifically with the password / username. Once I add those to the cfg file, I am queried for them by the browser when I access TWP externally, but I cannot authenticate, regardless of what I put in there.

I'm running TWP 1.3.1. 

And I'm editing tivoweb.cfg.

BTW, no problem asking other questions in the thread. By all means, if there's an expert in the house, ask away.


----------



## luder (Sep 7, 2006)

Avenger said:


> Actually, the port 80 is open on the router. If I remove the password and username from the cfg file, I can access TWP externally without a problem. The issue is specifically with the password / username. Once I add those to the cfg file, I am queried for them by the browser when I access TWP externally, but I cannot authenticate, regardless of what I put in there.
> 
> I'm running TWP 1.3.1.
> 
> ...


hmm.. well, like i said i never had the Eivo to setup up externally however, if you had access to it externally before adding login and pw i don't see why you can't after..

hmm... can you post the tivoweb.cfg script.. 
Then highlight the script and click on php above this white box


----------



## Avenger (Mar 26, 2002)

```
############################################################################
#
# LAN_Auth:   If set to 0 then clients on the local network will not be
#             prompted for authentication, but external clients will still
#             be asked (unless both UserName and Password are blank).
#
# RSS_Auth:   If set to 0 then clients viewing RSS feeds are not required
#             to authenticate.
#
# HostsAllow: Allows you to specify the valid list of hosts that are allowed
#             to connect to the web server.  Host and Network addresses can
#             be placed in the list.
#             For example: "HostsAllow = 192.168. 202.102.12.1" will allow
#             access from 202.102.12.1 as well as any host whose IP address
#             matches 192.168.x.x
#
############################################################################
LAN_Auth = 0
RSS_Auth = 0
HostsAllow = 
UserName = pass
Password = word
Port = 80
Prefix = 
Theme = blue
DescriptionHover = 1
MultiDelete = 1
TyShowLinks = 1
EthernetInterface = 
DescriptionShow = 1
ShowMergeButton = 0
```
Here is my tivoweb.cfg file. I replaced my actual password and username with these examples, but the rest of the file is exactly as it appears here.

Thanks for your help.


----------



## slydog75 (Jul 8, 2004)

Avenger, are you putting a space between the equals sign (=) and the entry? This is what my .cfg file looks like:

UserName = YourUsername
Password = YourPassword 

I don't know if it effects it or not, but there is a space between there. Also, note that BOTH the username and password are case sensitive. Oh, and I'd also HIGHLY recommend running TWP on a port other than 80 as well. 

BTuX9, if you're still around, what are the odds that TWP will ever be able to properly schedule a season pass on 6.3b?


----------



## slydog75 (Jul 8, 2004)

OH, and while we're discussing the config file, what do the 'eternet interface' and prefix settings do?


----------



## DavidO (Sep 7, 2000)

Try 
LAN_Auth = 1

FYI, if you get this working, you might try to change port 80 to something else, and in your browser, add : port_number (without the space).


----------



## BTUx9 (Nov 13, 2003)

Avenger: you may want to try TWP2

slydog: not sure about prefix, but ethernet interface is for machines that it doesn't correctly auto-detect (was used for the early days of wireless, mostly)



luder said:


> This kinda sounds good to me .. I tried 1.4 and i have to say it wasn't a walk in a park .. I'm glad that 2.0 sounds more pleasant in my eyes sounds like it took a big jump from 1.4 i have to say we got to Eivo Idols lol... Hope i'm not scaring you
> any other Modules that are comming up..
> 
> I have a question hope this is okay with avenger
> I have a few prob with 1.3.1 if i were to go 2.0 will it fix them or should i hang on intill i fix the errors?


No big jump from 1.4... really just a name change... what were your issues with 1.4?

Eivo Idols??? not sure what you mean

re: hanging on, it'd depend on what issues you're referring to


----------



## slydog75 (Jul 8, 2004)

BTUx9 said:


> Eivo Idols??? not sure what you mean


I think he meant to say he got to Tivo Idols (as in American Idol)... ICBW though.


----------



## mphare (Jul 16, 2004)

So, why change the port from 80? When I opened up the public port on my router (not 80) I map it to 80 on my side.


----------



## Avenger (Mar 26, 2002)

Hmmm. I was making the original changes by way of a VNC connection to my home computer from work. When I got home and did the editing here, everything works great! Very strange, but I'll take it. Thanks to everyone for your help. 

And BTUx9, you have made a tremendous product here. TivoWebPlus ROCKS! All of us owe you a debt of gratitude.


----------



## BTUx9 (Nov 13, 2003)

TWP ain't mine... many MANY people have contributed over the years.
I'm just doing some big revisions, updating to TWP2, because there were some serious stability/memory issues as it got larger and larger


----------



## JWThiers (Apr 13, 2005)

mphare said:


> So, why change the port from 80? When I opened up the public port on my router (not 80) I map it to 80 on my side.


It generally not a good idea to use the reserved ports (the ones that are used normally for other things like tcp, ftp, smtp etc) it may have unintended results.

If all you want is access to TWP from outside try http://www.gotomydvr.com, see the remoye access tool beta sticky on the main page. Works like a champ, no port forwarding few to no issues that I have run across.


----------



## luder (Sep 7, 2006)

JWThiers said:


> It generally not a good idea to use the reserved ports (the ones that are used normally for other things like tcp, ftp, smtp etc) it may have unintended results.
> 
> If all you want is access to TWP from outside try http://www.gotomydvr.com, see the remoye access tool beta sticky on the main page. Works like a champ, no port forwarding few to no issues that I have run across.


JWThiers i am surpassed in how much you know about the Eivo..

Did anyone try using http://secure.logmein.com/dmcq/097/support.asp
I like the fact you can do more off nat

I never used it. but, thinking about this more.. Would Tytool serving pc take out the variable of MIPS processor's weakness in Eivo?


----------



## JWThiers (Apr 13, 2005)

luder said:


> JWThiers i am surpassed in how much you know about the Eivo..
> 
> Did anyone try using http://secure.logmein.com/dmcq/097/support.asp
> I like the fact you can do more off nat
> ...


I don't know anything about Eivo, in fact I hadn't heard of it until a day or so ago. What I do have is a bit of knowledge of (enough to ask good questions but not enough to really call myself an authority) is general networking (The only experience is my home network and using windows and the 3 tivo's I have).

By forwarding port 80 to your tivo ALL external requests to you public IP on port 80 (the internet) get passed right thru to your tivo. ANYONE with a bit of knowledge that realize they are at a networked tivo, in theory, could hack that and get access to your whole network. The only thing you save by not changing the port is a few keystrokes when typing the url or ip of your tivo to use a specific port. Besides this, Programs that access networks rely on certain kinds of traffic being at specific ports if a program you have for some reason needs some traffic on port 80 it will not work correctly.

Edit: Just noticed I just reached 1,00 posts Whooooo!!!!!


----------



## Bluewookie (Sep 24, 2003)

In terms of security and remote access, I actually prefer an SSH solution.

I currently have 2 SSH servers available at home, 1 via Cygwin running on my XP pro machine, and another on a hacked Linkstation running OpenLink and dropbear.

The linkstation is on 24/7. The XP machine is on intermitently.

The thing I like about this solution is that there are only 2 ports opened through my router, one to each SSH server. Remote access from anywhere is as simple as grabbing an SSH client (ie PuTTY) and setting up simple tunnels to the various devices and ports I have running around my house. A free dynamic DNS account (such as from DynDNS.com) makes it even easier.

SSH is very secure, and the tunneling is pretty simple to set up. A couple of quick google searches on Cygwin and SSH Tunneling should be enough to get most people up and running.


----------



## JWThiers (Apr 13, 2005)

Bluewookie said:


> In terms of security and remote access, I actually prefer an SSH solution.


You are right, in terms of security SSH is definitely more secure. But in terms of ease of use by the less technically inclined, setting it up would be a bit intimidating.


----------



## MungoJerrie (Mar 30, 2006)

WTF is an Eivo???????????????????? Is it like an Evil tivo or something?


----------



## mphare (Jul 16, 2004)

JWThiers said:


> ...
> 
> By forwarding port 80 to your tivo ALL external requests to you public IP on port 80 (the internet) get passed right thru to your tivo. ANYONE with a bit of knowledge that realize they are at a networked tivo, in theory, could hack that and get access to your whole network. The only thing you save by not changing the port is a few keystrokes when typing the url or ip of your tivo to use a specific port. Besides this, Programs that access networks rely on certain kinds of traffic being at specific ports if a program you have for some reason needs some traffic on port 80 it will not work correctly.
> 
> Edit: Just noticed I just reached 1,00 posts Whooooo!!!!!


But I don't forward port 80. My router translates port 80 (the basic http port) on various servers to a unique port (something greater than 8000 in my case) on the public network side of things.

If you hit my IP with port 80 you'll be rejected.

The advantage is when I'm on my side of the NAT, I can access all the servers without entering a port number.

Congrats on the 1K posts!


----------



## JWThiers (Apr 13, 2005)

mphare said:


> But I don't forward port 80. My router translates port 80 (the basic http port) on various servers to a unique port (something greater than 8000 in my case) on the public network side of things.


Doh!!! I knew that.
I was mixing up who posted what. gotomydvr.com is still a good service. Easy to install no port forwarding.
I have not used that feature on my router before, but I am a little surprised (not that much because they are making routers semi-intelligent these days) that it would work that way. To the tivo all of the traffic is on port 80 but the router has to keep track of what port 80 traffic is from your tivo and change the port only for that. Otherwise normal web browsing would not work. Does your router convert ALL port 80 from your tivo ALL the time? In other words is your tivo always sending TWP data out to the web?

What router do you use? I'd like to read up on that.

Thats confusing, makes my head want to explode. Another reason to use gotomydvr.com


----------



## mphare (Jul 16, 2004)

What I have is a DLink 604 It's the same as the router that Verizon gave me when they installed my FIOS.

I have 3 DTiVos and 1 PC based web server (apache) all listening on port 80. With the DLink I can map the IP address for each DTiVo and the PC to a different port on the public side of the NAT.

So (using made up example IPs):

DTiVo1 IP=192.168.100.101
DTiVo2 IP=192.168.100.102
DTiVo3 IP=192.168.100.103
Public IP = 47.1.1.1

I can map 
192.168.100.101:80 to 47.1.1.1:8001 
192.168.100.102:80 to 47.1.1.1:8002
192.168.100.103:80 to 47.1.1.1:8003

I use DynDNS to have a dynamic name for my public IP address. (Don't have to remember IP addresses, just the port numbers). There is even a utility that periodically checks the public IP and updates DynDNS if it changes. Like when the DHCP license expires.

I connect to myname.dyndns.org:8001 and get the frist DTiVo, myname.dyndns.org:8002 for the second and so on..

It's not too bad to set up.


----------



## luder (Sep 7, 2006)

mphare said:


> What I have is a DLink 604 It's the same as the router that Verizon gave me when they installed my FIOS.
> 
> I have 3 DTiVos and 1 PC based web server (apache) all listening on port 80. With the DLink I can map the IP address for each DTiVo and the PC to a different port on the public side of the NAT.
> 
> ...


Fios, is not in my area but, I can imagine it wired to the gateway but, how is that wired up. Just out of curiosity how fast are your streams? i run cat 5e patch to pc and top out ~2mb. I wanted to test streams for crossover to pc but, lugging xp computer to living room is backbreaking.

Dns I'm actually in a middle of having PSP to stream tivo, pc with no sucsess.. Can i only use DNS provided from my provider?


----------



## luder (Sep 7, 2006)

Avenger said:


> Hmmm. I was making the original changes by way of a VNC connection to my home computer from work. When I got home and did the editing here, everything works great! Very strange, but I'll take it. Thanks to everyone for your help.
> 
> And BTUx9, you have made a tremendous product here. TivoWebPlus ROCKS! All of us owe you a debt of gratitude.


  
Don't sweat this stuff happens 
Just remember 1 stick can break in extream pressures but, when you have a bundle of sticks it's tough to break

Wahta ta


----------



## luder (Sep 7, 2006)

MungoJerrie said:


> WTF is an Eivo???????????????????? Is it like an Evil tivo or something?


If you gone thru what I did you know what to name it.. is mungo your last name or is Mungo susposed to be some knock off of maguire?


----------



## mphare (Jul 16, 2004)

luder said:


> Fios, is not in my area but, I can imagine it wired to the gateway but, how is that wired up. Just out of curiosity how fast are your streams? i run cat 5e patch to pc and top out ~2mb. I wanted to test streams for crossover to pc but, lugging xp computer to living room is backbreaking.
> 
> Dns I'm actually in a middle of having PSP to stream tivo, pc with no sucsess.. Can i only use DNS provided from my provider?


The Verizon FIOS ONT has an RJ45 coming out of it that runs to the DLink in my house. It's very simple. Verizon terminates it to a wall mounted box with an RJ45, I ran the home run from the garage to the house where the DLink is. I did it myself so I could do the attic crawl and drop the cable how I wanted to, not how the installer decided was the easiest way to do it.

I haven't checked my speeds in some time. Let's just say I've never felt it was slow by any stretch (I have the 15Mb/s down service). I think I have some collisions when I go wireless so it's a bit slower, but I believe I get very near the 15 Mb/s down when I go direct connect to a port on the router.


----------

