Close

Log 2: Networking Setup: Static IP, Routing and Firewall

A project log for Pose2Art: SmartCam to TouchDesigner, Unity via OSC

Create an AI Camera run on small 'edge' device that extract Pose and sends tracked points via OSC to TouchDesigner and Unity for ART!

jerry-isdaleJerry Isdale 11/27/2022 at 06:390 Comments

Wireless networking eliminates the need for cables and instructions on setting up wifi networking between a rPi and PC (and router/gateway to internet) are common. During development, it is quite useful to have internet available on the rPi. I recommend finding and following some of those directions.  However, an  installation can run into many problems if it relies on Wifi.  Worst case would be having to rely on the venue's wifi setup or some other wifi outside your control. Setting up your own wifi on site is a bit better. 

Whether you go wifi or hardwired, you have to go through more steps to insure the network is secure.  You need to 'harden' both the rPi and PC against intrusion, should someone gain access.  It is hard to add security after a project is working and i rail against products that don't build in security from the start. But for now, we are going to do the bad thing and ignore security, except for using a wired network.  I don't have a marketing dept to insist we ship the prototype, so maybe i'll get back to it in time.

Setting up the hardware side of Pose2Art's wired networking is trivial - connect a standard Cat6 ethernet cable with RJ-45 connectors between the two machines. Later, we can add a fast switch and connect multiple smart cameras, but the hardware side doesn't get much more complex (until you add a router/gateway).  I did find that it is important to have the cable connected in order for the software setup to work.

The software side IS a fair bit more complex, especially on the Win10 side. I spent a lot of time and explored several failed paths.  Unfortunately my notes are lacking in some areas. The setup described below works for me, but I cant test it from a clean start. If the steps dont work for you, please dig in to the links and let me know what helps! I recommend the Wireshark tool for helping diagnose networking issues.

There are three important parts of the networking software setup: static IP addresses, static routing, and firewalls.  Setting up Secure SHell (SSH) and Virtual Desktop access from the PC to the rPi is sometimes desireable, if you are willing to tolerate the security risks.

The folks at Interactive Immersive HQ have a nice (not too technical) introduction to networking for TouchDesigner (TD) in 3 parts. I heartily recommend their site for both free and paid pages.  While $140/mo (roughly) is expensive for dabbling, their videos and blogs are well worth the price for professionals.  If you are just getting started with TD, watch their Crash Course videos.

Static IP Address

Modern networking requires each device have a unique address. A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.  A device with multiple NICs will have different MAC addresses for each.  Devices connected using Internet Protocol (most common, bog help you with others) and will need an IP Address.  The networking software and configuration of the device maps the MAC to IP address.  The most common method is to use Dynamic Host Configuration Protocol (DHCP) and most of those Wifi Setup articles will talk about using DHCP.  However the Pose2Art project does NOT include the DHCP server (usually the wifi router) that assigns the mapping. We use the "Static IP Address" technique where the device NIC has its IP Address defined in the configuration tables.  This requires a bit of setup before you can use the network.

For our prototype we will use the IP Address subnet 10.10.10.XX, where the first 3 numbers define our subnet address space and the XX will be set for individual machines.  The PC will get the IP Address 10.10.10.10 and the first camera system will be 10.10.10.11.  Future cameras would increment from 11 for their addresses.  Subsections here show how to set these up on rPi and Windows 10. If you are using a Mac or other OS, you will need to find instructions elsewhere.

Static IP Setup on Windows

There are lots of tutorials online about setting up Static IP addresses on Windows 10. I used this one from PureInfoTech.com to configure the PC's wired ethernet NIC.

I used the Control Panel >> Change Adapter Settings to set the IPV4 properties address to 10.10.10.10, mask to 255.255.255.0 and left the Default Gateway blank and set the Preferred DNS to 8.8.8.8 (although it wont be used).  Note this connection will not be active until the rPi is connected with the PC.

Static IP Setup on rPi

There are at least 3 different subsystems for linux ip addresses. The default on rPi Buster (and Bullseye?) is DHCPCD. The others we will ignore as they are either outdated or too new.  Dhcpcd is primarily configured by the file /etc/dhcpcd.conf.

Open /etc/dhcpcd.conf for editing in nano.

nano /etc/dhcpcd.conf

If you havent mucked with it before, this file will be setup for your wifi access with little or commented lines for the eth0 interface.  Using Nano (or your preferred editor),  add these lines at the bottom:

interface eth0
static ip_address=10.10.10.11/24
static routners=
static domain_name_servers=8.8.8.8

 note we are not defining router and giving a generic domain name server at this time

Static Routing

Next we need to configure the 'routing' of IP messages. This defines how the networking software sends (routes) messages. The normal (dynamic) wifi setup using DHCP lets the router device do all the work, but you do not have control over which device gets which IP address.  We need a static addresses so we can send messages from rPi to PC and do SSH/VirtualDesktop from PC into rPi.

Static Routing on Windows 10

add static route to 10.10.10.x via the ethernet NIC. Some systems may have multiple NIC so be sure you configure the one you are using for the rPi.  These command may require the ethernet cable is connected to the rPi4.

Following the instructions in this link, we run the Windows PowerShell in Admin mode and enter a few commands. First we check the default routing for IPv4 with the command "route print -4"

From this we see that my wired NIC has the ID of 9. Remember that number. The active routes are those provided by my wifi router.  To setup the static routes we need to Add the information. Note the use of '-p' flag to make the changes Persistent.  Otherwise they would go away on next system boot.

route add -p 10.10.10.10 mask 255.255.255.255
route add -p 10.10.10.255 mask 255.255.255.255

re running the route print command, with Ethernet cable connected to running rPi4, I get the following routing table:

You can see routes are added. I am not sure about the 10.10.10.0 route. I may have added that as well during my explorations.

Static Routing on rPi4 Buster

To configure static routing on the rPi4 we need to create the file /etc/dhcpcd/dhcp-hooks/40-route. A simple way to do this is using Nano editor to create the new file.

sudo nano /lib/dhcpcd/dhcpcd-hooks/40-route

 Then enter the following text, save the file and exit.

ip route add 10.10.10.0/24 via 10.10.10.11

then reboot the rPi .

Windows Defender Firewall Configuration

Firewalls are software that protects your system from malicious or improper remote access. Unfortunately they are necessary for any machine these days.  The router that connects you to your internet service provider likely has one available, and should be configured to provide at least some protection from the outside.  

Windows 10 includes its own Firewall called Windows Defender Firewall (WDF). I originally had added a 3rd party firewall and other utilities (anti-virus etc) but these slowed my system and were difficult to configure. Friends in the IT industry recommended getting rid of the 3rd party stuff and sticking with WDF., so I ditched the 3rd party one.  Configuring WDF still turned out to be a long slog.  In the end I wound up disabling WDF for the wired NIC.  It works, but I am not happy about the security risk.  Have to remember to turn it back on when I use the hardwired NIC for other purposes. 

  1. open WDF
  2. Click on "Windows Defender Firewall Properties" (blue text in right pane)
  3. Select Public Profile tab
  4. Click Customize button next to Protected network connections,
  5. Uncheck the "Ethernet" button
  6. Click OK to dismiss the customize dialog
  7. Click OK to dismiss the Properties dialog

it should be working now.  Test using the udpSend.py on rPi4 and udpReceive.py on PC

Alternative attempt notes:

The default configuration of WDF does not allow UDP, Ping and other connections over our link.  This article explains how to let Ping commands through WDF.  Basically you enable a rule for File and Printer Sharing on IV4.

For a rule to allow UDP in on ethernet NIC (advanced Settings), I tried the method described in this video.  Alas it did not seem to help.

If you find a solution that works, please tell me.

Testing Network Connection

I used two tests to prove the internet connection: Ping and Python UDP Send/Receive

Ping

Ping is a common networking utility used to test the reachability of a host computer, and measure the round trip time for a message. Ping operates by means of Internet Control Message Protocol (ICMP) packets. Pinging involves sending an ICMP echo request to the target host and waiting for an ICMP echo reply.

On the Windows 10  machine, open a Command Prompt (or PowerShell) and enter

ping 10.10.10.11

It should respond almost immediately with results. If it doesnt, check the routing using PowerShell "route print -4" as above.  If that shows the route is open, hmm, idk.

On the rPi4, open a terminal window and enter the command:

ping 10.10.10.10

If it does not return values right away, there is a connectivity issue.  If the Win10 machine was able to Ping, then it is likely a Firewall issue. Check your settings. 
 
Python UDP Send/Receive

I created a simple pair of python programs: udpSend.py and udpReceive.py.  You can find these in my pyUdpTest github repository.  They use the same IP address and port I have set up for my Pose software (see a later project log).  I used Python here because it is very simple and portable.  The code runs on both Linux and Windows machines, unlike the C++ code in the Pose application.

SSH/VirtualDesktop

During development, our prototype rPi has its own keyboard, mouse and monitor, but an installation will be 'headless' (none of those).  It is useful to have access to the pi remotely from the PC, and this is easily accomplished using either Secure Shell (SSH) and/or Virtual Desktop. See the Raspberry Pi Documentation on   Remote Access for instructions on enabling these. We already know the IP address (10.10.10.11) so you can skip over that section.

Discussions