Please confim control_localhost (on/off) settings behavior

Question

I have experimented with the control_localhost (on/off) settings with the following results:

CASE-1 (all other motion.conf settings remain at default values): control_localhost = off - This setting allows me to access the Motion HTTP API on the same machine Motion is running using http://localhost:8080/ or http://10.10.10.119:8080/ (assuming my local machine running Motion has IP = 10.10.10.119)

- However, this setting will NOT allow me to access the Motion HTTP API on another machine remotely at 10.10.10.217, trying to access http://10.10.10.119:8080/ (assuming my machine running Motion has IP = 10.10.10.119 while my remote machine IP = 10.10.10.217). What I get is an error message after 3 minutes "The operation timed out when attempting to contact 10.10.10.119"

- As a note, I also set webcam_localhost = off and I can successfully connect to http://10.10.10.119:9192/ from the remote machine at 10.10.10.217

CASE-2 (all other motion.conf settings remain at default values): control_localhost = on - This setting will allow me to access the Motion HTTP API on the same machine Motion is running using http://localhost:8080/

- This setting will NOT allow me to access (somewhat expected) the Motion HTTP API on the same machine Motion is running using http://10.10.10.119:8080/ (even though my local machine running Motion has IP = 10.10.10.119). What I get is an error message "The connection was refused when attempting to contact 10.10.10.119."

- This setting will NOT allow me (as expected) to access the Motion HTTP API on another machine remotely at 10.10.10.217, trying to access http://10.10.10.119:8080/ (assuming my machine running Motion has IP = 10.10.10.119 while my remote machine IP = 10.10.10.217). What I get is an error message after 3 minutes "The operation timed out when attempting to contact 10.10.10.119"

What I don't understand is CASE-1. Why am I getting the error message "The operation timed out when attempting to contact 10.10.10.119" when I have set control_localhost = off ?

Is this a bug or did I do something wrong? In both cases, I was able to access the live video stream via http://10.10.10.119:9192/ from the remote machine without problems, with option webcam_localhost = off (using FireFox 1.5 browser on Linux or Windows via a simple Ethernet switch).

Thanks for your help in advance.

Environment

Motion version:	3.2.3
ffmpeg version:	0.4.8
Libraries:	ffmpeg, mysql, postgresql
Server OS:	Ubuntu 5.10 Linux

-- MedPortic - 15 Apr 2006

Answer

You have understood the feature correctly.

The control_localhost simply protects the remote control interface so that only access via the loopback interface is allowed and that interface is chosen when you connect to 127.0.0.1 or its name equivalent localhost.

When you turn off control_localhost you enable access via the network interface eth0, eth1 etc.

But this is not enough. Your Linux machine most likely also has a firewall (iptables) installed which only allows access through a limited number of ports. So you have to give access to port 8080. You can limit access to the remote control port to a range of IP addresses like only your local IP addresses.

It is essential that you protect the remote control port since anyone with access can run any command on your computer.

-- KennethLavrsen - 15 Apr 2006