alexa | node-red-contrib-amazon-echo
なに?
Echo dot 4 で node-red-contrib-amazon-echo を使う。
(Node-RED Alexa Home Skill Bridgeをやめる。)
Home skill bridge はどこかのネットサービスを使ってる。→ ローカルでやりたい。
Echo dot 4 は tcp/80 で 機器を探しに行く。→ HTTPとかぶる。
サーバーにもう一つIp address を割り当てて、NAPT(IPマスカレード)で違う番号に変える。
詳しくは、以下参照。
Amazon Echo(Alexa) + Raspberry Pi を使ってスマートホームシステムを作ろう - Qiita
Alexa-localが突然使えなくなった!【対処法】 | 育児×家事×IoT
Amazon Echo でラズパイのコマンドを実行 – Linux & Android Dialy
【RaspberryPi】Amazon Echoを使った音声認識でNode-REDの処理を行う - uepon日々の備忘録
iptables ばかりで firewalld でやってる人がいなくて苦労したのでメモ。
(firewalld をわかってなかっただけ)
IP address を増やす
[root@nas ssh]# nmcli connection modify enp1s0 +ipv4.addresses 192.168.0.102/24
[root@nas ssh]# nmcli connection up enp1s0
[root@nas ssh]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.0.101/24 brd 192.168.0.255 scope global noprefixroute enp1s0
valid_lft forever preferred_lft forever
inet 192.168.0.102/24 brd 192.168.0.255 scope global secondary noprefixroute enp1s0
valid_lft forever preferred_lft forever
inet6 ....
参照 genchan.net
NAPT (Network Address Port Translation)
[root@nas zones]# firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 destination address=192.168.0.102/32 forward-port port=80 protocol=tcp to-port=8111 to-addr=192.168.0.101' --permanent
success
[root@nas zones]# firewall-cmd --reload
success
[root@nas zones]# firewall-cmd --zone=public --list-all
public (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: enp1s0
sources:
services: cockpit dhcpv6-client ftp http nodered plexmediaserver samba smtp smtps ssh vnc-server
ports: 8888/tcp 1880/tcp 3456/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" destination address="192.168.0.102/32" forward-port port="80" protocol="tcp" to-port="8111" to-addr="192.168.0.101"
[root@nas zones]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="cockpit"/>
<service name="samba"/>
<service name="vnc-server"/>
<service name="http"/>
<service name="smtp"/>
<service name="smtps"/>
<service name="ftp"/>
<service name="plexmediaserver"/>
<service name="nodered"/>
<port port="8888" protocol="tcp"/>
<port port="1880" protocol="tcp"/>
<port port="3456" protocol="tcp"/>
<rule family="ipv4">
<destination address="192.168.0.102/32"/>
<forward-port port="80" protocol="tcp" to-port="8111" to-addr="192.168.0.101"/>
</rule>
</zone>
rich rule
rule family=(ipv4/ipv6) ② [ source address =(souce address)[/mask] [invert="true"] ] ② [ destination address =(souce address)[/mask] [invert="true"] ] ③ [ service name=(service) ] ③ [ port port=(portid) protocol=(protocol) ] ③ [ forward-port port=(portid) protocol=(protocol) to-port=(portid) to-addr=(address) ] ④ [ log [ prefix=(prefix) ] [ level=(loglevel) ] [ limit value=(rate)/(duration) ] ⑤ [ masquerade ] ⑥ [ accept|reject|drop ]
Appendix
Echo から 出てるのをみる。
[root@nas ssh]# tcpdump src host 192.168.0.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes 23:56:00.214981 IP 192.168.0.15.50000 > 239.255.255.250.ssdp: UDP, length 94 23:56:00.215138 IP 192.168.0.15.50000 > 239.255.255.250.ssdp: UDP, length 101 23:56:00.222416 IP 192.168.0.15.50032 > 255.255.255.255.56700: UDP, length 36 23:56:00.222681 IP 192.168.0.15.50032 > 255.255.255.255.56700: UDP, length 36 ....
