Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Gorgon

HOWTO: Remotely Access your Folding Systems - Part 1 FAHControl

Recommended Posts

Posted (edited) · Original PosterOP

There's been a few posts lately where people have been having issues accessing a Folding Rig from another Computer using the Advanced Control client.

 

Couple of important points. Even on your local machine Folding is divided between two parts. The Server which manages folding the Work Units (WUs) downloaded from Stanford and the Client that allows you to Configure, Monitor and Control the Server.

 

Just to be confusing the server is called FAHClient and the Client can be either the Advanced Control Python Application or the Web Server built in to FAHClient. These two control processes on FAHClient have their access restricted by default to just the computer they are running on (the "localhost"). The WebControl runs on TCP Port 7396 and can be accessed by any browser on the computer the Server is running on by the URL:

http://127.0.0.1:7396

where 127.0.0.1 is the IP Address referring to the localhost or the IP address of the computer can be used:

          

http://<ip address>:7396

The Advanced Control uses TCP port 36330 ( and can be also accessed using using any TELNET client that supports UNIX terminal emulation such as PuTTY, which the Windows Telnet Client, unfortunately does not )

In order to permit access to either the Web Control or using the Advanced client on another PC you have to allow access on the remote system.

Assuming you are on a Local Area Network (LAN) and protected by a router with a firewall blocking external connections the easiest way of doing this is to use the Advanced Control application on the system you want to manage remotely to add the IP Network Address and Mask that will allow all the hosts on your LAN Access without a password.

Using a command prompt and running the command:

ipconfig

you can display your IPv4 address and then click on the "Configuration" button in Advanced Control enter at the bottom of the "Remote Access" tab your network address and mask in BOTH the "IP Address Restriction" and "Passwordless IP Address Restriction" Dialogs. You LAN's IP Network will typically be 192.168.1.0/24 as this is the default for most home routers.RemCtrl.jpg

Note that you MUST leave in the localhost address 127.0.01 and use spaces to separate the values.

Once you have entered the new values and saved them you have to close the Advanced Control Application and Stop and Restart the FAHClient server. If you are in the middle of folding a WU first pause the Work Unit before closing the Advanced Control. To stop the server right-click on the "Folding" applet in the Taskbar and select quit. To restart the server click on the "Folding@home" desktop shortcut which will also launch the Web Control.

Un Pause the Work Unit to Resume Folding and then try to access the Sever from another computer using either a web browser or the Advanced Control if it installed.

 

Part 2 - HFM.net

Edited by Gorgon
Adding Link to Part2
Link to post
Share on other sites

Thanks for this guide, going into a different room to check on this stuff is gettting annoying.


Tag me @Opencircuit74 or quote me if you want me to respond, message me if you want me to spec out a decent low-budget build. (US Only) CPU: I7-6700k RAM: 32GB (8X4) DDR4-2933 GPU: EVGA GTX 1080 SC, PNY RTX 2060 MOBO: ASUS Z170-A PSU: Corsair RM850 SSD: ADATA XPG SX8200 PRO 1TB HDD: Seagate Barracuda 2TB Case: NZXT S340 White Cooler: Cooler Master Lite 240 AIO

Link to post
Share on other sites
Posted · Original PosterOP
5 hours ago, King Poet said:

Yep, useful for when my NUC is being a pain in the butt.

Hey I have the same NUC but I’m running ESXi 6.5 on it and a bunch of Linux and Windows VMs. I’ve been really happy with it and an i3 I bought earlier for a Plex Home Theatre build that is now the kitchen computer. One of the Windows 7 VMs is Folding as is the kitchen computer. Neither are stellar producers but every bit helps.

Link to post
Share on other sites

Am I missing something @Gorgon?

 

Im pretty sure I have this set up right 

 

(Main system I want to monitor from) 

 

Spoiler

20181109_195405.thumb.jpg.f868cf385f5869c3f88099ea8177e180.jpg

 

ITNOS (remote server I want to monitor) 

 

Spoiler

20181109_195621.thumb.jpg.bf261a53c4ae067450f101785140eb05.jpg20181109_200142.jpg

 

ITNOS still won't connect to the main system even though I've restarted (paused WU, fully closed the client and reopened it via the desktop shortcut) three times 


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites
Posted · Original PosterOP
52 minutes ago, TVwazhere said:

Am I missing something @Gorgon?

 

Im pretty sure I have this set up right 

 

(Main system I want to monitor from) 

 

  Reveal hidden contents

20181109_195405.thumb.jpg.f868cf385f5869c3f88099ea8177e180.jpg

 

ITNOS (remote server I want to monitor) 

 

  Reveal hidden contents

20181109_195621.thumb.jpg.bf261a53c4ae067450f101785140eb05.jpg20181109_200142.jpg

 

ITNOS still won't connect to the main system even though I've restarted (paused WU, fully closed the client and reopened it via the desktop shortcut) three times 

The loop back address, 127.0.0.1, should only be used as the IP address for the local machine on the local machines FAHControl. Use just the remote IP address for the IP address of the remote machine. 

 

i.e just 192.168.1.192 to connect to ITNOS from the local system.

 

on the remote access config on ITNOS you need both the loop back and rthe network range so you can use the FAHControl app locally (127.0.0.1) and from the other system 192.168.0/24 - any system on local network)

 

127.0.0.1 192.168.1.0/24

Link to post
Share on other sites
1 minute ago, Gorgon said:

The loop back address, 127.0.0.1, should only be used as the IP address for the local machine on the local machines FAHControl. Use just the remote IP address for the IP address of the remote machine. 

 

i.e just 192.168.1.192 to connect to ITNOS from the local system.

 

on the remote access config on ITNOS you need both the loop back and rthe network range so you can use the FAHControl app locally and from the other system.

Well I'll be damned, it worked! I now have control of the folding from ITNOS on the main system! Let me tell you, having to run up and down two flights of stairs (and having to lug around the only keyboard in the whole house while doing it) was a huge pain in the butt ? but everything is working! And that's what matters.

 

You're a legend! 


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites
Posted · Original PosterOP

Hints for people who want to live dangerously ...

 

I configured my home router to port-forward the TCP port 33600, the default FAHClient control port, for a few folding systems to access them from a remote computer.

 

First I added a password to each of the folding clients.

Next I added an IP Address range just to the "Console Client Remote Access" section NOT to the "Passwordless IP Address Restriction" section:

127.0.0.1 192.168.1.0/24 123.456.789.0/24

where:

127.0.0.1 is the localhost access

192.168.1.0/24 is for ANY system on my home network

123.456.789.0/24 is for remote access from a range of addresses (123.456.789.0 - 123.456.789.255) out on the Internet.

Then I restarted the FAHClient to load the new config

Linux:

sudo service FAHClient restart

Windows:

FAHClient --send-command shutdown

Then restart the client using the FAHClient shortcut in the Start Menu

 

Next I configured my home router to port-forward

  • external TCP port 36331 to internal TCP port 36330 on System1
  • external TCP port 36332 to internal TCP port 36330 on System2
  • external TCP port 36333 to internal TCP port 36330 on System3
  • and so on ...

Finally I went to the remote system and after installing the FAHClient I added additional systems to monitor using the external IP Address of my router at home and specifying the port-fowarded port and password for each system to monitor.

 

Note: In order for this to work consistently you MUST either have a Static IP address from your ISP OR use a Dynamic DNS Provider for your home network. As the FAHClient remote protocol is just a modified TELNET session it will send the passwords in the clear and thus are subject to interception. You could open your systems up to the whole Internet by specifying "0/0" as the allowed IP range but this is strongly discouraged.

 

To find out what your remote IP address is at work or school the simplest method is usually to enter "Whats My IP Address" into a Google Search. Also, if you are planning on connecting remotely from work or school you should first verify that your school or place of employment's Acceptable Use Policy allows you to both install the FAHClient software and connect to remote systems using it.

 

Using OpenVPN or an SSH tunnel would be a more secure method of achieving the same result. The above was done just to see if it would work.

 

Link to post
Share on other sites

Can not get this to work at all, tried everything I can think of, even going as far to disable win firewall for testing, no dice.

 

This happens every time I try to set it up tbh 


My Folding Stats Join the fight against COVID-19 with FOLDING! 

 

The only true wisdom is in knowing you know nothing. - Socrates
 

Please put as much effort into your question as you expect me to put into answering it. 

 

  • CPU
    Ryzen 7 1700 3GHz 8-Core Processor @ 3.7Ghz
  • Motherboard
    GA-AX370-GAMING 5
  • RAM
    DOMINATOR Platinum 16GB (2 x 8GB) @ 3400mhz
  • GPU
    Aorus GTX 1080 Waterforce
  • Case
    Cooler Master - MasterCase H500P
  • Storage
    Western Digital Black 250GB, Seagate BarraCuda 1TB x2
  • PSU
    EVGA Supernova 1000w 
  • Display(s)
    BenQ - XL2430(144hz), Dell 24" portrait
  • Cooling
    Wraith Spire LED
Link to post
Share on other sites
Posted · Original PosterOP
19 minutes ago, GOTSpectrum said:

Can not get this to work at all, tried everything I can think of, even going as far to disable win firewall for testing, no dice.

 

This happens every time I try to set it up tbh 

It generally will not take until after you reboot Windows and FAHClient.exe will then

load the new config.xml file. I've seen it not work when I exit the service via the TaskManager icon then restart it sometimes but a reboot does work.

 

The IP Address and Mask just needs to be added to the "Passwordless IP Address Restriction" section and not the "IP Address Restriction" also but there's no harm in doing both.

 

The other issue that sometimes occurs is using a comma between network specifications:

Good:

127.0.0.1 192.168.1.0/24

Bad:

127.0.0.1, 192.168.1.0/24
Link to post
Share on other sites
Posted · Original PosterOP

Or you can manually add these two sections to config.xml in /etc/fahclient on Linux or c:\users\<username>\AppData\Roaming\FAHClient on Windows

  <!-- HTTP Server -->
  <allow v='127.0.0.1 192.168.1.0/24'/>

  <!-- Remote Command Server -->
  <command-allow-no-pass v='127.0.0.1 192.168.1.0/24'/>

 

Link to post
Share on other sites

I too am struggling with this again, Since upgrading to Win10 the system just doesn't want to connect. (ITNOS's IP didnt change) Hadn't bothered with it since my main rig wasn't folding but now that it is, it'd be nice to have this working again. I'll post screenshots of what I've got in the morning


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites

@Gorgon

Main System

Spoiler

image.png.85943bf863562f02206ec700665a5ef1.png

 

ITNOS

Spoiler

image.png.fcfe11325196c8f3941003869a85d1a5.png

I've done both FAHclient as well as system reboots after changes were saved on both systems, neither have fixed the issue.


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites
Posted · Original PosterOP
2 hours ago, TVwazhere said:

@Gorgon

Main System

  Hide contents

image.png.85943bf863562f02206ec700665a5ef1.png

 

ITNOS

  Hide contents

image.png.fcfe11325196c8f3941003869a85d1a5.png

I've done both FAHclient as well as system reboots after changes were saved on both systems, neither have fixed the issue.

Weird. Check your windows firewall settings on ITNOS to verify that TCP Port 33630 is open for Private networks.  I believe what the FAHClient install does is open all ports on Private networks to the application but Youngest’s gaming PC that I built recently had a bad M.2 SATA disk so I had to do a quick reinstall on an SSD so I skipped the windows install and thus don’t have a system to test on.

 

I’ll have a look on my Daily Driver and see how it’s configured but I noticed that though I have it Port-forwarded on my router I can’t connect to it from work so I suspect we’re dealing with a change in the Windows 10 firewall behaviour.

Link to post
Share on other sites
Posted · Original PosterOP

My Daily Driver is on Windows 10's latest build and when I look at the Windows Defender Firewall rules I see 4 entries for "fahclient", two for the "Public" Profile and 2 for the Private, one of each permits all TCP anf the other all UDP ports from the Profile.

 

The TCP "Private" Profile rule is the one that should be allowing the connections. And it is overly permissive as it should only be allowing TCP 33630 for remote console access and TCP 7396 for the web client.

 

From one of the Linux systems I can Telnet to the host IP on port 36330:

telnet <ip address> 36330

and a command session is open so the fahclient is "Listening" on that port and the firewall is allowing the connections through. Attempting to run the web client from another local system gets me a 401 "Unauthorized" error so either the fahclient access restrictions or the firewall are blocking that.

Link to post
Share on other sites
8 hours ago, Gorgon said:

Weird. Check your windows firewall settings on ITNOS to verify that TCP Port 33630 is open for Private networks.  I believe what the FAHClient install does is open all ports on Private networks to the application but Youngest’s gaming PC that I built recently had a bad M.2 SATA disk so I had to do a quick reinstall on an SSD so I skipped the windows install and thus don’t have a system to test on.

 

I’ll have a look on my Daily Driver and see how it’s configured but I noticed that though I have it Port-forwarded on my router I can’t connect to it from work so I suspect we’re dealing with a change in the Windows 10 firewall behaviour.

Sure, lemme just-

image.png.3cf98ad864fae0ab85becf32621f759a.png

Oh, you bitch...

 

Once I set those to ALLOW, boom!

image.png.be1230df9c0857ec754ff7f46356d806.png

 

As always you're a legend!


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites
Posted · Original PosterOP
1 hour ago, TVwazhere said:

Sure, lemme just-

image.png.3cf98ad864fae0ab85becf32621f759a.png

Oh, you bitch...

 

Once I set those to ALLOW, boom!

image.png.be1230df9c0857ec754ff7f46356d806.png

 

As always you're a legend!

Hmm your LAN should be "Private" not "Public" but that might have been chopped off, If it required you to open "Public" then ITNOS may be confused and think it is not on a "Public" network.

 

Windows firewall is the bane of my existence at work. Even in an Enterprise environment every once in a while a Windows Update will turn it back on and all the Windows System Administrators will start panicking as things break left right and center

Link to post
Share on other sites
31 minutes ago, Gorgon said:

Hmm your LAN should be "Private" not "Public" but that might have been chopped off, If it required you to open "Public" then ITNOS may be confused and think it is not on a "Public" network.

 

Windows firewall is the bane of my existence at work. Even in an Enterprise environment every once in a while a Windows Update will turn it back on and all the Windows System Administrators will start panicking as things break left right and center

That's just what it was set to, which might be why it decided to block the traffic. I can try setting the connection to private and see if it continues to allow access

 

*Update* You were right. Trying to set it to private caused me to lose connection, because my Wifi was "public". I'm assuming since it thought my Wifi was a public network, Windows set the FAHClient firewall setting to block (though it set it to ALL types of networks, not just public). Setting the wifi to a Private network allows me to use the "private and domain" firewall settings, so I turned off Public since I dont need it. 


"Put as much effort into your question as you'd expect someone to give in an answer"- @Princess Luna

Make sure to Quote posts or tag the person with @[username] so they know you responded to them!

Purple Build Post ---  Blue Build Post --- Blue Build Post 2018 --- RGB Build Post 2019 --- Project ITNOS --- P600S VS Define R6/S2

CPU i7-4790k    Motherboard Gigabyte Z97N-WIFI    RAM G.Skill Sniper DDR3 1866mhz    GPU EVGA GTX1080Ti FTW3    Case Corsair 380T   

Storage 1x Samsung EVO 250GB, WD Black 3TB, WD Black 5TB    PSU Corsair CX550M    Cooling Cryorig H7 with NF-A12x25

Link to post
Share on other sites

 

 

I can't access the Web client via my LAN.

Even after setting the Remote Access Whitelist IPs, I get a 401.

Host is running Ubuntu 18.04 & firewall is disabled.
 

Here's my config:

 

15:13:45:<config>
15:13:45:  <!-- HTTP Server -->
15:13:45:  <allow v='127.0.0.1 10.0.0.0/24'/>
15:13:45:
15:13:45:  <!-- Network -->
15:13:45:  <proxy v=':8080'/>
15:13:45:
15:13:45:  <!-- Remote Command Server -->
15:13:45:  <command-allow-no-pass v='127.0.0.1 10.0.0.0/24'/>

 

I've tried whitelisting specific IPs too. The client refuses to accept it.

 

 

Link to post
Share on other sites

Great guide. I just recently started monitoring my clients this way and diving into HFM. Thank you for putting it all in one place!

Link to post
Share on other sites
Posted · Original PosterOP
2 hours ago, mightyskull said:

 

 

I can't access the Web client via my LAN.

Even after setting the Remote Access Whitelist IPs, I get a 401.

Host is running Ubuntu 18.04 & firewall is disabled.
 

Here's my config:

 


15:13:45:<config>
15:13:45:  <!-- HTTP Server -->
15:13:45:  <allow v='127.0.0.1 10.0.0.0/24'/>
15:13:45:
15:13:45:  <!-- Network -->
15:13:45:  <proxy v=':8080'/>
15:13:45:
15:13:45:  <!-- Remote Command Server -->
15:13:45:  <command-allow-no-pass v='127.0.0.1 10.0.0.0/24'/>

 

I've tried whitelisting specific IPs too. The client refuses to accept it.

Did you

service FAHClient restart

Link to post
Share on other sites

I'm having the same issue as @mightyskull is, but on a Windows Server machine. I have the proper firewall rules in place (7396 for Web Client in from my subnets and 36330 in for Advanced Control), the proper subnets configured in Advanced Control, AND I can connect to Advanced Control from other machines on my LAN just fine (and yes, I have restarted the service multiple times). However, when I try to hit the Web Client from another machine, the page loads to a 401 UNAUTHORIZED page and I can see the 401 message appear in the logs on the server. The behavior is the same even when I have the Windows Firewall completely disabled. Is it possible that remote Web Client access is just busted right now?

Link to post
Share on other sites
Posted · Original PosterOP

401 would come from the server itself so something on the localhost is blocking the connection.

 

I don't use the web control as I prefer to have all my systems displayed in one place so I use the Advanced Control on my Daily Driver to connect to my rigs5700xt_Linux.thumb.jpg.b673168e3752687aabc921179ef3effa.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×