New Construction Wiring

Are you thinking about or already building a new home? Wiring it for automation and distributed media is much more cost effective when done during new construction. You only have one opportunity to do this well, and that is before the sheet rock or other wall coverings are installed.

First decision is: Hire an Integration Pro? Do it Yourself? If the latter, be prepared to spend a lot of time, and accept that you will make errors that will take at least time to resolve. For most, hire a pro. If you do decide to DIY, read on.

Make sure you consult with your building contractor (if that is not you) to make sure that you can do any of the wiring yourself, or can even contract the work to an Integration Pro. Make sure that you are doing everything with approval of the local inspection code authority as they have final say on what you can / can't do and how to do it.

During system (and home) design, it is important to determine a central equipment closet. Ideals are centrally located (to reduce wire run lengths), ease of access (you will be spending a lot of time plugging things in...). If your myServer Server and Media servers are also located there, then put it out of earshot of the Theater room, and have physical wire run access to all points. If you make the location not noise important, then your PC hardware will be less expensive as noise free costs more. Make sure the wiring closet has cool air circulation to keep equipment safe from overheating.

All telephone, ethernet, video distribution, IR distribution, alarm, One Wire runs (for home automation), and audio should be located here.

Here is an excellent overview: How to Wire

Here is another excellent wiring related document including spreadsheets for your organization Cocoontech wiring guide

Run at least 2 RG6 quad shield to all rooms (In / Out or In / In video capability). Run at least one Cat 5 on each major side of each room (this can be for phone, LAN, IR, One wire, etc.). Use Cat 5 instead of Cat 3 (allows versatle use without much added expense).

Run many RG6 runs to the roof for satellite (I should have run 7 runs) if there aren't other content availability like digital cable. If in snowy area, add wires to power a satellite dish heater. OTA antenna rotator control wires.

Use punch down blocks for alarm (hard wire is preferable if new construction), LAN, IR, One Wire.

Home Depot has Leviton structured media panels that aren't too much money and help clean up the install.

Speaker wire to prominent rooms (I use 12 gauge stranded for longer length runs, 14 for shorter runs or ambiance speakers). Don't forget about outside speaker runs.

Zone heating low voltage wiring (automation of heat system). Cat 5 to thermostat (for automation serial control thermostats like the RSC)

Alarm system wiring including motion sensors, glass breaks, door / window contacts (including garage doors), fire detectors, water level detectors (mud room / utility room / bathroom).

Deluxe things: low voltage wiring to power awnings, motion sensor low voltage to detect room navigation (switches lights / audio appropriately).

More Info:

I'd suggest at least 2 cat5 wires and 2 rg6 wires, all "home run" to a head end or equipment closet, from 2 prominent points in each room (so, at last 4 cat5 and 4 rg6 in total per room, EACH going directly to the head end). In places where you'll have a lot of office- or computer-type equipment, or you'll have a lot of home A/V equipment, I'd run more than that. It sounds excessive, but it isn't, believe me - especially when you start dealing with networked printers, DSL modems, channel modulators, etc.! You can buy bundled cable with 2 cat5, 2 rg6, and even 2 fiber optic wires within one sheath, which is really handy.

I'd recommend also doing a home run of cat5 from just inside the door to each major room; that way, if you want to put in keypads or something later, the wires are already there. You may want to mark where the wires are terminated with a tiny bump in the wall so you can find them easily in the future. Suggested is to put a run of cat5 to near the door in the bathroom because Hey, you never know.

Another thing to keep in mind is to make sure that the low voltage wires are kept well separate from the high voltage wires, or you could get interference.

Most power line lighting control systems require to have a third wire between the switch and the light itself, so keep that in mind for planning. Also, if you're planning on being able to decrease the volume of speakers within a room from a wall-mounted knob, you may need to first run the speaker cable past that knob before it leads to the speakers themselves (unless it's otherwise controlled at the head end).

If your electrician normally does high-voltage work and is not that familiar with low voltage wires, make sure that he or she does not install them in the wall of a room and then CUT THEM, assuming he or she can attach them later to wires from the central location. You're probably thinking, what idiot would do that? but it does happen, so it's worth just double-checking with your contractor.

Don't forget thermostat wires (RS-485 is best which requires CAT5 from wall unit to furnace unit) and alarm wires. CAT5 from sensors to closet.

Finally, a word to the wise is to MAP EVERYTHING before the walls are closed. It's easy to put off doing it until it's too late. Once you've mapped it... don't lose the map! Ideally, you should mark all wires as they are being installed. A wire marking printer is a great investment (about $100 for low end units that work fine). If you are pushed for time and can't mark the wires, fear not as a signal tracing transmitter / receiver pair can find wires almost as fast after they are all installed (about $100 from Home Depot).

More Info:

Quick tip: make a video recording of every wire in every room before the insulation / drywall go up. Put a tape measure on the floor to give reference to location of wire bundles.

Also, you might also want to put an empty tube from basement to attic and put a pull cord in it. No matter what, you will forget to wire something that 6 months later will take more time to route than a whole room of wire during construction.

Talk to the plumber and heating contractor on their routing plan so you don't get in the way. Ideally, low voltage goes in after plumbing, heating and right after or during high voltage wiring.

If you need to cross high voltage, keep as much distance as possible and cross at right angles. Don't make neat bundles of high and low voltage!

In my walkout basement I wanted drywall finished ceilings since I hate drop ceilings. This makes after the fact wiring and maintenance very difficult. The work around was to leave a 5 inch gap without ceiling drywall between wall and ceiling. "J" channel was put on the raw ceiling drywall edge to make a finished line. Tongue and Groove wood boards were installed with screws to provide an architectural look and as a plus- a wire chase around the room!

Serial Cables

Serial cables come "straight through" and "null modem". Make sure to select the appropriate cable for the hardware you are trying to control. This is the number one reason why folks have difficulty with serial controlled devices. Cinemar sells the appropriate serial cable for the most popular equipment that Cinemar supports to save time to get the correct one.

The PC end of the cable is called a "DB9 (nine pin) Female" The equipment end can be either a Female or Male. Serial cables come in all combinations of Female / Male and straight through and Null Modem. You can also purchase an adapter to make a straight through cable a null modem cable (and visa versa). You can also purchase an adapter to change the sex of one end.

Many times, you have your PC located in a room distant from the RS232 device that it needs to control. When you have prewired Cat5 cable, you can make adapters that convert a network wire to a serial wire. Be careful NOT to plug a serial cable into an ethernet LAN.

Cable Info

How to use CAT5 cable as a serial cable:

Build a Cable Adapter


Typical is pin 2,3 and 5 on the DB9. (on the db9)
2 is Tx 
3 is Rx 
5 is Ground

RJ-45 DB-9 M/F 
1 (Blue) DSR(out) 6
2 (Orange) CTS(out) 8 
3 (Black) GRD 5 
4 (Red) TX(in) 3 
5 (Green) RX(out) 2 
6 (Yellow) DCD(out) 1 
7 (Brown) RTS(in) 7 
8 (Gray) DTR(in) 4 
out – signal is from UniGuard
in – signal from Host Equipment

I really does not matter what wire pairs you use in the piece of cat 5, as long as you are consistant end for end.

If you are using one of those RJ45 to DB9 general adaptors (the one that you plug the wires into), then just make sure you get the signal on those pins.

Common myServer supported devices and their cable types:

Russound Cav6.6: Straight through (flip the switch on the rear of the unit to enable serial communication)

Sony CX777ES: Null Modem Cable

ELK M1Gold: DB9 Male to DB9 Female. Pin 2 to Pin2, Pin 3 to Pin 3, Pin 5 to Pin 5 (straight through)

HAI Security panels: requires RJ11 connector to DB9. Recommended is to purchase this from HAI.

Connecting a Sony CX777ES changer to myServer Server PC

Here is the best reliable connection plan myServer ClientPC <> ethernet <> gigabit LAN / router <> MLServer3 PC running CX777ES plugin and myMovies app and database <> com port <> proper serial cable <> sony CX777ES changer.

Here is a semi wireless but reliable setup: myServer 802.11G ClientPC <> wireless LAN <> gigabit LAN / router <> MLServer3 PC running CX777ES plugin and myMovies App and database <> ethernet <> global Cache w/ serial port <> proper serial cable <> sony CX777ES changer.

Here is a "fully" wireless but maybe not perfectly reliable setup: myServer 802.11G ClientPC <> wireless LAN <> gigabit LAN / router <> MLServer3 PC running CX777ES plugin and myMovies App and database <> ethernet <> wireless access point <> ethernet <> wireless access point <> ethernet <> global Cache w/ serial port <> proper serial cable <> sony CX777ES changer.


myServer is very commonly used to manage digital media cataloging and launch. But, what about the safe, available, cost effective storage of this media? 

Storage Strategies

Build a PC and put a lot of big hard drives in it and use some method of regular backup or RAID protection against the inevitable hard drive failure. Some say, "who cares" and just rerip those affected movies when that particular drive fails. Most do something more proactively about it as the time, hassle and downtime to rerip many feel is outweighed by the additional cost to protect the data.

Purchase a NAS (Network Attached Storage) that is a dedicated storage unit (not really a PC). This attaches to the PC data network. Many of these NAS solutions support RAID.  Rip your content automatically to the NAS using Allonis's AutoLoader (can rip 100 Blu-ray discs in a session) or a standard PC optical drive one at a time.  myContent manager automates the process.

Add a firewire changer (like a Sony XL1B3 or a Powerfile unit) and connect that 200 disk changer to the HTPC. myMovies is then used to control the changer mechanics of loading a disk from an appropriate storage slot. This eliminates having to rip to hard drives and the cost is very hard to beat. Note that these hardware choices are no longer manufactured so the supply is drying up.

Use a Sony CX777ES 400 disk analog changer and control it using Allonis's myMovies / myServer software. This unit requires the component video output to be routed to your TV.

Once you have a means to store and network the movie files, you need a software DVD player that runs on the HTPC. TheaterTek and ZoomPlayer are prominent favorites.

If you have a fair number of DVDs, then the next step is to put a movie organizer in place. myMovies is Allonis's premier movie catalog / launch software.

With at least myMovies, even a three year old can control your system and watch the latest "Wiggles" episode about 20 times a day

Higher end software solutions like myMovies / myServer allow for management of all of your AV hardware, lighting, projector, plasma, receiver, etc. to fully automate and simplify the complexity of turning on the system appropriately so that 3 year old can enjoy your investment (the significant other too). And, with these software solutions, you can do any combination of the above storage methods, or all of them at once to apply the correct storage solution for the situation. For example, the Wiggles would be on a hard drive so the 20 times per day isn't taxing on hardware or the 3 year old's patience waiting for the mechanical firewire changer to load their day's favorite movie for the 20th time. Hardly watched movies could go on the Firewire or Sony CX777ES analog dvd changer.

HD movies are another issue...much more hard drive storage needed and the HD software DVD players are just getting their software act together for decent play. And, none of them interface with DVD management software solutions so the control experience isn't as tight as with non HD DVDs.


RAID Technology

Because movies take a lot of storage space and that hard drives WILL fail (being mechanical devices), it is recommended that your movie server be built using RAID5 hard drive storage technology. This allows for pieces of a file to be spread across multiple connected hard drives that provides protection in the case that one drive fails. The drive just needs to be replaced when it fails, and the RAID can then be rebuilt without loss of media. RAID 5 requires a minimum of three drives connected to RAID5 controller card installed in the PC server. The drives should be identical size and model for best performance and efficiency. Make sure the PC power supply is rated for the total electrical load that the PC and drives require.

More About RAID

RAID is a popular way of managing large amounts of data (like what one would need for a hard drive based media system) both for sheer capacity, as well as protection against mechanical failure of a hard drive (inevitable). There are several different ways to implement RAID:

The capacity of each the RAID is limited to the capacity of the smallest drive in the array. The total array capacity is defined as follows:
RAID 0: (the number of drives) X (the capacity of the smallest drive. RAID 0 is not recommended for media systems as there is no protection against drive failure
RAID 1: the capacity of the smallest drive. RAID 1 is highly recommanded for a operating system drive or for mission critical data. Expensive as it requires twice the storage capacity.
RAID 5: (the number of drives - 1) X (capacity of the smallest drive). RAID 5 is highly recommended for storage of media as the data is spread across all drives, providing protection against one drive failure without duplicating content (using additional hard drives).
RAID10: (the number of drives / 2) X (capacity of smallest drive)

Hot spare and hot swap

Hot Spare is the label given to a drive that is available, active and designated as a spare. This designated drive is applied automatically when a drive degrades and the array is rebuilt. Hot Swap is the term applied to the process of swapping out a degraded drive, programmatically and using the RAID controller cards methods, with a pre-assigned spare.


There's a difference between backup and fault-tolerance/redundancy. Both are important, depending on the nature of the data. Fault-tolerance stops you from losing data. Backup allows you to go back (unless you're not managing it and just doing straight copies).

If video media will be stored, it is suggested that video media be stored on a second storage PC server, a SAN, or on an internal RAID 5 hard drive array with large drives. This drive is typically shared with other PC's on the local subnet network.

Make sure the PC power supply is rated for the number of supported hardware devices.

File Organization

It's best to follow a standard when backing up your media or home movies to your hard drive not only from an organization standpoint - but also to work smoothly with myMovies. You'll want to have a dedicated area on your computer for storing the media such as: X:\Video. Then within this folder, you'll create subfolders with the exact name of the media title found in myMovies.

A Standard Definition DVD folder tree structure should look something like this:

X:\Video\The Name of My Movie\VIDEO_TS\Video_TS and VOB files

Within each Video_TS folder is the stored IFO, BUP and VOB files of that movie. You may also setup a dedicated media server on another computer and stream the media over your network. If this is the case, you'll need to map it as a shared network drive. You should use the same drive letter for the shared network drive on all PCs that will be requested to play the movie file.

To ensure your PC based automation system is working reliably, backup power in the event of utility power outage is important. Recommended is that all PCs (especially the MainLobby Server be connected to a UPS (Uninteruptable Power Supply). The UPS instantly kicks in and runs the PC off of battery power in the event of utility power becoming unavailable.

The UPS should be capacity scaled to the PC (and any peripherals) that are connected to it to ensure there is enough time for when the utility power is typically back online, or until the MainLobby system can be gracefully shut down with proper notices that it is unavailable sent out (like via email or other notification).

Many UPSs provide software for triggering shutdown sequences in the event of power outage that can easily be configured to do some of the above.

Additionally, especially in rural areas, a generator backup to the UPS should be considered if power outages are typically longer in duration than the capacity of the UPS battery. The power coverage would work something like this: Utility power goes out. Instantly the UPS responds and switches to battery. The generator sees the utility power is down, and begins it's startup sequence. When the generator is running and voltage is stable, the generator system switches house power from utility to generator using a Line Transfer switch. This normally happens in under 30 seconds. Once the generator is online, a properly configured UPS will then see that "utility" power is now available and will switch to using the generator's power. Once utility power is resumed, then the reverse sequence occurs.

One problem with generators (especially smaller household scaled ones) is that the UPS sees the generator's power, but it isn't "clean enough" and the UPS stays on battery, even though the generator is online. Below is an article and solution for how APC company addresses this issue (by providing means on some UPS models to desensitize the UPS):


A common characteristic of generators is the normal output voltage distortion when supplying power to nonlinear loads such as computers. This output voltage distortion can be interpreted by the UPS as unacceptable power quality, forcing the UPS to transfer to battery operation. When the load is transferred to the battery, naturally the generator distortion will be reduced or disappear, leading the UPS to attempt to transfer back to line operation. When the load is reapplied to the generator, the distortion will return, leading the UPS to once again transfer to battery. This cycle may repeat indefinitely at intervals of approximately 4 seconds. The answer in this case is to choose a generator which will not distort, when the nonlinear computer load is applied. In general, the generator should be 3-5x the size of the total attached load.

To temporarily correct the issue, please reference the User Manual for your specific UPS model regarding the procedure for adjustment of operating thresholds and sensitivity. Once adjusted to a lower level, the UPS will be capable of tolerating more distortion, as well as a wider voltage range for operation. This will not correct all issues related to your generator and does not apply to all models of UPS. An upgrade of the generator or a reduction in the attached load may be the only solution to achieve proper operation.

sg 1000 back vented    myFirewall4

Network Security - myFirewall

myServer must be installed behind a secure firewall with the proper ports forwarded to the Internet (for remote connection) and with port reflection. Not all routers can be configured this way. Worse, you setup your Internet provider's modem and they reflash it loosing all of your settings that can take hours to reset (not to mention your system goes down).

Allonis properly configures a quality, yet inexpensive gateway that should work plug and play and is designed for reliability.

We support two models:  myFirewall2 (has two ports:  WAN and LAN) and myFirewall4 (WAN / LAN1 / LAN2 / LAN3).  The four port model enables next level security like putting all automation and security systems on a secure network, allowing all clients on the private network to communicate to the devices, and a Guest network that only has access to the Internet (no Intranet access).

Here is how it would be installed:

Internet<<<>>>your Internet service provider <<<>>>your Internet service providers modem / router (setup in Bridge Mode) <<<>>>myFirewall (configured by Allonis)<<<>>>myServer and rest of Intranet network devices

Optionally, Allonis can log into myFirewall and custom configure it for your exact requirements.  Please contact Allonis if you need a special setup.

myFirewall Product Description

The new Allonis myFirewall series is a cost-effective, state-of-the-art, pfSense® Security Gateway appliances. The myFirewall comes with either dual or quad 1Gbps Ethernet ports, enabling maximum throughput exceeding 300Mbps. The processor and ram provided combine to facilitate low-power consumption while maintaining performance. myFirewall comes in a lightweight and durable anodized aluminum case.

myFirewall is an inexpensive platform, purpose-built to run pfSense software and can be deployed in many environments: Multi-dwelling units (MDU) such as apartments and dorm rooms, commercial-control applications (SCADA), as well as more traditional small office, home office deployments, or anywhere that security is needed. myFirewall is also the ideal security gateway for the Internet of Things (IoT). IoT applications include many remote monitoring applications for smart home/smart cities, commercial automation, energy management, agricultural, and health care. All of these can be deployed with best-in-class network security, safeguarding network connected devices. myFirewall is a cost-effective solution to protect devices on your network at the point of connection.

myFirewall is better than a build-it-yourself firewall solution. Attempting to DIY on something as important as protecting your network can be a risky, time consuming, and expensive process. Get the power and flexibility of pfSense software, the world’s most popular open-source firewall, as a pre-integrated appliance that is robust and ready to go out of the box, all at a low price.

  • Stateful packet filtering firewall or pure router
  • Routing policy per gateway and per-rule for failover and load balancing
  • Transparent layer 2 firewall
  • Support for IPV6, NAT, BGP
  • Captive portal with MAC filtering, RADIUS support, etc
  • VPN: IPsec, OpenVPN, L2TP
  • Dynamic DNS client
  • Reporting and monitoring features with real time information


Price $199.99


Price $629.99

myFirewall2 ships with:


Username / password: admin/pfsense

To enable Split DNS, first get a NoIP public DNS name setup and log into the myFirewall.  Services / DNS Resolver.

Modify in the Hosts Override fields the myserver and the allonis.local to your NoIP DNS name (or your registered DNS name) and click Save.  This must match your myServer DNS name

In myServer Network properties, type your NoIP DNS name in the DNS field.

Restart myServer for the setting changes to take effect.

myFirewall Installation Help

To help you organize your network, here is an Addressing Example:

  • Gateway(FW/Router)=192.168.x.201 (or 200, 202, 203, 204 - 209)
  • myServer=Static 192.168.x.210
  • Printers=192.168.x.220 - 229
  • Security=192.168.x.100 - 192.168.x.109
  • Audio=192.168.x.110 - 192.168.x.129
  • Video=192.168.x.130 - 192.168.x.149
  • Lighting Control Systems=192.168.x.150 - 192.168.x.159
  • Climate Control Systems=192.168.x.160 - 192.168.x.169
  • ClientPCs=192.168.x.170 - 192.168.x.199
  • Other=192.168.x.200 - 192.168.x.219

WAN=Connection to Internet
LAN1=General Purpose
LAN2=Home Automation/Secure Systems - secure internal network. Note: Firewall rules must control access! 
LAN3=Other (Guest Network, etc)

LAN1=Static Subnet 192.168.0.x DHCP Scope= 
LAN2=Static Subnet 192.168.2.x DHCP Scope=
LAN3=Static Subnet 192.168.3.x DHCP Scope=

Note: 192.1.x.1-2 are reserved for devices that boot on that IP by default.  This prevents the DHCP server from providing those IPs, and then when you plug in a default device, there will be an IP conflict.

FW Rules:
WAN Interface:
Port Forward/NAT WAN Address TCP 6245 to myServer TCP 80
Port Forward/NAT WAN Address TCP 6246 to myServer TCP 6246
Port Forward/NAT WAN Address TCP 8181 to myServer TCP 8181

Port 3342 must not be blocked from myServer to the Internet.  This port is used for web services like Alexa.  By default, most all routers permit this traffic.


LAN1 Interface:
Allow protocol IPV4 TCP/UDP ANY to ANY excluding LAN2 subnet

LAN2 Interface:
Allow protocol IPV4 TCP/UDP ANY to ANY

LAN3 Interface:
Allow protocol IPV4 TCP/UDP ANY to ANY excluding LAN2 (or as needed per requirements for LAN3)

DynDNS (Dynamic DNS) Registration:
Allonis myUI for tablets http://{username}
Allonis myUI for phones http://{username}

As myFirewall is configured with "Split DNS", the user always uses the same URL (including the port) when both inside and outside of the network.  Split DNS routes the request when originating from within the Intranet directly to the myServer PC for immediate response.  As FYI, the alternative strategy of using "Port Reflection" routes the request outside of the Intranet for resolution which then points back to myServer.  This takes a bit longer to process.

WiFi can be configured with a Guest mode so no WiFi device on that network can connect to the Elk (as example)
Example of a SSID for Guest:  myHome2_Guest or myHome5_Guest (2.4 vs. 5 ghz connection speeds)
Seems the new Google WiFi (GWF) can't be in Bridge mode and also do their magic of mesh networking on the WiFi side.  So, by default the Google WiFi will have it's own DHCP server turned on and create another network domain of it's own for the WiFi clients.  You can have myFirewall manage these clients, but you would then turn on Bridge Mode on GWF which the downside is GWF's WiFi mesh networking would then not function.  But, the LAN would work just fine as long as you have enough wired GWF (or other) WiFi access points.

Installation Steps

Step 1) Change network configuration in existing myServer to Tools / Options / Network tab.  Change myServer DNS name to "{username}" (as example).  Web server TCP/IP port to 6245 and WebSockets TCP to 8181.

Step 2) Restart myServer for these new settings to take effect

Step 3) Reconfigure myServer PC IP to Static IP: / Gateway: / DNS Server:  Note that once you commit these changes, you won't be able to communicate to this PC until after the rest of network is configured and reconnected.

Step 4) Put the Internet modem or cable box into Bridge Mode (see your modem's instructions for how to do this - see appendix below).  Restart this modem.  Note you will loose Internet connectivity once you have done this.  Make sure you know how to reset your modem back to the way it was if for some reason you need help from the Internet (like from Allonis).  Make sure you know what your Internet service provider's login credentials (write them down).

Step 5) Rewire like this: 

  • Internet feed to Cable / DSL modem.  Modem LAN connection to myFirewall WAN connection
  • myFirewall LAN1 connection to existing hardwired LAN (192.168.0.x)
  • myFirewall LAN2 and LAN3 won't be connected to anything.

Step 6) Power up the myFirewall.  It is always best to plug the myFirewall transformer into a UPS / Generator supply to ensure network up time in event of power outage.

Step 7) From the Intranet (LAN1), make sure you have a PC client setup DHCP.  It will get it's address from myFirewall.

Step 8) From the PC client, in a Chrome or Safari browser, go to: You will see a "Certificate is Invalid" message.  Ignore the messages and continue to Accept.   Log in with admin / allonis.  You should now see the Dashboard of the myFirewall.  You can manage all of the settings from here.  Allonis has pre-set most of the important settings.

Step 9) Test your network:  From the PC client, open a DOS window and issue:  ping    hit the Enter key.  You should immediately see responses back from the myServer PC.

Step 10) Test myServer:  From the PC client open a Chrome or Safari browser and go to:  http://{username}  (as example)  You should see either a login screen or your home page (depends on how you have configured myServer).  If soon all of your images load, then you are done!!

Optional Step 11) If you have the myFirewall4, this is setup so you can move myServer, your security panel etc to the LAN2.  This will put those devices on 192.168.2.X network.  myServer will be  myFirewall4 is configured to pass only web data from LAN1 to LAN2 to keep LAN2 more secure.

Optional Step 12) myFirewall4 is also setup with a LAN3, this is intended so you can create a Guest network.  This port will only allow traffic to the Internet, and not to LAN1 or LAN2.

As the myFirewall will be responsible for all packet routing, the Internet provider's cable / DSL modem should be put into Bridge Mode.  This allows all packets to be bidirectionally past through the modem.


How do I enable bridge mode?

The best solution to double NAT is enabling bridge mode on your modem/router combo.

Log into your router or modem/router combo and find its settings to enable bridge mode. To access your router’s settings, you might have to open an internet browser, and enter your router’s IP address in the address bar. Like this:

Details vary depending on the device. Many ISPs and manufacturers provide instructions on how to do this:


For the following modems:

  • VersaLink 7500 gateway
  • VersaLink 327W gateway
  • Actiontec 704WG gateway
  • Westell 6100 modem


For the Actiontec GT704WG modem, visit:

For the Actiontec MI424WR, visit: 


For Comcast Home users, follow the instructions in this help article: Enable or Disable Bridge Mode on a Wireless Gateway.

For Comcast Business users, contact Comcast Business support and ask them to set your modem to "Passthrough" or "Bridge" mode.


Allonis myServer can run on a Raspberry Pi 3 device.

This is way cool because the hardware is super cheap with great performance (for the price).

Allonis sells pre packaged Pi hardware with myServer pre installed on it if you don't want to install it all yourself.

 If you do want to install yourself, the below should get you going!


  • Raspberry Pi3 connected to a HDMI display, a keyboard and mouse (can be wireless).  A 2+ amp micro USB power supply.
  • A Class 10 microSD card with 8 or more GB that has nothing on it you need (it will be formatted during the installation).
  • A Windows PC you can prepare the microSD for boot
  • Optional:  WiFi adapter (if Pi2...Pi3 has onboard WiFi)

To setup a Raspberry Pi 3 device, follow these steps:

  1. Prepare your microSD card:
  2. Install SDFormatter on a Windows PC
  3. Insert the Pi microSD card into a card reader attached to the Windows PC
  4. Run SDFormatter and make sure it found the microSD card.  If you are positive that is the correct drive letter, click to Format
  5. When done, shut down SDFormatter.
  6. Install Win32 Disk Imager on the Windows PC
  7. Run Disk Imager.  Make sure it is pointing to the microSD card as the target drive.
  8. Download Debian Jessie build to the Windows PC
  9. Unzip it
  10. Point Disk Imager to the iso file.
  11. Click to Write image.  This will take about 5 minutes or so.
  12. When done, a Finished window will popup.  Close that and Exit Win32 Disk Imager application.
  13. Eject and Remove the microSD card from the Windows PC and insert into the Pi.
  14. Boot the Pi


If you used the Full Debian Jessie build, then the PI should boot to the Jessie desktop

You should go to Menu > mouse / keyboard setup.  Setup the keyboard for US (if that is applicable to you)

Once your keyboard is configured, click on the Terminal app

In the Terminal app type:

  1. sudo apt-get update
  2. Hit Enter.  When finished type:
  3. sudo apt-get upgrade
  4. Hit Enter
  5. You might be asked if you want to continue...hit the Y to continue.  This will take several minutes.  When finished type:
  6. sudo apt-key adv --keyserver hkp:// --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
  7. Hit Enter.  When done type:
  8. echo "deb wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list
  9. Hit Enter.  When done type:
  10. sudo apt-get update
  11. Hit Enter.  when done type:
  12. sudo apt-get install mono-runtime
  13. Hit Enter.  You might be asked if you want to continue...hit the Y to continue.  This will take a couple of  minutes.  When finished type:
  14. sudo apt-get install libmono-system-core4.0-cil
  15. Hit Enter.  You might be asked if you want to continue...hit the Y to continue.  This will take a couple of minutes.  When finished type:
  16. To install ZWave support (requires hardware) type:
  17. wget -q -O - | sudo bash
  18. Hit Enter.  You will be asked if you accept the license terms.  If you agree, type yes and Enter.
  19. The install will take a few minutes and then you might be asked if you want to receive emails about the Razberry project.  If not, say no.
  20. Reboot the Pi by typing: sudo reboot
  21. Hit Enter.
  22. If you have a Pi2, you can also make the Pi wireless...just plug in an Edimax USB WiFi adapter.  The drivers for the adapter are included in the Debian OS.  When the desktop launches, right click on the network device icon on top right.  Add your WiFi Access Points SSID and password.  The device can then be configured for a Static IP address (recommended).