Solved

Cannot consistently view security cameras through software provided. Firewall seems to be the issue?

Posted on 2007-12-06
4
855 Views
Last Modified: 2010-04-21
I have a client with a Dedicated Micros DS1 video camera unit. In conjunction with DM network viewer software (http://www.dedicatedmicros.com/australia/support_downloads_online.php) I am able to view the security camera's in some circumstances.

The camera unit has been setup behind two different firewall units. A sonicwall TZ190 running enhanced firmware. A linksys WAG54G v3 wireless access point. Both running the latest firmware.
The camera server uses tcp and udp ports 8234 and 8235.

The problem is on the return to the person using the viewer software. Depending on the connection type the camera's can be viewed.

If I use a dialup connection the video streams successfully.
If I attempt to view from behind our sonicwall TZ170 standard at work it fails. The logs reveal the packets are dropped due to a Probable TCP NULL scan.

Various other combinations work or not. A 3G internet connection via a PCMCIA card works. While a motorola cable modem will fail.

I have tried creating an ANY rule on the firewall between the 2 addresses to no avail. I have played around with MTU setting and allowing packet fragmentation. No result.

Any help would be appreciated.

0
Comment
Question by:silky38
  • 2
4 Comments
 
LVL 5

Expert Comment

by:jsthursday
ID: 20430614
you might need to forward the ports so the router reads them. it sounds like the ports are being discarded to the router as soon as they are hitting it. check out this site, its one of the best tutorial sites--

http://portforward.com/routers.htm
0
 

Author Comment

by:silky38
ID: 20438950
Thanks JS but I am already forwarding ports 8234-8239 to the unit through the firewall. The problem is not that the packets don't get forwarded. The problem is that the packets are detected  as a TCP NULL SCAN on the return trip by our Sonicwall.
The problem doesn't occur if you use a dialup connection and some routers such as my netgear wireless router have no issues either.
0
 
LVL 12

Accepted Solution

by:
Freya28 earned 500 total points
ID: 20494129
if we send a packet to a remote system in which all the flags are turned off (That is, set to NULL), then the remote system would actually not know what to do with the packet or in other words, it would not know what this packet was meant for.

You see, each flag is supposed to perform a particular function. According to the function that you wish to perform, the various TCP flags are turned on and turned off. Now, when the client sends a packet with all the flags turned off, then the server has absolutely no idea as to what it has to do with the packet or as to why the client sent the packet. If the NULL packet is directed to an open port, then the service running on that port replies with a error message. However, if the NULL packet is directed to a closed port, then the remote system replies with a RST or reset because the NULL packet it received did not contain enough information to establish a connection.

0
 

Author Closing Comment

by:silky38
ID: 31413314
Doesn't really solve the problem, but chances are that no one will have an answer.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now