• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

why can I not access one secure port on my LAN from the internet

I set up a LAN at home with a security camera and a security system including automatic lighting.  Within the LAN, I can access all of the ports.  The security system has a secure port forwarded as do the camera and the linksys router.  When I am away from home, I can access the camera, the lighting controller and the linksys setup page.  I use dyndns.org to provide a dynamic IP for my LAN and I address all these ports through it.  The security system is supposed to be accessible so that I can turn it on and off.  When I emailed support with the problem, and finally gave him the security codes and passwords, he was able to immediately access the port, enter and active the security functions.  I get an error message saying that the site is taking too long to load.  I deleted and reactivated the certificate without effect.  I use the latest version of Firefox and also tried Internet Explorer 6 and Google Chrome, the latter without importing any settings.  All give me the same message.  Strangely, while I can easily access the security camera, I have given the IP and passwords for the camera to two of my sons and they cannot access the camera.  Any thoughts??
0
johnsmal145
Asked:
johnsmal145
  • 5
  • 2
  • 2
1 Solution
 
DIIRECommented:
Does the connection require it to be https?

If so they'd need to type https:// then the dyndns name and port if required.

E.G. https://192.168.1.1:5555

What make and model is the security system/camera, etc.

This will help with troubleshooting.
0
 
johnsmal145Author Commented:
I tried both http and https without effect but they used http and got access.  The security system is the ElkM1Gold and uses a communication board called the ElkM1XEP to communicate with the LAN.  I used an ethernet cable to connect to the router since its connection using a wireless connection seemed unstable.  Their software is called ElkRP.
The XEP is on port 102 internally.  I port forwarded to port 2601 on the linksys.  The dyndns is
                                       lapeerbase.homedns.org:2601.  If you can get the usename and password box to come up, then you are doing what I cannot.  
The camera is a Vivotek wireless camera with pan and tilt.  I did not write down the model # but I may be able to go to the Vivotek site and find that.
0
 
DIIRECommented:
How do you have the port forwarding setup on the router.  Please post exactly what the rules are.

What make and model is the Linksys?

I can connect by https but the login page isn't displaying properly and then I'm getting a certificate error if if I try to connect again unless I delete the certificate.   Http isn't connecting at all but I don't think you have 2101 forwarded on the router.

On the M1 setup do you have port 2101 enabled?  If so for troubleshooting purposes enable it on the M1 and setup a rule for 2101 to be forwarded to the M1

Where did you setup the ddns - on the M1 or on your router?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
johnsmal145Author Commented:
I attached printscreens of some of the Linksys and the M1 settings.  I just port forwarded 2101 as well.  As you can see the linksys is a WRT54GS wireless router but I have the M1 plugged directly into one the ethernet ports.  I set up the dns on the router.  The M1 is set up with static IP address 192.168.1.102.


linksysElksettings.doc
0
 
marmata75Commented:
There's a slight chance that the provider you're using to connect to your home equipment is simply dropping traffic on port 2601. Expecially if you're on a cellular network, they do these kind of tricks. Another option could be that your personal firewall on the machine you're using is blocking the outbound connection to your home equipment. Try to use a different connection, and probably everything will work, as it's already working with the guys at the support site!

Cheers,
]\/[arco
0
 
johnsmal145Author Commented:
I port forwarded the internal M1 port 2101 and got the same result.  I am on a cable modem here, not a cellular network.  I have tried turning off the firewall and again get the same result.

Mal
0
 
johnsmal145Author Commented:
Does anybody have any more thoughts on my problem?  The only change that seems to make any difference is to delete the certificate, go back to the site and make an exception.  What comes up is a blank page with "username:" up in the corner.  But it is a dead sheet.  It won't take any input and you can't go anywhere from it.  The next time you go to the site you get the cannot open error again.

Mal
0
 
marmata75Commented:
Hi Mal,

I see that you're correctly forwarding port 2601, porta 80 and port 26. I think you should connect to port 2601 only with the ElkRP software. If connecting via web browser, you should simply use the http port, so basically just connect to http://lapeerbase.homedns.org. I can connect there, and I'm staring at the password prompt right now. If the prompt I'm seeing is not from the M1, but from the camera, then this is the problem. The M1 needs all three ports opened and forwarded: 2601. 26 and 80. If you're forwarding port 80 to the camera, this will prevent the forwarding to the M1. I see from the screenshot provided you setup a trigger on port 80, to forward on the same port 80. This is inactive, but could you please doublecheck if this is the case? In can be that the firewall is forwarding it even if it's disabled so please delete the port trigger and see if it works!
BTW have you checked if you can connect solely with the ElkRP program from the outside? This should at least prove that access to 2601 works, and it's just access to port 80 and 26 that must be checked!

Cheers,
]\/[arco
0
 
johnsmal145Author Commented:
Marco
Amazing!!  Thank you so much.  I deleted the entire trigger port entry and entered the http without the port designation and the password entry screen came up and I could  access the security keypad.  Good job.

Mal
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now