Setting Up Remote Viewing On IP Security Cameras

I need help getting all of my port forwarding correct.

I have a SBS 2008 + SnapGear Firewall

I have setup a DDNS (Included as part of the camera system).

The DDNS address is AV125872.AvertxDDNS.com

My Quesitons:

1 - Should I use DDNS even if I have a static IP address?

2 - What ports do I need to setup on the firewall? (i.e. Destination Address: xx.xxx.xx.xx <---External IP Address OR destination address: av125872.AvertxDDNS.com).

3 - What do I need to do in the IIS console to forward the correct settings?



I called their tech support and they were not helpful in the least. "Forward your ports to the outside world" is all they could tell me.
Nicholas_BlueStarAsked:
Who is Participating?
 
hecgomrecCommented:
I'm not a master of SnapGear but I'll try to get you there....


Port B in this device refers to the Internet service provider (ISP) access and you see this because here you can have internal and external port forwarding in the same place.

In your case you want to create and incoming rule therefore your Destination address will be once again Port B.

AV125872.AvertXDDNS.com is a DNS name assigned by AvertX to get to your public IP.  If you already have a name assigned to your IP you can still use that one, use the one assigned by AvertX or if you have access to your on DNS records just add something more meaningful to it like security.yourdomain.com or webcams.yourdomain.com.


Now, when you get a request to your IP (65.182.71.39) regardless the name used on port (NVR settings) your services could be named NVRSVR and have the port of the NVR device and your LAN destination will be the IP of the device (10.10.10.38) and the "to services" will be unchanged (meaning will be sent to the same port on device).

Please note the following:

You most change your cameras settings to use a different port rather than 80 as it is standard for Internet Browsing.  Must likely, all your cameras have an IP and a port assigned which in turn allows you see any camera individually if you set it up on the firewall. This will allow you to monitor lets say the camera for a cash register only directly from your tablet, phone or any internet attached device.

Hope it is more clear for you now!!!!
0
 
Paul MacDonaldDirector, Information SystemsCommented:
1)  Use DDNS because you want to access the cameras by name rather than IP.

2)  No idea.  What does your security camera documentation say?

3) See (2)
0
 
Nicholas_BlueStarAuthor Commented:
I have an NVR that "controls" and manages the cameras. It is 10.10.10.38 on my local network.

What I think I need to do is:

ISP ----> Firewall (10.10.10.254)  -----> Server (10.10.10.1) -----> NVR (10.10.10.38)

When you go to the DDNS address (listed in my original post) you just see the IIS7 logo but nothing else.

I have OWA setup through the firewall and it looks like:

Name: OWA
Source Address: Any
Destination Address: "Port B" (xx.xxx.xx.xx <----External IP Address)
Services: OWA (Where "OWA" refers to "tcp/http/80 tcp/https/443 tcp/4125")
To Destination Address: Server (Where "server" refers to "10.10.10.1")


Does that help decipher how my firewall functions?

The big picture (I believe) is to enter the DDNS address (AV125872.AvertXDDNS.com) and be directed to 10.10.10.38 (where the NVR is located).

Does that help? Sorry if I made things more confusing.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Paul MacDonaldDirector, Information SystemsCommented:
You'll need to set up port forwarding in your router to send port-specific outside traffic to the NVR, and NAT to allow that traffic back out again.  

I presume you monitor the NVR as if it were a web page, and it may even use straight HTTP/port 80 to transmit.  In that case, you might configure the firewall to direct requests it receives for 65.182.71.39:8080 to the NVR.  Then, from outside your network, traffic to 65.182.71.39 would be sent to your IIS7 server and 65.182.71.39:8080 would be sent to your NVR.

Portforwarding the SG565
0
 
Nicholas_BlueStarAuthor Commented:
Paul

Im trying to follow your instructions but I am a little confused...

Are you saying that the only "configuration" will be on my SnapGear? Will I need to modify anything within my SBS 2008 server?

I can only choose port B which does not have the 8080 after the IP address...I am not sure how to get around that...Again, I am a novice when it comes to this advanced port stuff.
0
 
Nicholas_BlueStarAuthor Commented:
I am still not sure what I need to do Paul.

Here is what my current NAT (port forwarding looks like)

Screenshot Of SnapGear
My "Destination Address" can only be "Port B" which does not have the :8080 after it so I am not sure how to do that.

Also - If I point incoming (outside) traffic to the server (10.10.10.1), how do I make the server point that request to 10.10.10.38?
0
 
Nicholas_BlueStarAuthor Commented:
hecgomrec

"Please note the following:

You most change your cameras settings to use a different port rather than 80 as it is standard for Internet Browsing.  Must likely, all your cameras have an IP and a port assigned which in turn allows you see any camera individually if you set it up on the firewall. This will allow you to monitor lets say the camera for a cash register only directly from your tablet, phone or any internet attached device."

EXACTLY! That was the only issue! Once I changed the port from 80 I got it to work.

Thank you for the info!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.