Solved

Setting Up Remote Viewing On IP Security Cameras

Posted on 2014-01-28
7
1,068 Views
Last Modified: 2014-01-30
I need help getting all of my port forwarding correct.

I have a SBS 2008 + SnapGear Firewall

I have setup a DDNS (Included as part of the camera system).

The DDNS address is AV125872.AvertxDDNS.com

My Quesitons:

1 - Should I use DDNS even if I have a static IP address?

2 - What ports do I need to setup on the firewall? (i.e. Destination Address: xx.xxx.xx.xx <---External IP Address OR destination address: av125872.AvertxDDNS.com).

3 - What do I need to do in the IIS console to forward the correct settings?



I called their tech support and they were not helpful in the least. "Forward your ports to the outside world" is all they could tell me.
0
Comment
Question by:Nicholas_BlueStar
  • 4
  • 2
7 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 39815759
1)  Use DDNS because you want to access the cameras by name rather than IP.

2)  No idea.  What does your security camera documentation say?

3) See (2)
0
 

Author Comment

by:Nicholas_BlueStar
ID: 39815787
I have an NVR that "controls" and manages the cameras. It is 10.10.10.38 on my local network.

What I think I need to do is:

ISP ----> Firewall (10.10.10.254)  -----> Server (10.10.10.1) -----> NVR (10.10.10.38)

When you go to the DDNS address (listed in my original post) you just see the IIS7 logo but nothing else.

I have OWA setup through the firewall and it looks like:

Name: OWA
Source Address: Any
Destination Address: "Port B" (xx.xxx.xx.xx <----External IP Address)
Services: OWA (Where "OWA" refers to "tcp/http/80 tcp/https/443 tcp/4125")
To Destination Address: Server (Where "server" refers to "10.10.10.1")


Does that help decipher how my firewall functions?

The big picture (I believe) is to enter the DDNS address (AV125872.AvertXDDNS.com) and be directed to 10.10.10.38 (where the NVR is located).

Does that help? Sorry if I made things more confusing.
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 39815926
You'll need to set up port forwarding in your router to send port-specific outside traffic to the NVR, and NAT to allow that traffic back out again.  

I presume you monitor the NVR as if it were a web page, and it may even use straight HTTP/port 80 to transmit.  In that case, you might configure the firewall to direct requests it receives for 65.182.71.39:8080 to the NVR.  Then, from outside your network, traffic to 65.182.71.39 would be sent to your IIS7 server and 65.182.71.39:8080 would be sent to your NVR.

Portforwarding the SG565
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:Nicholas_BlueStar
ID: 39816283
Paul

Im trying to follow your instructions but I am a little confused...

Are you saying that the only "configuration" will be on my SnapGear? Will I need to modify anything within my SBS 2008 server?

I can only choose port B which does not have the 8080 after the IP address...I am not sure how to get around that...Again, I am a novice when it comes to this advanced port stuff.
0
 

Author Comment

by:Nicholas_BlueStar
ID: 39817737
I am still not sure what I need to do Paul.

Here is what my current NAT (port forwarding looks like)

Screenshot Of SnapGear
My "Destination Address" can only be "Port B" which does not have the :8080 after it so I am not sure how to do that.

Also - If I point incoming (outside) traffic to the server (10.10.10.1), how do I make the server point that request to 10.10.10.38?
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 39820883
I'm not a master of SnapGear but I'll try to get you there....


Port B in this device refers to the Internet service provider (ISP) access and you see this because here you can have internal and external port forwarding in the same place.

In your case you want to create and incoming rule therefore your Destination address will be once again Port B.

AV125872.AvertXDDNS.com is a DNS name assigned by AvertX to get to your public IP.  If you already have a name assigned to your IP you can still use that one, use the one assigned by AvertX or if you have access to your on DNS records just add something more meaningful to it like security.yourdomain.com or webcams.yourdomain.com.


Now, when you get a request to your IP (65.182.71.39) regardless the name used on port (NVR settings) your services could be named NVRSVR and have the port of the NVR device and your LAN destination will be the IP of the device (10.10.10.38) and the "to services" will be unchanged (meaning will be sent to the same port on device).

Please note the following:

You most change your cameras settings to use a different port rather than 80 as it is standard for Internet Browsing.  Must likely, all your cameras have an IP and a port assigned which in turn allows you see any camera individually if you set it up on the firewall. This will allow you to monitor lets say the camera for a cash register only directly from your tablet, phone or any internet attached device.

Hope it is more clear for you now!!!!
0
 

Author Comment

by:Nicholas_BlueStar
ID: 39821250
hecgomrec

"Please note the following:

You most change your cameras settings to use a different port rather than 80 as it is standard for Internet Browsing.  Must likely, all your cameras have an IP and a port assigned which in turn allows you see any camera individually if you set it up on the firewall. This will allow you to monitor lets say the camera for a cash register only directly from your tablet, phone or any internet attached device."

EXACTLY! That was the only issue! Once I changed the port from 80 I got it to work.

Thank you for the info!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now