question on port fowarding

[Swamppifi]

I am trying to connect some seurity cameras to the net and I have been trying to port foward the cameras ip port.

Now he router I have doesn't have a port fowarding tab, just the virtual server tab.

Also do I have to configure the ASDL modem as well to allow the port fowarding.

Also, my provider is changing my WWW IP address on a daily basis, what option do I have.

[Rkiver]

What make of router is it? Can you put Openwrt or DDWRT on it?

Which device is giving you your internal IP address? The modem or the router? If both are, you've got an issue there that you need to deal with so only ONE is your DHCP.

You may have to setup your modem to do port forwarding, and just have your router in bridged mode.

IP changes, look up Dyndns or Noip and hopefully your modem/router can work with it.

[cooper]

Note that if your modem/router can't, you simply need a device on the network to periodically update the IP that's associated with the network. And seriously, you really shouldn't put a security camera directly onto the net. Set up an closed down box on the internal network that manages the security camera streams and allows you to view the feed.

After all, what assurances do you have that what's running on the camera is secure? If it gets rooted, can you tell? Can you undo the damage to the point where you regain trust in the device?

[digip]

If you want remote access to the cameras, as cooper pointed out, you might want to keep them off the internet in the event others find them. Granted most prompt for logins, but brute forcing them is generally trivial and often easily bypassed, not to mention another attack surface into your network from the outside world. a VPN into the home network to look at them would probably be better, but this also means enabling settings on the router if not already open. Most devices allow vpn passthrough for ports 500 and 4500, even if they don't show open from an external port scan, they should work.

If you're looking to tie this into cell phone apps to monitor the network that's understandable and probably going to need to go with the port forwarding. The other thing to look into, many camera bundles come with the option to email or ftp pics from the network which might be safer than opening up the network though. Mine has motion detection which can email me and auto record to dvr (basically just a video file on the same machine running the server monitor) when it detects movement, but even ones without motion detection often have the option to send out images to a server for checking at regular intervals, and you can probably find alternative software for any camera if it's accessible over IP that will help with this. Check to see if your software has the motion detection options which may be easier than worrying about opening up your network and let it notify you when needed.

[Swamppifi]

Thanks for the feed back

My Router is supplying the internal IP ,it is a modern Dlink, but it doesn't have a port fowarding page, just the virtual server page.

I wont be putting on all the main cameras, just one which is watching something, it is setup with a moition trigger and a door alarm , and it is to email me directly.

But it can't get out.

I need to increase my security as next door caught a car taking photos of my house, so I am beefing up the security

I might be able to use a VPN, but I need the email server to contact Gmail, but just can't seem to get it to work.

Will work on it more this weekend

[cooper]

Well, the point is that if you feed your camera onto the internet, they won't even have to drive by and take a pic of your home - they'll just grab it off of your feed.

Also, given the way you've now worded it, it would seem that it's not so much that you can't get in from the outside, but that you can't get out from the inside. Can you clarify which is the case?

[Swamppifi]

It appearrs that I have an Aus version of a DLINK router DWR 116

I have just solved one problem, I can now email out to my gmail account so I have sorted that side.

Just need to sort why the port fowarding isn't working and then look at setting up a VPN for it

[digip]

You can setup a VPN on the inside of the home network and then VPN in to the LAN and look at it that way, which should work without having to open any ports unless it's explicitly blocking VPN ports. There are other ways to tunnel in by making a node on the inside initiate a connection outboud and then login through that. Darren covered ways of using IRC bounces a while back and SSH tunnels this way, which should be a lot more secure than just opening up the router itself.

[Swamppifi]

I have resolved the issue, it appears there is a bug with the dlink dwr116 firmware version 1.02(au) that prevents passthru.

I have flashed the router with the latest version 1.05(au)

this time when I disable SPI (statefull packect inspector ) I can access the camera.

I tried this before, and it won't work, so the cause of the problem was doggy firmware preventing the port fowarding from working, I knew I had set it up right.

I will now go onto set up a VPN now I have it working..