Re: [SLUG] IP cams behind NAT/ADSL
On Wed, August 31, 2011 4:48 pm, Martin Visser wrote: > I don't see from the above where the "cam10" application is mapped from > port 8010 to port 80 on the "cam10" device. That might be which nmap is > showing cam10 as filtered. Martin, thanks for your help. I had a couple of goes (two way bet thing, there is two way to enter, let's try both), anyhow I wasn't getting 'desired results' and left it for another day, as it was, I realized I had an old WAG54G, so, I thought I'll try that, (WAG54 also has SNMP so I can feed that to Cacti, fwiw) anyhow, with WAG54 I succeeded with exposing desired devices (so far it seems to work from internal browser using external address:port combo, something I was not able to get with 2Wire) so I'll give the WAG a try and see how it goes, next step is to replace old phone wire with multiple connections + extension cord with new drop from the MDF direct to router, be interesting if performance will improve thanks again for all the help -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IP cams behind NAT/ADSL
Voytek, I don't see from the above where the "cam10" application is mapped from port 8010 to port 80 on the "cam10" device. That might be which nmap is showing cam10 as filtered. Regards, Martin martinvisse...@gmail.com On 31 August 2011 15:32, Voytek Eymont wrote: > > On Wed, August 31, 2011 8:50 am, Martin Visser wrote: > > > if your cameras are say 192.168.1.101, 192.168.1.102, 192.168.1.103 you > > need to setup a separate port forward for each, or application. So you > > might create WebCam1 with Protocol TCP, Port 80 and Map to Host port > 8101, > > > Martin, > > thanks, one of my configs was incorrect (but the other one wasn't, [2wire, > 2way bet]). > > OK, 2wire shows: > > Device Allowed ApplicationsApplication Type Protocol Port Public IP > cacti Web Server - TCP 80 111.222.333.444 >SSH Server - TCP 22 111.222.333.444 > cam10 cam10 - TCP 8010111.222.333.444 > > do I need to do anything in Apache conf on cacti above ? > > when I nmap I get: > > Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-31 14:57 EST > Interesting ports on 111.222.333.444: > Not shown: 995 closed ports > PORTSTATESERVICE > 22/tcp open ssh > 80/tcp open http > 139/tcp filtered netbios-ssn > 179/tcp filtered bgp > 445/tcp filtered microsoft-ds > > Nmap done: 1 IP address (1 host up) scanned in 48.59 seconds > > at one point whilst fiddling with different variants I noticed this: > > --- > Not shown: 994 closed ports > PORT STATESERVICE > 22/tcp open ssh > 80/tcp open http > 139/tcp filtered netbios-ssn > 179/tcp filtered bgp > 445/tcp filtered microsoft-ds > 8010/tcp filtered xmpp > --- > > maybe.. whilst I was attempting to connect from browser..? > > > -- > Voytek > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IP cams behind NAT/ADSL
On Wed, August 31, 2011 8:50 am, Martin Visser wrote: > if your cameras are say 192.168.1.101, 192.168.1.102, 192.168.1.103 you > need to setup a separate port forward for each, or application. So you > might create WebCam1 with Protocol TCP, Port 80 and Map to Host port 8101, Martin, thanks, one of my configs was incorrect (but the other one wasn't, [2wire, 2way bet]). OK, 2wire shows: Device Allowed ApplicationsApplication Type Protocol Port Public IP cacti Web Server - TCP 80 111.222.333.444 SSH Server - TCP 22 111.222.333.444 cam10 cam10 - TCP 8010111.222.333.444 do I need to do anything in Apache conf on cacti above ? when I nmap I get: Starting Nmap 5.00 ( http://nmap.org ) at 2011-08-31 14:57 EST Interesting ports on 111.222.333.444: Not shown: 995 closed ports PORTSTATESERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 179/tcp filtered bgp 445/tcp filtered microsoft-ds Nmap done: 1 IP address (1 host up) scanned in 48.59 seconds at one point whilst fiddling with different variants I noticed this: --- Not shown: 994 closed ports PORT STATESERVICE 22/tcp open ssh 80/tcp open http 139/tcp filtered netbios-ssn 179/tcp filtered bgp 445/tcp filtered microsoft-ds 8010/tcp filtered xmpp --- maybe.. whilst I was attempting to connect from browser..? -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] IP cams behind NAT/ADSL
Voytek, Looking at a manual ( http://support.2wire.com/index.php?page=view&article=765 not sure if it's the same model) you should be able to do what you want if your cameras are say 192.168.1.101, 192.168.1.102, 192.168.1.103 you need to setup a separate port forward for each, or application. So you might create WebCam1 with Protocol TCP, Port 80 and Map to Host port 8101, WebCam2 with Protocol TCP, Port 80, Map to Host Port 8102, and so on. (As in Page 40). Then as on Page 38 you apply that Firewall Application to each "computer) - so apply Application WebCam1 to 192.168.1.101, and so on. The if your external IP address is say 202.1.2.3 then if you browse to http://202.1.2.3:8101 you would see camera 1, http://202.1.2.3:8102 camera 2 and so on Bear in mind anyone can also connect to your cameras if they can determine the mapping (through a program like nmap). So you have the security protection of whatever the camera does or doesn't have. Also you will need to confirm that the camera only uses port 80, and doesn't say stream video through another port, or maybe even redirect to port 443 for login (if it has this). If you are concerned about security of doing this port forwarding, then you might be better off using ssh on your inside host to do the appropriate port forwarding as well. Regards, Martin martinvisse...@gmail.com On 30 August 2011 20:12, Voytek Eymont wrote: > I have several IP cams behind NAT on 192.168.1.x LAN that I would like to > access remotely using an app on Android or a browser, so I guess I need to > forward port 80 from each IP, I've tried to do that in 2wire ADSL router, > but haven't managed (probably doing it wrongly). I have a Linux machine > on the LAN that I can ssh to, what the best way to achieve this? Port > forward cameras to Linux box and expose that through 2wire? > > > > > -- > Voytek > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] IP cams behind NAT/ADSL
I have several IP cams behind NAT on 192.168.1.x LAN that I would like to access remotely using an app on Android or a browser, so I guess I need to forward port 80 from each IP, I've tried to do that in 2wire ADSL router, but haven't managed (probably doing it wrongly). I have a Linux machine on the LAN that I can ssh to, what the best way to achieve this? Port forward cameras to Linux box and expose that through 2wire? -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html