System administration over the internet WWW.

[jeffreyhel 0]

I would like to know the different ways you all set up your customers so that they can view or control their systems over the world wide internet? Also the specific steps necessary to make it work and the usual pit falls that you had to overcome.....ie: set up customer with seperate server thru linksys router with public static ip with vpn, had major problems getting public ip with cable co.

[rory 0]

If its a Linksys router you can set up a DDNS at www.DynDns.org, and enter that info in the router, then you dont need a static IP.

 

VNC lets you enter an IP or a DDNS name.

[msecure 0]

Any idea which router support no-ip? Dyndns is block when customer is in China & they cannot view thier remote site unless they ping their IP & key it in.

[qman 0]

yeah? uh!! first time I hear that.

[ikill4food2 0]

Our company has 10 reserve IP's on a T1 line - 2 of which already are in use. After setting up DVR system with software, I contacted our provider and told them to point the name to one of the 8 open IP's...

 

The video server is connected through it's own firewall from a switch in place before our VPN. The firewall on the videoserver allows you to establish a private encrypted tunnel for the videoserver alone.

 

No worries after doing it this way at all , much safer than port forwarding onto your existing network or placing it on DMZ, plus it isolates the video server from everything else. Another good point is that you can access it by name .... example : www.mycompany.videoserver.com

 

Using the firewall will also enable access from certain IP's ONLY that you select and can be configured to BLOCK EVERYTHING ELSE ... 100% secure from outsiders ... not to mention the next hurdle of user ID & password to enable the tunnel.

[rory 0]

i dont know off hand, but this one is also in the linksys.

 

http://www.tzo.com/

[rory 0]

Yeah but VPN is a bit too much for most users.

[jeffreyhel 0]

Rory---in no time flat I got my Digiflower (DICO 9206b card) up and running on the net. thanks. now the next question --what can people find out with my port forwarding on in my linksys. can they by pass my camera server and find my other 8 computers? etc.

 

as far as seeing more posts I would appreciate it as i am new to cctv and need to know how to do different systems and what to look out for and what is a good proven way.

[rory 0]

Anything that is open to the internet is a risk, but unless you are the CIA i wouldnt worry about it.

 

Just enable Block Anonymous Internet Requests

You can also set up TCP filtering on the PCs if you want,. just enable the ports that you will use.

[msecure 0]

Thanks Rory. Will try out TZO first.

[CSG 0]

Rory---in no time flat I got my Digiflower (DICO 9206b card) up and running on the net. thanks. now the next question --what can people find out with my port forwarding on in my linksys. can they by pass my camera server and find my other 8 computers? etc.

 

You are usually better off using 1 to 1 NAT and then configuring access rules to deny access to the Lan IP of your DVR, unless its to the port you allow.

 

I would strongly suggest that you test the intergrity of your firewall after modifications by using Shields UP, www.grc.com and run a port probe from your PCs & Server.

 

Then you need to monitor your access logs to see what traffic the router is allowing through.

[Jasper 0]

You can also use MAC address filtering with the LinkSys so only the computers with a known MAC address you type into the router configuration can access network resources through your router.