Port Forwarding Trouble

[YellowYoYo 0]

I bought the Swann 1080p 2-pack from Costco and everything seems to work on my local network. However, I'm having trouble with port forwarding so I can access the cameras externally. I've tried setting my cameras to various different http ports and setup forwarding with my router to the camera's static ip address, but my attempts at external connections time out. I've also tried canyouseeme.org and it also times out with any of the ports I've tried. Any help?

[Securame 0]

What ports did you forward? You need at least 3 ports, web port, data port, RTSP port.

 

You can also try puting your NVR IP as your DMZ host.

[mkkoskin 0]

You might also want to check that your ISP doesnt restrict the usage of the ports you're trying to use.

 

For example, might be worth a try to go with a setup where you connect to external_ip:10000 - :10002, than :81 - :83

 

external_ip:10000 -forwards-to-> cam_ip:80

external_ip:10001 -forwards-to-> cam_ip:554

external_ip:10002 -forwards-to-> cam_ip:8557

 

Or what ever are the ports you use/need. This ofcourse requires your router to support "from port" "to port" configuration. For easier troubleshooting, you should first forward the ports to your pc, then run canyouseemee.org.

[buellwinkle 0]

If you PM me your external wan address (you can use whatsmyip.org to find that), I can run a port scan and tell you what ports are open.

[shockwave199 0]

^^ how do you do that? Details would be great- thanks.

[ak357 0]

^^ how do you do that? Details would be great- thanks.

http://lmgtfy.com/?q=how+to+do+port+scan

[stroonzo 0]

You need to make sure the default gateway setting of the device you're wanting to forward matches your router's/gateway's internal IP address. This is usually 192.168.1.1 but can certainly be different. U-Verse, for example, sets their default gateway to 192.168.1.254 sometimes. If you're not sure, go to a command prompt and type ipconfig. It will indicate your default gateway that computer has established. And if you have internet access, it is probably the right one (especially if it configured for DHCP).

 

Without the device's (camera, DVR, etc...) default gateway setting (within the device's Network setting's tab) matching your actual gateway, the port will not appear to be open (because that device doesn't have internet access if it doesn't know where the gateway is on the internal network).

 

Also be sure you set these devices up with static IP addresses. Making life easier would also include using a router that allows port translation. With port translation, you would be able to maintain the default port setting on each device (for example 80) but set the external port to something else, say 3000. For example, you'd configure your router's port forwarding like this:

 

Device 1

Internal IP (static IP of your device)=192.168.1.180

Incoming port= 3000

Internal Port= 80

 

Device 2

Internal IP (static IP of your device)=192.168.1.181

Incoming port= 3001

Internal Port= 80

 

Once you establish a DynDNS account, you then will be able to map directly to each camera via the port number identified at the end of your DNS. For example: Device 1 would accessed by resolving MyCreativeName.DynDNS.org:3000 and Device 2 would be accessed by resolving MyCreativeName.DynDNS.org:3001.

 

Hope this helps.

[buellwinkle 0]

A port scan will determine if the router is setup correctly which to me is the first step. You can do it yourself, but then you would need to be on someone else's network to do it, can't effectively run it from your own network. The best tool is NMap, Google it, install it, learn to use it, not the most intuitive.

 

Goes without saying that you have to setup the complete TCP/IP information on the cameras including the correct subnet mask and gateway address. Do an ipconfig command on dos if you are running windows or in terminal on a mac, run ifconfig to see what these parameters are on your PC/Mac and use them on the cameras.

[stroonzo 0]

A port scan will determine if the router is setup correctly which to me is the first step.

 

Buellwinkle, this is not so. The port scan will fail if the destination device / IP address is not configured to the gateway, if the destination IP address is wrong (erroneous) or misdirected to a firewalled device, and many other situations.

 

The port forwarding function of a Firewall simply punches a controlled hole into a specified IP address or IP address range inside of the network. If the Gateway on the destination is not configured, there's no response back (because that device doesn't know through which path within the internal network to access the internet to send a reply). Therefore the port scan fails. Trust me. This is a very common oversight on static IP configured devices that are not used to access the internet.

 

On static IP configured PCs, an incorrectly defined gateway is instantly detected due to the lack of internet access. Most people never realize the gateway configuration error on cameras or DVRs since they're not an endpoint used for web browsing.

 

Also know the port scan will fail even when all configurations are correct and the destination IP / device (say a windows 7 PC) has an active firewall on it blocking the port. CanYouSeeMe doesn't look in your router and say Yea or Nay. It sends data out and waits for a response once it reaches an IP address / port combination.

[daveshoot 0]

The port scan will fail if the destination device / IP address is not configured to the gateway, if the destination IP address is wrong (erroneous) or misdirected to a firewalled device, and many other situations.

 

I think that's why it is the first step, rather than the solution? Canyouseeme.org immediately tells you if the port is available. If yes, troubleshoot connection to the port or map the device to the port; if no, troubleshoot connection at the port or change the port.

 

If the web can see the port, it's different than if the port is blocked or not configured, then move down the appropriate line(s) as though it were a flow chart.

 

Still new at this stuff, but that's been working for me.

[thewireguys 3]

Please post a screen shot of the port forwarding page of your router.

[stroonzo 0]

The port scan will fail if the destination device / IP address is not configured to the gateway, if the destination IP address is wrong (erroneous) or misdirected to a firewalled device, and many other situations.

 

I think that's why it is the first step, rather than the solution? Canyouseeme.org immediately tells you if the port is available. If yes, troubleshoot connection to the port or map the device to the port; if no, troubleshoot connection at the port or change the port.

 

If the web can see the port, it's different than if the port is blocked or not configured, then move down the appropriate line(s) as though it were a flow chart.

 

Still new at this stuff, but that's been working for me.

 

It just doesn't work that way. Forget about the "Router" which is most likely a combination Router, Firewall, Switch, Access Point....

 

A firewall does not have any services running on open ports. Therefore opening up ports just on the firewall doesn't mean a port scan is the first step.

 

A port scan will determine if the entire infrastructure is correct (from firewall to device).

 

From the original email, it sounded like the poster was very certain the Port Forwarding was configured correctly on the firewall. If so and no matter if it was, a port scan will still fail and the camera will still be unavailable.

 

A port scanner does not check the firewall. Let me say this again - a port scanner does not check the firewall.

 

A port scanner checks for an open port on a computer / server that has services running on it. The pinhole in the firewall has been placed to allow direct internet access into an internal network to a specific device that has services running on an open port. That is the hit the port scanner is looking for.

 

I'll check out of this discussion now. I have helped all I can. This is all basic networking and I am surprised I have to go to this extent to back up this advice. Maybe it has been some help.

[ak357 0]

 

A port scanner checks for an open port on a computer / server that has services running on it. The pinhole in the firewall has been placed to allow direct internet access into an internal network to a specific device that has services running on an open port. That is the hit the port scanner is looking for.

 

I'll check out of this discussion now. I have helped all I can. This is all basic networking and I am surprised I have to go to this extent to back up this advice. Maybe it has been some help.

 

You absolutely right

lots ppl get confused about this

That how I monitor some of my customers

issuing TCP connections command to specific IP and port (socket connections)

no response usually means problem

then call customer and let them know