Setting up IP camera external access - AVS Forum
Forum Jump: 
 
Thread Tools
post #1 of 6 Old 06-26-2012, 10:52 AM - Thread Starter
Member
 
pchannan's Avatar
 
Join Date: Aug 2009
Posts: 64
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my proposed video DVR/server. I know that I would have to login using username and password but by opening up port 80, I'll essentially exposing the rest of my network to the internet.

I have a netgear prosafe router and netgear 7224 POE 24 port switch which would allow me to set up a VLAN for the IP POE camera network. Can I open up port 80 specifically only for the IP camera VLAN? If I was using computers on my network (INTRAnet) to access to video management software, how would I tie in access to the VLAN but again leaving the rest of my network protected?

Thanks
pchannan is offline  
Sponsored Links
Advertisement
 
post #2 of 6 Old 06-26-2012, 08:36 PM
Member
 
Mizzer-d's Avatar
 
Join Date: Jan 2011
Posts: 66
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 11
Personally, I would not open port 80 nor mess with the VLANs. Instead, I'd opt for a good VPN (IPsec or OpenVpn, for example) and be done with it. You'll have a secure connection and you'll be able to access anything on your LAN -- not just the camera(s). (Of course you need to open the ports for those but I trust them more too. )

If you try to go the VLAN route, you need to carefully plan how packets will be tagged and/or untagged for the VLAN. It's easy to get odd behavior and, if it's not documented, you'll be scratching (or banging) your head wondering where it all went wrong. Without providing more detail, it will be difficult to get help with it too.

Good luck.
Mizzer-d is offline  
post #3 of 6 Old 06-27-2012, 12:09 PM
Senior Member
 
az1324's Avatar
 
Join Date: Dec 2004
Posts: 355
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Liked: 19
Quote:
by opening up port 80, I'll essentially exposing the rest of my network to the internet

How do you figure? By forwarding port 80 you enable the outside world to communicate with a single endpoint on your LAN (your DVR). Someone would have to use a software exploit on the DVR to get access to the rest of your network.

VPN is safer and you can find a cheap openwrt/ddwrt router to let you do it but port forwarding doesn't automatically compromise your network.
az1324 is offline  
post #4 of 6 Old 06-28-2012, 06:19 AM - Thread Starter
Member
 
pchannan's Avatar
 
Join Date: Aug 2009
Posts: 64
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 10
I cannot use a cheap openwrt. I have three APs setup in a central managed wireless solution. I have the prosafe router which allows VPN but I can't figure out if the exacq DVR can use it. I know I can set up SSL but that means buying a private certificate and managing it. I need the excaq app to monitor from a blackberry.

Could I login into a VPN from my BB and then use the excaq app as if I'm connected from my home network?I guess I don't fully understand how the VPN would work.

I would this KB article explaining how to set up a VPN with my router http://kb.netgear.com/ci/fattach/get/24/1238600539/redirect/1/session/L2F2LzEvdGltZS8xMzQwODg5MTY0L3NpZC95SDhrcE9faw==/filename/Client-Box%20VPN%20guide.pdf

If it's that easy then I can set up the VPN. I just don't want to spend $$$ on my IP camera system and not have it secured.

Thanks again
pchannan is offline  
post #5 of 6 Old 06-28-2012, 08:32 AM
AVS Club Gold
 
fcwilt's Avatar
 
Join Date: Aug 2007
Location: Smith Mountain Lake, VA
Posts: 1,073
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Liked: 19
Does your router support remote logins?

I have a separate username and password for each person that needs to access one of the cameras.

Then port forwarding is used to control which camera is accessed.

I can specify any port number for the WAN side which then gets mapped to the correct address and port number on the LAN side.

So one camera might be accessed using port number 12345 and another camera at 54321.

Regards, Frederick C. Wilt
fcwilt is offline  
post #6 of 6 Old 06-28-2012, 12:31 PM
Senior Member
 
az1324's Avatar
 
Join Date: Dec 2004
Posts: 355
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Liked: 19
Quote:
Could I login into a VPN from my BB and then use the excaq app as if I'm connected from my home network?I guess I don't fully understand how the VPN would work.

Yes that's exactly how it works. Once you are connected via VPN your client device thinks it is on your home network so there is no need for other devices to be specifically VPN compatible. The only inconvenience is that ALL your device's traffic then goes through the VPN even if it is going out to the internet. But turning VPN on and off when you need it is a minor task so it shouldn't be too inconvenient in most circumstances.
Quote:
I know I can set up SSL but that means buying a private certificate and managing it.

Why couldn't you use a self signed certificate and load it onto each client device that will be connecting?
az1324 is offline  
Reply Home Automation

User Tag List

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off