+ Post New Thread
Results 1 to 8 of 8
Wired Networks Thread, IP camera VLAN and opening port 80 in Technical; Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my ...
  1. #1

    Join Date
    Jun 2012
    Posts
    3
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    IP camera VLAN and opening port 80

    Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my proposed video DVR/server (the DVR software requires it). I know that I would have to login using username and password but by opening up port 80, I'll essentially exposing the rest of my network to the internet.

    I have a netgear prosafe router and netgear 7224 POE 24 port switch which would allow me to set up a VLAN for the IP POE camera network. Can I open up port 80 specifically only for the IP camera VLAN? The DVR has a single NIC. If I was using computers on my network (INTRAnet) to access to video management software, how would I tie in access to the VLAN but again leaving the rest of my network protected? If I was able to add a second NIC to the DVR, would I just connect the second NIC is plugged into a normal port (non-VLAN) so that the authorized users can connect to it from the desktop app or phone app. Would I still have to open up port 80 on the normal (non-VLAN) network for off-site access??

    Thanks

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,342
    Thank Post
    242
    Thanked 1,602 Times in 1,278 Posts
    Rep Power
    346
    I'm speculating you don't have access to the internet at all then on your network? Typically ports 80 and 443 and a handful of others are open on correctly configured firewalls.

    If you created a separate VLAN, you should be able to only allow devices connected to a specific Ethernet port/switch port to connect to the internet. Thinking about it, you shouldn't need a separate VLAN at all to keep things even more simple.

  3. Thanks to Michael from:

    ERDrPC (28th June 2012)

  4. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    set a port forward on your firewall.

    Personaly I would use a non standard port on the outside world mapped to port 80 on the inside


    Out.Side.IP.Address:4080 > IP.TV.IP.Address:80

    to reduce the number of hits on it by random people.

    Rob

  5. Thanks to twin--turbo from:

    ERDrPC (28th June 2012)

  6. #4

    Join Date
    Jun 2012
    Posts
    3
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'm acting as my own IT guy so bare with me. I do have access to the web. I have the prosafe router and prosafe 7224 switch. I'd like to keep the IP camera traffic separate from my intranet traffic. I hear stories about how bad is it to use port forwarding and that VPN should always be used. I will be using exacq software on the DVR. I've copied the instructions from the exacq web service setup: If you want to allow clients from outside your local area network access your exacqVision Web Service, you must change your router settings to forward port 80 to the Web Service

    I'm concerned about the security pitfalls of forwarding port 80 to the exacq websevice. Would this mean all of my web traffic would go thru the webservice prior leaving my home (http, general web surfing)??
    Last edited by ERDrPC; 26th June 2012 at 08:34 PM. Reason: typo

  7. #5

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    This is for an incomming connection from the outside world to the DVR. it will not affect your web browsing. all it would affect if it was on port 80 is any webserver you have (but I am guessing you don't)

    at pressent , what happens if from the outside world you go to the public IP of your router in a web browser?

    Do you have a static Public IP address???

    Rob

  8. Thanks to twin--turbo from:

    ERDrPC (28th June 2012)

  9. #6

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    341
    Thank Post
    3
    Thanked 72 Times in 57 Posts
    Rep Power
    38
    Im presuming your router allows inter VLAN routing / being able to assign different policies between VLAN networks? if so allow port 80 remotely and forward it to the IP camera (or put it on a weird port which is also a good idea). Then only allow one way traffic from your normal computer VLAN (i.e. nat on this interface). You should be able to also specify only certain computers on your network having access to the LAN IP of the camera.

    Alternatively put the IP Camera in a proper DMZ.

    I don't know the netgear router / firewall you're refering to specifically but I know you can do this on the Fortigate firewalls we provide to schools

    Good luck

    Dave

  10. Thanks to SchoolsBroadband from:

    ERDrPC (28th June 2012)

  11. #7

    Join Date
    Jun 2012
    Posts
    3
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the suggestions. I'm a novice when it comes to this stuff.

    Could I login into a VPN from my BB and then use the excaq app as if I'm connected from my home network?I guess I don't fully understand how the VPN would work. Can I only log into a VPN from another wireless lan or can I use it over a 3G mobile network? I'm only on a BIS network so I'm not even sure if I can use VPN with my BB 9780.

    I would this KB article explaining how to set up a VPN with my router http://kb.netgear.com/ci/fattach/get...PN%20guide.pdf

    If it's that easy then I can set up the VPN. I just don't want to spend $$$ on my IP camera system and not have it secured.

  12. #8

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    151
    VPN should work yes. Depends on your data package on the BB>

    Rob



SHARE:
+ Post New Thread

Similar Threads

  1. IP cameras
    By ChrisH in forum Hardware
    Replies: 43
    Last Post: 12th June 2008, 12:23 PM
  2. IP Camera - Network degradation
    By Simcfc73 in forum Hardware
    Replies: 13
    Last Post: 24th April 2008, 04:09 PM
  3. XAMPP and Skype-Port 80/443
    By SimpleSi in forum General Chat
    Replies: 2
    Last Post: 12th April 2008, 06:44 PM
  4. Replies: 3
    Last Post: 19th February 2008, 11:13 PM
  5. Problems with Promethean boards and USB ports
    By tosca925 in forum Windows
    Replies: 12
    Last Post: 16th November 2005, 12:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •