Wired Networks Thread, IP camera VLAN and opening port 80 in Technical; Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my ...
26th June 2012, 08:07 PM #1
- Rep Power
IP camera VLAN and opening port 80
Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my proposed video DVR/server (the DVR software requires it). I know that I would have to login using username and password but by opening up port 80, I'll essentially exposing the rest of my network to the internet.
I have a netgear prosafe router and netgear 7224 POE 24 port switch which would allow me to set up a VLAN for the IP POE camera network. Can I open up port 80 specifically only for the IP camera VLAN? The DVR has a single NIC. If I was using computers on my network (INTRAnet) to access to video management software, how would I tie in access to the VLAN but again leaving the rest of my network protected? If I was able to add a second NIC to the DVR, would I just connect the second NIC is plugged into a normal port (non-VLAN) so that the authorized users can connect to it from the desktop app or phone app. Would I still have to open up port 80 on the normal (non-VLAN) network for off-site access??
26th June 2012, 08:16 PM #2
I'm speculating you don't have access to the internet at all then on your network? Typically ports 80 and 443 and a handful of others are open on correctly configured firewalls.
If you created a separate VLAN, you should be able to only allow devices connected to a specific Ethernet port/switch port to connect to the internet. Thinking about it, you shouldn't need a separate VLAN at all to keep things even more simple.
26th June 2012, 08:29 PM #3
set a port forward on your firewall.
Personaly I would use a non standard port on the outside world mapped to port 80 on the inside
Out.Side.IP.Address:4080 > IP.TV.IP.Address:80
to reduce the number of hits on it by random people.
Thanks to twin--turbo from:
26th June 2012, 08:33 PM #4
- Rep Power
I'm acting as my own IT guy so bare with me. I do have access to the web. I have the prosafe router and prosafe 7224 switch. I'd like to keep the IP camera traffic separate from my intranet traffic. I hear stories about how bad is it to use port forwarding and that VPN should always be used. I will be using exacq software on the DVR. I've copied the instructions from the exacq web service setup: If you want to allow clients from outside your local area network access your exacqVision Web Service, you must change your router settings to forward port 80 to the Web Service
I'm concerned about the security pitfalls of forwarding port 80 to the exacq websevice. Would this mean all of my web traffic would go thru the webservice prior leaving my home (http, general web surfing)??
Last edited by ERDrPC; 26th June 2012 at 08:34 PM.
26th June 2012, 08:39 PM #5
This is for an incomming connection from the outside world to the DVR. it will not affect your web browsing. all it would affect if it was on port 80 is any webserver you have (but I am guessing you don't)
at pressent , what happens if from the outside world you go to the public IP of your router in a web browser?
Do you have a static Public IP address???
Thanks to twin--turbo from:
26th June 2012, 09:31 PM #6
Im presuming your router allows inter VLAN routing / being able to assign different policies between VLAN networks? if so allow port 80 remotely and forward it to the IP camera (or put it on a weird port which is also a good idea). Then only allow one way traffic from your normal computer VLAN (i.e. nat on this interface). You should be able to also specify only certain computers on your network having access to the LAN IP of the camera.
Alternatively put the IP Camera in a proper DMZ.
I don't know the netgear router / firewall you're refering to specifically but I know you can do this on the Fortigate firewalls we provide to schools
Thanks to SchoolsBroadband from:
28th June 2012, 03:54 PM #7
- Rep Power
Thanks for the suggestions. I'm a novice when it comes to this stuff.
Could I login into a VPN from my BB and then use the excaq app as if I'm connected from my home network?I guess I don't fully understand how the VPN would work. Can I only log into a VPN from another wireless lan or can I use it over a 3G mobile network? I'm only on a BIS network so I'm not even sure if I can use VPN with my BB 9780.
I would this KB article explaining how to set up a VPN with my router http://kb.netgear.com/ci/fattach/get...PN%20guide.pdf
If it's that easy then I can set up the VPN. I just don't want to spend $$$ on my IP camera system and not have it secured.
28th June 2012, 04:42 PM #8
VPN should work yes. Depends on your data package on the BB>
By ChrisH in forum Hardware
Last Post: 12th June 2008, 12:23 PM
By Simcfc73 in forum Hardware
Last Post: 24th April 2008, 04:09 PM
By SimpleSi in forum General Chat
Last Post: 12th April 2008, 06:44 PM
By Tiger in forum MIS Systems
Last Post: 19th February 2008, 11:13 PM
By tosca925 in forum Windows
Last Post: 16th November 2005, 12:14 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)