Question about setting up IP camera external access. I'm concerned about opening up port 80 for web access to my proposed video DVR/server (the DVR software requires it). I know that I would have to login using username and password but by opening up port 80, I'll essentially exposing the rest of my network to the internet.
I have a netgear prosafe router and netgear 7224 POE 24 port switch which would allow me to set up a VLAN for the IP POE camera network. Can I open up port 80 specifically only for the IP camera VLAN? The DVR has a single NIC. If I was using computers on my network (INTRAnet) to access to video management software, how would I tie in access to the VLAN but again leaving the rest of my network protected? If I was able to add a second NIC to the DVR, would I just connect the second NIC is plugged into a normal port (non-VLAN) so that the authorized users can connect to it from the desktop app or phone app. Would I still have to open up port 80 on the normal (non-VLAN) network for off-site access??
I'm speculating you don't have access to the internet at all then on your network? Typically ports 80 and 443 and a handful of others are open on correctly configured firewalls.
If you created a separate VLAN, you should be able to only allow devices connected to a specific Ethernet port/switch port to connect to the internet. Thinking about it, you shouldn't need a separate VLAN at all to keep things even more simple.
I'm acting as my own IT guy so bare with me. I do have access to the web. I have the prosafe router and prosafe 7224 switch. I'd like to keep the IP camera traffic separate from my intranet traffic. I hear stories about how bad is it to use port forwarding and that VPN should always be used. I will be using exacq software on the DVR. I've copied the instructions from the exacq web service setup: If you want to allow clients from outside your local area network access your exacqVision Web Service, you must change your router settings to forward port 80 to the Web Service
I'm concerned about the security pitfalls of forwarding port 80 to the exacq websevice. Would this mean all of my web traffic would go thru the webservice prior leaving my home (http, general web surfing)??
Last edited by ERDrPC; 26th June 2012 at 07:34 PM.
This is for an incomming connection from the outside world to the DVR. it will not affect your web browsing. all it would affect if it was on port 80 is any webserver you have (but I am guessing you don't)
at pressent , what happens if from the outside world you go to the public IP of your router in a web browser?
Im presuming your router allows inter VLAN routing / being able to assign different policies between VLAN networks? if so allow port 80 remotely and forward it to the IP camera (or put it on a weird port which is also a good idea). Then only allow one way traffic from your normal computer VLAN (i.e. nat on this interface). You should be able to also specify only certain computers on your network having access to the LAN IP of the camera.
Alternatively put the IP Camera in a proper DMZ.
I don't know the netgear router / firewall you're refering to specifically but I know you can do this on the Fortigate firewalls we provide to schools
Thanks for the suggestions. I'm a novice when it comes to this stuff.
Could I login into a VPN from my BB and then use the excaq app as if I'm connected from my home network?I guess I don't fully understand how the VPN would work. Can I only log into a VPN from another wireless lan or can I use it over a 3G mobile network? I'm only on a BIS network so I'm not even sure if I can use VPN with my BB 9780.