Difference between revisions of "Port Forward"

From IC Realtech Wiki
Jump to: navigation, search
Line 212: Line 212:
 
|}
 
|}
  
 +
[[File:Forward-ports-with-two-routers-ip-addresses-labeled-networks-divided.jpg|200px|thumb|right|Multiple Router IP Setup Example]]
  
'''Step 4''' After creating your port forwarding on Router 2
+
'''Step 4''' After creating your port forwarding on Router 2 which the recorder is connected to the next step is port forwarding on Router 1. In order to access Router 1 while connected to Router 2, you can log into your routers web interface and look at its network settings. You will be looking for the WAN Address with the WAN Gateway. Take note of both the WAN IP address and the gateway. The WAN Gateway will be the address that you can use to access Router 1. The WAN IP address will be the address of Router 2 connected to Router 1 which we will be doing the port forwarding to. Put the IP address into a browser and log into the router.
 +
 
 +
'''Step 5''' Locate the port forwarding rule section like before.

Revision as of 21:06, 22 May 2018

The aim of this guide is to cover the general steps for port forwarding, where to locate the port numbers, define protocols as well as provide useful tools.

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.


Protocols

TCP: The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major Internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP.

  • ICRealtime Remote Client Software and Phone Application use TCP port to communicate with ICRealtime Recorders and Cameras.

UDP: User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network; There is no guarantee of delivery, ordering, or duplicate protection. Applications that do not require reliable data stream service may use the User Datagram Protocol (UDP), which provides a connectionless datagram service that emphasizes reduced latency over reliability.

HTTP: Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext.

  • HTTP is a plain text protocol and is not recommended to have port forwarded for recorders as it may lead to vulnerabilities. Recommended using HTTPS for web access externally. More on Cyber Security

HTTPS: HTTP Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted by Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL.

RTSP: Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between endpoints.

In the CCTV industry, this is usually used for integration or communicating over ONVIF protocol when compression mode is H264.

Ports

The default ports for ICRealtime Recorders and IP Cameras:

Protocol Default
TCP Port 32789/37777
UDP Port 37778
HTTP Port 80
HTTPS Port 443
RTSP Port 554

Web Interface

Step 1: Login in through the web interface by opening Internet Explorer IE-Icon.jpg and type the IP address of the recorder into the address bar.

Step 2: Click on Setup at the top of the page.

Step 3: Click on NETWORK and under network select CONNECTION.

On this page, you will see the port numbers that each port is set to. You can change the port from the default port to any other port you would like by typing it in the appropriate field and select Save

Local Interface

Step 1: Right click with the mouse and select Main Menu from the drop-down list.

Step 2: Navigate to Settings and select Network.

Step 3 Depending on the recorder you have the menu may vary. Either the ports will be identified at the bottom of the same page with the IP address information or on the left side list there will be underneath TCP/IP will say either Connections or Ports.


SmartICRSS Remote Client Software

Step 1: Open Smart ICRSS and select Device Setup from the Home Page.

Step 2: Inside Device Setup, Select your device on the left. Then Select Network

Step 3: Once the Network window opens select Connect. The ports will be displayed here for you.


Port Forwarding Steps

In order to port forward, you need to first determine how many firewalls you will need to pass through or the type of network you have. In most cases, you will have a single cable modem + router combo from the Internet Service Provider (ISP). In these events, you will only have just the one modems firewall you need to have the connection to pass through. In other cases you will have is multiple firewalls that you need to pass through (Example: ISP Cable Modem Combo + 3rd Party Wifi Router) in which case you will need to do cascade port forwarding.

Some companies have managed Networks. In the event the network is managed you will need to contact the IT staff or company managing the network

Single Firewall

Step 1: In order to port forward, we will need to access the router. The easiest way to locate the router address would be to open a command prompt on windows and type in IPCONFIG. In order to bring up a command prompt, press the windows key on your keyboard and type in the search bar CMD. In the information provided it will report back what the Default Gateway is currently set to (Ex. 192.168.1.1/10.1.1.1). Open a web browser and type the IP Address of the Default Gateway. It should bring you to the routers login page if not then the routers page is hidden and most likely managed. If it is a managed network consult the IT staff managing it. Some network device requires programs to access the router or other special means in which case consult your network device's manual.

Step 2: Once you are logged into the router you need to navigate to the port forwarding section. Generally, the port forwarding can be found under Advanced, Security, Firewall, NAT Gaming. Some devices will have a quick link on there home page to Port Forwarding. If you need help locating the port forwarding section in your device you can either consult the network devices manual or go to PortForward.com.

  • PortForward.com is a website that helps walking through port forwarding on network devices. They have a large list of network device manufacturers. Select the manufacturer of your device and then when on the new page there will be a list of models. Select your model and they have a step by step guide for most devices port forwarding steps that you could follow.


Step 3 On the port forwarding page we are going to add a new port forwarding rule. Depending on your router there will be Add New Service or Add Custom Service button. For the fields you will generally have the following:

Service Name: The service name can be named anything you want. Generally, it is recommended to use something that will help identify what it is for anyone who looks in the router. Example: NVR TCP or DVR TCP.

Service Type: The service type is to identify what type of protocol if will follow. ICRealtime software communicates with the recorder over its TCP port. For remote access, we will be setting the service type to either TCP or Both (TCP/UDP).

External Starting Port: Starting port number that will be opened to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

External Ending Port: Ending port number that will be opened to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal Starting Port: Starting port number that will be opened in your network to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal Ending Port: Ending port number that will be opened in your network to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal IP Address: The IP Address of the device that the port is being opened for. In this case, it would be the IP Address of the recorder.

External IP Address: Used to specific access only from someone accessing it with a specific WAN IP address. Generally, this is left blacked or set to Any.


Example:

Field Default
Service Name NVR TCP
Service Type TCP
External Starting Port 32789
External Ending Port 32789
Internal Starting Port 32789
Internal Ending Port 32789
Internal IP Address 192.168.1.108
External IP Address ANY


Step 4 After creating your port forwarding rule the next step is to test to make sure it is showing up as open. There are many sites that can be used to check it. You can use canyouseeme.org or yougetsignal.com. Once on the website, it will show your current WAN IP Address and there will be a field to enter a port number by default it will be 80. Put the port number in and select test. If the port is open properly it will come back saying Success the port is open. If it comes back as failed or closed then you must go and verify your port forwarding rules. Some routers require a power cycle to apply the settings.


Two or More Firewalls (Cascade Port Forward)

Multiple Router Setup Example

Every router has both an external IP address and an internal IP address. The external IP address is generally described as your WAN (Wide Area Network) and the internal IP address would be its LAN address. The LAN address would be used to access the router. The first several steps are the same as single port forward as we will need to just do this twice. The first port forward will point to the recorder or camera. The second port forward will be done on Router 1 pointing to Router 2 WAN Address (External Address).


Step 1: In order to port forward, we will need to access the router. The easiest way to locate the router address would be to open a command prompt on windows and type in IPCONFIG. In order to bring up a command prompt, press the windows key on your keyboard and type in the search bar CMD. In the information provided it will report back what the Default Gateway is currently set to (Ex. 192.168.1.1/10.0.0.1). Open a web browser and type the IP Address of the Default Gateway. It should bring you to the routers login page if not then the routers page is hidden and most likely managed. If it is a managed network consult the IT staff managing it. Some network device requires programs to access the router or other special means in which case consult your network device's manual.


Step 2: Once you are logged into the router you need to navigate to the port forwarding section. Generally, the port forwarding can be found under Advanced, Security, Firewall, NAT Gaming. Some devices will have a quick link on there home page to Port Forwarding. If you need help locating the port forwarding section in your device you can either consult the network devices manual or go to PortForward.com.

  • PortForward.com is a website that helps walking through port forwarding on network devices. They have a large list of network device manufacturers. Select the manufacturer of your device and then when on the new page there will be a list of models. Select your model and they have a step by step guide for most devices port forwarding steps that you could follow.


Step 3 On the port forwarding page we are going to add a new port forwarding rule. Depending on your router there will be Add New Service or Add Custom Service button. For the fields you will generally have the following:

Service Name: The service name can be named anything you want. Generally, it is recommended to use something that will help identify what it is for anyone who looks in the router. Example: NVR TCP or DVR TCP.

Service Type: The service type is to identify what type of protocol if will follow. ICRealtime software communicates with the recorder over its TCP port. For remote access, we will be setting the service type to either TCP or Both (TCP/UDP).

External Starting Port: Starting port number that will be opened to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

External Ending Port: Ending port number that will be opened to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal Starting Port: Starting port number that will be opened in your network to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal Ending Port: Ending port number that will be opened in your network to the outside. It is recommended to do direct port to port. The starting and ending port will be the same number.

Internal IP Address: The IP Address of the device that the port is being opened for. In this case, it would be the IP Address of the recorder.

External IP Address: Used to specific access only from someone accessing it with a specific WAN IP address. Generally, this is left blacked or set to Any.


Example:

Field Default
Service Name NVR TCP
Service Type TCP
External Starting Port 32789
External Ending Port 32789
Internal Starting Port 32789
Internal Ending Port 32789
Internal IP Address 192.168.1.108
External IP Address ANY
Multiple Router IP Setup Example

Step 4 After creating your port forwarding on Router 2 which the recorder is connected to the next step is port forwarding on Router 1. In order to access Router 1 while connected to Router 2, you can log into your routers web interface and look at its network settings. You will be looking for the WAN Address with the WAN Gateway. Take note of both the WAN IP address and the gateway. The WAN Gateway will be the address that you can use to access Router 1. The WAN IP address will be the address of Router 2 connected to Router 1 which we will be doing the port forwarding to. Put the IP address into a browser and log into the router.

Step 5 Locate the port forwarding rule section like before.