IP Camera Port Forwarding Made Simple

One of the many benefits of IP cameras is their ability to act independently of a PC. Being a standalone device you simply plug it into a broadband enabled router and you can access your camera’s images from anywhere in the world. It is not uncommon for people to use cameras to keep an eye on their home, elderly relatives, driveways or even pets and they can do so from work, from holiday or even from another country.

Here at Network Webcams Tech HQ we find that most people run into a snag which prevents them from being able to access their camera over the Internet. By default if you try and gain access to your home network from anywhere on the internet you will find that the firewall in your router will block you. This is great for your everyday security but not so great when you want to view your camera, or at least test it from home. You can get around this problem by using a technique known as ‘Port-Forwarding’.

In this article I will explain just what that means and point out the things to consider when setting up your IP camera for remote Internet access.

There are 3 main areas you have to consider when setting up external access to your camera:

* Local Area Network (LAN)
* Firewall
* Wide Area Network (WAN)

Topology Example

I will look at these in order. In the Local Area Network section I will discuss how to set up the camera in preparation for external access. In the Firewall section I will look at configuring your router to allow incoming traffic from the Internet and finally in the Wide Area Network section I discuss how you access your camera from another computer on the Internet.

Local Area Network (LAN)

The Local Area Network is basically your computer equipment you have at home. This could include one or more computers/laptops, a router which is plugged into the phone line and of course your network camera. On the Local Area Network side of things we need to set up the camera in preparation for external access. Let’s take a look at the following items which need to be considered when preparing your camera:

1. Set up our camera with a static local IP address
2. Input the correct subnet mask and default gateway addresses
3. Set up your DNS server addresses
4. Configure the port number

1. Static IP

If you allow the network to automatically allocate an IP address to the camera each time you turn it on then chances are the address could change. You really want to ‘fix’ the IP address in the camera so that it never changes because when you configure the router you will point to the camera’s IP address. If this keeps changing then the rules in the router will break and not function. Remember that local IP addresses have to be unique for every device or you may find devices will clash and fail to communicate. You will be able to set a ’static’ IP address in your camera. Some cameras will use the word ’static’ while other cameras will say something like ‘use this IP address’. Consult you camera’s manual for the correct configuration.

2. Subnet Mask / Default Gateway

The subnet mask will almost always be 255.255.255.0 (known as Class C). This gives the average home user 254 useful addresses to allocate to their home network, which is more than enough.

The Default Gateway (sometimes called Default Router) is nothing more than the local IP address of your router.

Make sure both of these are entered into the camera when you are entering the static IP address.

3. DNS Server Addresses

There will normally be 2 of these in your camera (but not always). DNS servers take the names we give websites and translate them to their source IP addresses. It means we don’t have to remember lots of complicated numbers and can visit websites and networks by name instead of number. For example the URL http://www.google.co.uk translates to it’s original IP: 209.85.135.147. Without DNS translation you will find that your camera will be unable to FTP or email correctly as it won’t be able to translate the domain names.

Your DNS server addresses come from your ISP and should be detailed on the letter you received when you first connected to the service. If you don’t know what they are then you can input your router’s local IP address in the DNS server 1 (or Primary DNS server) position and the router will do it automatically for you.

4. Configure the port number

Typically when one computer communicates with another computer over a network the information is carried using a specific port number. Many ports have specific uses such as email or FTP and a full list of common ports is available on the Internet. It’s not so important to know the full list though you’ll be glad to hear…

You will find that the majority of network devices which are accessible using an Internet browser will be set as standard to port 80, including IP cameras and routers etc. This is due to the standard port for HTTP, or information being displayed through an browser, being port 80.

I would advise that you alter the default port number in the camera to something which is not being used in the list of common ports. We do this for a number of reasons. Like local IP addresses, port numbers have to be unique. If you have your camera on port 80 and your router on port 80 you will only be able to access one of these devices from the Internet using this method. It is also to promote security to your network. It will keep the camera safer if someone was to attempt to maliciously enter your network as it won’t be on the standard port. Don’t worry though, even if someone did find a camera on your network it will be password protected and almost impossible to access without the password.

Remember also that when changing to a custom port number the URL for your camera will change both internally and externally. For example if we changed our camera on http://192.168.0.90 from port 80 to port 4440 we would have to use http://192.168.0.90:4440 to connect to the camera, specifying the port number explicitly at the end of the IP address. This is the same for accessing the camera externally.

Firewall

The firewall in your router does a good job of blocking unwanted traffic to your network. A good analogy is to think of it as a reception desk in a hotel. To gain entry to your room you must first speak to reception who will check you in and give you a key. If you attempt to enter a room unauthorised you will be stopped and ejected from the building (unless you sneak in through the backdoor, or dressed as a maid, but that’s a whole other blog post ;-) ).

What we ultimately want is to allow access to your camera from anywhere on the internet but stop all other unsolicted attempts to access your network. We do this by adding a firewall rule to your router.

Now we’re afraid there just isn’t enough room on this blog entry to provide port-forwarding instructions for every make and model of router but the general principle is the same for all. That principle is:

For any WAN user accessing your camera port >> allow access and forward them to your camera’s local IP address

You will be able to find instructions for your specific make and model of router from this great website:

http://www.portforward.com/english/routers/port_forwarding/routerindex.htm

And you can see full instructions for a Netgear DG834 router below as an example:

HOWTO: Set Up External Access to Your Camera Using a Netgear Router

Wide Area Network (WAN)

The Wide Area Network (WAN) is essentially the Internet. When it comes to accessing your camera from the Internet you need to know what your external IP address will be. This will be your unique address for your network which you can use from anywhere on the Internet and it is known as your ‘public IP address’.

You can find out what your public IP address is by asking your ISP as they allocate you one when you sign up for your Internet service, or each time you connect. You can also find out for yourself by visiting the following website: http://www.whatismyip.com. The site will show you the public IP from the network you view the site on.

Dynamic IP vs Static IP

Unfortunately most home domestic broadband accounts will have a dynamic public IP. This means that your address will change periodically which could prove problematic when trying to access your network from the internet.

There are two ways to get around this problem.

1. Static IP
2. Dynamic DNS

1. Static IP

The ideal scenario is that you recieve a static IP address from your ISP. They can normally do this pretty easily but there will probably be a small charge for the service. This means that your public IP address will never change so you should have no trouble connecting to your network externally.

2. Dynamic DNS

This provides you with a means to give your public IP address a meaningful name while in the background it will track any changes to your public IP address automatically.

A wide range of routers will support this function and offer connections with leading dynamic DNS services on the Internet such as DynDNS or No-IP. These services are normally free to use.

Alternatively some IP cameras, notably Panasonic and Axis, have their own dynamic DNS services built-in and come as part of the initial set up procedure of the camera.

For more information about Dynamic DNS please read our blog article: Dynamic DNS, or Do I Really Need a Static IP Address?

See our HOWTO: guide for setting up your Axis camera with their Axiscam.net service: HOWTO: Register your Camera with Axiscam.net

Accessing your camera

Once you know your public IP address then accessing your camera should be easy from here on. Simply type in your address from anywhere on the Internet, remembering to specify the port number if it’s anything other than 80, and you should have access to your camera! An example would look something like: ‘http://mycamera.viewnetcam.com:4440′ which would be a Panasonic IP camera configured for access on Port 4440 and set up using Panasonic’s dynamic DNS service ‘Viewnetcam.com’.

NAT Loopback

One last thing to note. When accessing your camera using your public IP address you may run into a small problem known as NAT Loopback. What this generally means is that if you try to access your camera using your public IP address from the same network the camera is plugged into then you will find that you may not be able to connect. This is fairly normal and it’s quite common for your router to block this kind of traffic.

The only real way to remedy this is to have a router which supports a NAT Loopback function, such as a Draytec Vigor 2600, so the first thing to do is check for that. If it doesn’t then you will have to use your local IP address to access your camera from the local network and use your public IP address to access your camera from anywhere else from the Internet.

And that forms the basics of Port-Forwarding…

P.S. INTERESTING READING ALSO AT :

http://portforward.com/english/routers/port_forwarding/routerindex.htm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s