BeeJ said:
I have a Panasonic BLC1A camera that I am trying to set up.
Router is a Amped R20000G. Laptop is Win XP Pro latest update.
I think there are several ways to do this but am not sure what exactly
to do. I am trying to follow the setup software provided but keep failing.
The install software and docs are not easily understood by me.
Method 1 uses uPnP. I have to enable uPnP in my router and use a web
server provided by Panasonic (if it still exists) to provide a fixed IP
address so I can access the cam from anywhere.
But I understand that using uPnP is dangerous as a back door. Is that
true or is it a matter of setting something up properly? How do I do that?
Method 2 (not sure if I understand this) is to somehow use a fixed IP
address (how do I get this) and then allow the router to pass
communications through the router to the fixed IP address. How do I do
that? I only know of the local IP address based on 192.168.3.253.
Any help or terminology to study please.
BeeJ sitting in McDonalds ----- Broadband Modem ---- BLC1A IP camera
wanting to "watch house" and Router web server
Port forwarding, <--- data stream
port 80 etc.
5000Kbit/sec --->
<--- 800Kbit/sec
1) Your ISP has a Terms of Service (TOS). It states what applications
you can use. Operating a "server" on your home LAN, port forwarding
or using DMZ so it is visible outside, is against the TOS of a
home Internet account. If you buy a business account instead, it
is allowed.
2) In the diagram, the "good" direction is the 5000 download rate.
However, when you run a server, that uses bandwidth in the
other direction (800). That may be too slow for a high res
compressed video stream. A business account can have symmetric
bandwidth, like 5000 down, 5000 up, and then you can Skype or
IP cam to quite a high res. My ISP sells me 800, when the actual
rate is 300 to 400. The service guarantee says "up to 800",
not "exactly 800".
3) Port Forwarding or using DMZ on the router, exposes you to
the Internet. Not only can BeeJ in McDonalds send packets to
the camera, *I* can send packets to the camera. I will sit
there, trying to brute force the password on the camera. I'm
a badd ass script kiddie. See the exposure ? When you don't
open ports on the router, the router takes most of the
abuse from script kiddies like myself, and the LAN side is
relatively safe (NAT, stateful packet inspection).
4) The ISP has a packet classifier. It can detect attempts to
run a mail server, on *any* port number, and close that
port, all fully automatically. It's not even a matter of
the ISP "noticing" what you're doing. Policy enforcement
is done with hardware. The ISP can check the logs later.
No need for an "operator" to scan your activities, like
a security guard. Hardware does it instead.
Your IP cam, being a web server, may run on Port 80. You
were probably thinking "well, if I use port 9000 instead,
they'll never notice". Packets have recognizable characteristics,
and HTTP protocol can likely be sniffed. They could immediately
spot a web server and close the port number. On my
previous ISP, the classifier opens the port after you
stop abusing it, about 15 minutes later. That's how long
a response from the box lasts, when it detects a policy
violation.
Even when a user has a business Internet account, rule
still apply. Generally, the ISP does not put all the port
rules in writing. You only discover, as a businessman,
that you can't run your own mail server. The tech support
may not choose to verify any "rules" with regard to what
port number or protocols are policed. For example, some
classifier schemes, interfere with BitTorrent traffic. When
my ISP first got their classifier "God Box", it was even
sending RST packets for regular traffic! (That causes
random connection problems while surfing.) RST packets
are normal, except when you get too many of them, as
a response from too many different servers. Then you suspect
they're faked by the ISP.
5) To set things up, you use Dynamic DNS, where your ISP
assigned IP address, has a "name" associated with it. You
use a DynDNS service, to update the info, so you don't have
to record the current public IP address manually. The rest of
the procedure, you can follow the manual for that.
http://en.wikipedia.org/wiki/Dynamic_DNS
(DNS lookup)
BeeJ.camera.com ---> 207.49.17.23 ---> router,uPnP ---> 192.168.2.100
port 80
The 207.49.17.23 is the IP address from the ISP DHCP server,
and that number changes every time you set up a DHCP lease
(i.e. start a session). DynDNS takes the current 207.49.17.23
number, and sends it via a DNS service, so that the mapping
can be updated. BeeJ sitting in McDonalds, using a web
browser, types in "http:\\BeeJ.camera.com" and out comes the video.
Many home Internet accounts, use dynamic addressing, which is why
this is necessary. Some ISPs offer static addresses, in which case
a DynDNS service is not required. (The mapping is always correct,
and you don't have to do anything.) If you use a DynDNS service,
the power went off at home, then power comes back on, you've totally
automated rebooting, it can take up to fifteen minutes for the new
mapping for the newly acquired DHCP lease, to appear on the Internet.
And DynDNS services, place a limit on how many updates they're
willing to do, per day. Like many services, they have "anti-hammering"
rules.
When I connected and disconnected my modem from the ISP, too many times
in one minute, the ISP automatically blocked me for 15 minutes, before
I could start a new session. That's an example of anti-hammering, even
on your ISP account. That's an automatic feature too (no human disconnected
me). Now, I don't hammer the DHCP server, quite as hard, having
learned my lesson.
*******
Other than that, well, have fun. Give it a try, and
see what happens.
One guy on here, runs IP cameras from a remote location,
and so far, I have not heard him report any horror stories.
So take all my warnings, with a grain of salt.
You can:
1) Run a camera. Save content to computer disk.
2) FTP transfer or email recorded content, to a third-party server somewhere.
3) Sit in McDonalds, visit the third-party server,
download the recorded content. Now you have non-real-time,
non-streaming, monitoring.
4) That doesn't constitute running a server, as the connections
appear to be client connections and not server connections.
The FTP upload is still slow, as would be the email upload.
The speed doesn't change. Just the "non-TOS" methodology.
No classifier rules will trigger on this. (But send too many
emails, to your ISP email server, and there's probably a
hammering rule for that too. Spammers send many emails per
minute, so a home internet account may have email send limits.)
FTP uploading should be OK, until you run out of bandwidth
allocation for the month. Take bitrate of camera, and compute
how many gigabytes that is, to upload all of it, in a month.
HTH,
Paul