Gaming Problems with Port Forwarding

[.Chris]

I carefully followed this guide to forward the necessary ports that are being used on my security camera.

At the end of the guide, it says to enter the external IP address of the router with the port. Example, http://75.14.251.43:85.

I have to forward ports 80, 9000, and 18004.



What do I do in order for this to work?

 

[marcus134]

what router do you have?

 

[.Chris]

Westell A90-750015-07 (Verizon Firmware).

On the guide, it said to use a certain program, my router wasn't there, so I used Westell 7500 (Verizon Firmware).

 

[Chaosliger]

A portforwarding guide for your router here

 

[FAST6191]

Urgh that guide was horrible- no good for anybody not in the network game and possibly even bad (DCHP for a forwarded device- not best practice unless you know you can get away with it as it is liable to change at various points*) and pointless for anybody who knows what goes as it buries most of the good info among junk (the multiple routers stuff- pointless for most people including those with multiple routers).

*some routers allow you to forward ports to/set rules for devices with given names or mac addresses so if you have that it is then a bit safer to use DCHP with them. If your device uses DCHP at best your remote security cam will not be accessible and worst case scenario is you allow the machine that takes the place of the cam to be internet facing. Unless you have a router able to set rules for a device name or mac address change the DVR to a static IP address (pick one higher up in the DCHP pool so as not to trouble your network) and forward ports appropriately to that static address.

This is getting somewhat off track through and by the looks of things the setup you wish to have goes something like this

Internet at large- your router- Your PC, consoles and whatever else which we are ignoring for now.
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ- The DVR device which hooks via coax into the security camera? (if it is network that might change things)
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ You want this DVR to face the internet so you can dial into it from outside and see goings on.

Anyhow it seems to be suggesting you do port forwarding rather than something else which I can sit behind I guess (hoping your DMZ is secure is about all you can do really).

Ports:
80 - standard web server.
9000 - Not sure what this is but I guess it is tied to it (looking around 9000 is used by a few streaming servers).
18004- apparently for mobile phones which leads me to think they have a cut down server on this port with more simplistic methods. An interesting design choice really but having dealt with mobile phones and web development I can not blame them (phones are possibly the new IE).

All appear to only want TCP connections. The security minded type would say if that is the case leave out UDP data as well but if you can only do TCP/UDP (some routers are not brilliant) it does not matter.

I will also mention some ISPs block port 80 (many US ISPs are fond of this and given most have something of a monopoly... I can not get a definitive answer as to whether they do but some have said they do so keep it in mind). A good router though will allow a soft redirect of sorts- you just get to add something like :8080 or whatever external port you decide to use to the URL/ip address (my advice is get yourself a dynamic IP address website thing- http://www.dyndns.com/services/dns/dyndns/ as you probably do not have a reliably static IP address) and then use the router to forward it to the machine inside the network as appropriate*. The using :85 thing is another workaround for this.

*it will probably look something like
"port forwarding/translation options"

External port ????
internal port XXXXX
internal IP address/device ***.***.***.***

Again I am getting off topic so it is time to forward things. Find out which device is responsible for your network (chances are there is only one- the dual router stuff that guide was on about can be ignored for most non corporate setups) and get into the settings panel- here you need to find the port forwarding options (ignore all those programs the guide suggests).
http://portforward.com/english/routers/por...routerindex.htm is a good place to start. Specifically http://portforward.com/english/routers/por...-07/default.htm
It looks like you have a device level filter but if you want to use the static IP I will not blame you.

Once you get to the port forwarding section you are going to have to do it two time (or three if you want mobile phone access)
TCP 80 80 80
TCP 9000 9000 9000
TCP 18004 18004 18004

Obviously you are going to want to test it. I usually abuse http://hidemyass.com/ for such things as dialing up your external IP from inside the network tends to get it hooked and sent back into the internal network (where it will work but bad forwarding will not be detected until you are out in the field). It might not work properly but if you can access it as opposed to having it time out or refuse a connection then carry on to the next test (another network).

 

[.Chris]

-snip-

Thanks for the very detailed answer.

If my ISP is blocking Port 80, I use Port 85, correct?

So it is okay I am using a Static IP address?

QUOTE(FAST6191 @ Jul 1 2011, 11:11 AM) A good router though will allow a soft redirect of sorts- you just get to add :8080 or whatever external port you decide to use to the URL/ip address.

If I use Port 80, when I enter the IP address, I add :8080, and when using 85; :8585?

And when setting up the Port Forwarding, what should be the Host Device? My computer's IP or my DVR's IP?

 

[FAST6191]

Your DVR IP is what you want it pointing at by the looks of things (it looks like it runs a web server for itself and a video hookup).

"So it is okay I am using a Static IP address?"
I might have confused things here. Two sorts of static IP address with modern networks and indeed what you are trying to do here.

Internal network IP address
This is complex to set up which is why we have DCHP these days.

External network IP address- this is what you might pay your ISP an extra $5 a month for (or have a premium ISP) and allows the whole world to reach you on that address and "always" will. For various reasons ISPs have taken to having a pool of addresses and giving you one of those every so often (or every time your router resets- hence the ban/time limit dodging trick of resetting your router).
There are however dynamic DNS services that allow to point a domain at your PC and you run a program either on the PC or on the router (or occasionally some other device on the network) that every hour or two (or even minute or two) sends a "here I am" message that the service can then point you at rather than having to memorise or send around a new IP address every few minutes (most people use these sorts of services to dial back into their home computers to dodge school/work block lists).

Port blocking.
As well as IP address your data is going to most communications (some stuff like ping does not) have a port. Some protocols are tied to a port (sending email via SMTP almost invariably heads out over port 25 which is why most ISPs block it) and port 80 is the one web servers tend to sit on. Indeed the only reason you do not type :80 at the end of every address is that it is a kind of standard so browsers omit it and use it by default. You can get around blocks by changing a port and you can change to whatever you like (there is no pattern if that is what you are asking). However your router is probably a fairly intelligent machine so you can say try to connect externally from port 3452 and the router will twist this and send it to the internal IP address on port whatever you set it to be (it is this feature that is used so you can have X computers behind a router and all have them access the internet at once) which can dodge the need for configuration changes.

85 in this case was just a randomly picked number for the guide (it does have a meaning but not one that is commonly used). 8080 is occasionally used as a simple alternative to 80 but it is still a random number. Historically there was a thing about only using the first 1023 for known things (also issues with running servers without root privileges) but that is largely ignored these days save for the really common stuff (even then you could still use it just that some people might not thank you for it) and some ISPs also block/monitor/fiddle with packets using really high port numbers as that is what many torrent clients/guides favour. The confusion is my fault though so I edited the post a bit.