Routin' Schmootin'
12 May 2017, 02:47 PM
#1
Routin' Schmootin'
I have 2 locations setup with Hikvision Cameras on NVRs. In both location I have PTZ cameras that AREN'T connected to the back of the NVR. Simple enough as you tell the NVRs the IP/ports that they are running, so that they can then be recorded and viewed through the NVR.
Simple enough. Also simple is port forwarding http/80 to the internal IP of the NVR - it can then be accessed remotely and can be used in the iVMS app etc.
Sounds simple?
Well, what's confusing me is that if you keep the http port at 80 the PTZ camera, when you go http://externalipaddress and expect to get the NVR, you sometimes get the camera! I've not set a route up to that camera, so how come you can access it?
So, I change the http port on the PTZ to (say) 81. You might expect that to work, as its no longer on 80 and it does. However, I can go http://externalipaddress:81 and view the PTZ! Again, there is no route and I've not opened that port to a static route.
At this stage, the NVR can also get confused and not show at all on http but going :81 gets the PTZ. Sometimes a re-boot of the router works for a while.
What seems to fix it is putting in a different management port onto the PTZ and changing the value in the NVR to match so that it can see the camera. However, I still get access to :81 with no route set and no port open!
What might be causing this? What can I do about it? I thought that a crappy Huawei ADSL route on TT business might be one cause but the fact that a separate setup on CISCO SOHO Firewall does the same is more than strange.
One option is to place both the PTZs within the NVR, though I don't really want to do that as the NVR can't manage all the features of the PTZs that I might wish to access/change. There's also a POE draw issue & trying to keep that down on the NVR.
End of the day, I shouldn't be able to access ports I haven't opened and equipment I haven't allowed access to the outside world.
Simple enough. Also simple is port forwarding http/80 to the internal IP of the NVR - it can then be accessed remotely and can be used in the iVMS app etc.
Sounds simple?
Well, what's confusing me is that if you keep the http port at 80 the PTZ camera, when you go http://externalipaddress and expect to get the NVR, you sometimes get the camera! I've not set a route up to that camera, so how come you can access it?
So, I change the http port on the PTZ to (say) 81. You might expect that to work, as its no longer on 80 and it does. However, I can go http://externalipaddress:81 and view the PTZ! Again, there is no route and I've not opened that port to a static route.
At this stage, the NVR can also get confused and not show at all on http but going :81 gets the PTZ. Sometimes a re-boot of the router works for a while.
What seems to fix it is putting in a different management port onto the PTZ and changing the value in the NVR to match so that it can see the camera. However, I still get access to :81 with no route set and no port open!
What might be causing this? What can I do about it? I thought that a crappy Huawei ADSL route on TT business might be one cause but the fact that a separate setup on CISCO SOHO Firewall does the same is more than strange.
One option is to place both the PTZs within the NVR, though I don't really want to do that as the NVR can't manage all the features of the PTZs that I might wish to access/change. There's also a POE draw issue & trying to keep that down on the NVR.
End of the day, I shouldn't be able to access ports I haven't opened and equipment I haven't allowed access to the outside world.
12 May 2017, 03:42 PM
#2
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
Sounds like something funky going on with the NVR IP wise.
What addresses are you using for them?
Can you delete the route out to the www on the PTZ?
What do you get if the PTZ's are powered down?
What addresses are you using for them?
Can you delete the route out to the www on the PTZ?
What do you get if the PTZ's are powered down?
12 May 2017, 05:03 PM
#3
NVR uses 192.168.254.x as default via DHCP but it also is able to look inside the internal network on the (say) 192.168.200.x range for cameras. So I would give NVR 192.168.200.200 and a PTZ 192.168.200.150 and tell the NVR the IP, the ports (http, https, management and RTSP)
The route out doesn't exist
Nothing, as in the PTZ isn't available but NVR if available is.
I've just seen UPnP as an option on NAT in one of the PTZ and that is showing Auto as mode with external Port as :81, External IP as http://externalipaddress (correct one) and Internal as :81
I'm not familiar with UPnP but surely it shouldn't be allowing the Firewall to open up :81 without my sayso! Plus it's ignoring the Firewall rules!
The route out doesn't exist
Nothing, as in the PTZ isn't available but NVR if available is.
I've just seen UPnP as an option on NAT in one of the PTZ and that is showing Auto as mode with external Port as :81, External IP as http://externalipaddress (correct one) and Internal as :81
I'm not familiar with UPnP but surely it shouldn't be allowing the Firewall to open up :81 without my sayso! Plus it's ignoring the Firewall rules!
14 May 2017, 05:10 PM
#4
Scooby Regular
Join Date: Oct 2005
Posts: 476
Likes: 0
Received 0 Likes
on
0 Posts
It does sound like UPNP is the culprit. There'll be a setting on the camera\NVR telling it to try to use UPNP and a setting on the router saying that it is allowed to be configured by UPNP. So you could either switch off UPNP on the camera or off on the router completely.