Setting up IP cameras & forwardng ports

[ellisz]

Hi all,

I have had this set up over a year so I know it can work but after a recent issue with my network not getting past the router to the internet, I am wanting some confirmation that what I have set up is correct and as safe as it can be.

Equipment I am using:
5 Dlink DCS930L(wireless)
2 Dlink 920(wireless)
1 Trendnet PTZ(wired)
2 Foscam FI8905w(wireless)
Netgear WNDR3700 router
Linksys WRT54gs(w DDWRT) acting as a wireless bridge
Linksys WRT54g(w tomato) acting as a wireless ap

I have all of the above running and are accessible via my android phone. I monitor with Blue Iris software.

From what I understand, I need to have a separate internal IP addresses with ports setup up on each camera. DHCP disabled. I typically stay in the 192.168.1.40-60 range with ports in the 40-60 range(as long as the router lets me).

I have my desktops(3) and laptops/tablets(2) running via DHCP so the IP's get assigned.

Over the weekend, I could not get to the internet on any of my devices. If I bypassed the router, I could get out. Netgear tech said the router was fine as well and blamed an IP conflict on my PC? I ended up having to factory reset the router and started re-doing all of my port forwards. Bad thing was that the router would not allow me to use some of the original port addresses. I think last time I might have turned off DHCP on the router and assigned the IP's and then turned it back on - was this wise?

Questions:
I have read some but as you can guess, I don't always understand what is happening...
*My computers are getting intermittent outages still and I am not sure if it is my router or my setup or both? ISP claims the router or my setup is the cause.
*Can I have too many ports forwarded? I had 14 on the last setup including cameras, xbox, play on server and a Reefkeeper net module.

I use the linksys 54gs as a wireless bridge on the fish tank monitoring software. The wireless router prevents any ground loop issues. I am using the 54g as a repeater. It is setup with the same SSID and password and does appear to work but I have read conflicting info on this setup.

**edit** Tonight my wife was complaining about the internet dropping and I set up a fixed IP on the network connection on her desktop. This seemed to be working as I had done this on my desktop as it was recommended on Port forward.com. It seemed to fix the issue.

When my tablet/smart phone seem to be going no where, the 2 desktops seem to get through now. Not sure what is happening.
***
Any thoughts or ideas?
Thanks

 

[ellisz]

After doing some more reading on Wireless bridges and repeaters, I question some of the settings I am currently running on the linksys 54g(AP) and gs(wireless bridge) routers. Would the effect of this just make their function not operate properly or could this cause issues with the Netgear router and PC's as well? The setup appears to be working for the most part but I don't understand what caused the shut down before.

 

[Emulex]

you want to use lease reservation or static ip's that are not in the lease zone from the dhcp server. and make sure you don't have dhcp enabled on both routers - that causes crazy stuff like that to happen.

what i do is use lease reservations for everything - that way they still use dhcp but they are forever stuck at their ip address. this works best with Active directory - but you may not need that at home. hp printers love dhcp too. not a bad practice. that way you have a list of who is where and if anything strange shows up you know you have a visitor

 

[JackMDS]

I have a similar system with almost the same hardware.

I gave all the cameras static IP. Changed in the camera setup interface the port from 80 to specific ports that are above 60000.

Established a DNS account on DynDNS.org (the Router has a menu entry to maintain the IP updated independent from the computers).

Main Router forwards each camera's IP to the Camera's static IP.

From any computer with an Internet connection and my droid I use the Browser.

Typing into the browser's address bar jack.dyndns.org:60356 (just a made-up example).

Shows what the camera the is on port 60356 sees.

jack.dyndns.org:60358 shows the second camera and so on.

 

[Emulex]

webcam XP is a great cheap app that consolidates all your cameras and can publish the data to a website - if you don't want to expose your cameras directly. you use a host like dreamhost and push images up say on motion detect or just ftp new images into a dir. i think they call it webcam 7 now. not a bad idea either. many cameras run old firmware that is buggy and uses security breached libs. i'd never put a camera on the net myself. unless i knew the firmware was 1000% secure and up to date. they are all just linux or bsd based devices.

 

[ellisz]

Thanks for the replies.

I do have a dyndns account setup and it is setup on the router. What is the reason to use such a high port number? Is it that these are just less likely to be used already? I have IP Cam viewer on my phone and I use the Dyndns account with the port address I have forwarded on the router. Sounds like I am doing it similar as you Jack but my ports are a lot lower.

All of my cameras are password protected but is there real risk here that they could be viewed by someone outside?

I am not sure what lease reservation means? Right now, I have 2 desktops where I have fixed the IP on the network controller which seems to have stopped my outages on these machines. Some of my wireless devices still have no connection at times though. Emulex - are you saying that you assign all of your devices static IP's and have DHCP off on your main router? Or are you saying I need to have DHCP off on the 2 secondary routers?

I need to go over the two linksys router settings again. This might be where my issue lies. I hate to use them but I have a large house and the Netgear is on the main floor but does not have the coverage to cover the whole and some outside. I set up the 54g to add more coverage to my zone. It has a network cable attached to it that is connected to a network switch. It is running the tomato firmware as I tried it years ago before I heard of DDWRT.

 

[JackMDS]

The high ports are just to avoid conflict with the lower band which is very loaded.

Hacking is always possible, thus I use safe password (more than 8 characters with combo alpha and numbers). I would not put a regular camera in a position where if hacked what is seen can be a source what a real problem.

Lease reservation is like Static IP, if a Router can do it configuring it ensure that the device will always be on the same LAN IP.

You can use the DHCP for your LAN and assign to the Cameras and the secondary Routers Static IPs that are Not within the range of the DHCP.

All the secondary Routers has to be transparent, DHCP Off and their core IPs should be static of the same subnet as the main Router using IPs that are out of the range of the Main Router's DHCP.

==========

On Subnet

Classical IP looks like this (example), 192.168.1.x The first three groups are also called Subnet , and they identify the specific Network, x can be a number from 0 to 255, and it identifies each unique device on the Network.

An IP of 192.168.2.x would be a Subnet of another Network.

 

[ellisz]

OK, so if my DHCP server range is between 2 and 254 I need to make the IP of the secondary router 255 or higher?
Netgear Router is at 192.168.1.1
I should set the linksys's at 192.168.1.255 & 192.168.1.256. Does this sound right?

 

[Emulex]

255 is broadcast and generally you don't use it.

you need to reduce the range , restart the router.

like make your range 100-254 and put all your static's in 2-99

 

[ellisz]

Alright. Changed the range to 2-200 and set the 54g as follows:
Access point mode
Wan disabled
IP fixed at 192.168.1.201 with gateway and DNS set to the same was my desktops
SSID, channel and WPA encryption is the same as my netgear router. Seems to be working as the Netgear signal is non-existent where the 54g is located.

I still need to set the 54gs now.

Thanks

 

[ellisz]

Ok, I was looking at the setup instructions on the DDWRT site to confirm what I had for the wireless bridge.

see here:http://www.dd-wrt.com/wiki/index.php/Wireless_Bridge

Everything looks ok but it says to assign 192.168.1.2 to the secondary router. I know this does not have to be the exact IP but the IP they suggest is in the same DHCP range. My plan was to go outside the DHCP range.

Any issue with this? Since DHCP is off I would think it should not matter but does going outside the range just insure that nothing can get assigned by the main router that could conflict? Just wondering..

Thanks! I have learned some things here today

 

[JackMDS]

There is no need to your DHCP to be between 2 -200 unless you have 198 computers on the Network.

Change the Router's DHCP to a much smaller range if you have 10 computers a range of 20 would be more than needed.

I.e., like 192.168.1.100 to 192.168.1.120

Then you plenty of space for all the static IPs.

 

[ellisz]

That is true. It was defaulted to 2 - 254 so I just shrunk it down a bit. Your way makes sense though.

Thanks

 

[bamx2]

FWIW - I set up port fowarding correctly but could still not access my camera. I turned out that my router was in the dynamic mode behind my Westell ATT DSL Router . I subsequently in PPOE mode and the DSL modem in bridge mode and outs access via dynds worked .

Here is another pretty good remote viewing setup tutorial -

http://ipcamnetwork.wordpress.com/2010/09/23/acessing-your-camera-from-the-internet/