Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First Job Setting Up Surveillance DVR at a High End Resturant


  • Please log in to reply
18 replies to this topic

#1 colituse

colituse

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 01 March 2016 - 03:13 PM

I have a Job setting up a DVR, hooking cameras up, and getting it on the clients iphone to view their restaurant remotely. i have been working on it the last 2 days after my day job.

 

I have attached a schematic of the network structure Attached File  network_DVR_setup.png   2.07MB   1 downloads 

 

Service Provider: ATT U-Verse DSL

Modem/Router: NVG510

Switch: Netgear GS116v2 (UnManaged - meaning it should connect easily)

DVR: Lorex ECO BlackBox LH010  ----- PORTS for DVR - HTTP:80 CLIENT:9000 MOBILE:1025

POS: a sales system and table system that CAN'T SCREW UP

STATIC IP: I believe this is for the POS System, (the only port i saw was open was a MYSQL port.)

 

Job Responsibility:

  • Hook up Surveillance DVR to the Network (COMPLETE)
  • Get camera's hooked up (COMPLETE)
  • Hook DVR to a specific Monitor to Watch the cameras on (COMPLETE)
  • Have it where he can access cameras from his iphone REMOTLY. (STRUGGLING) 

My Skill Level:

I have worked with computers and technology and i am trying to learn more.

I have never Port Forwarded

Never messed with a Switch

Never Come in on a already Built Network and Figure out how its working.

 

The progress point i am at:

  • I am stuck because when i log into the Modem, there is 3 services running that rules have been created for. I am a bit apprehensive to mess with things and don't want to screw up the services running.
  • So i go to create a new rule on the modem for the DVR, i don't know which IP to use.
    • the DVR's IP? the Static IP or should i be using the Static IP and then MAC address.of DVR?

 

 

 

My options as i see them.  - the 3 options are different from each other (I think LOL)

1. Use Lorex Auto-PortFoward tool wizard, set up an account on Lorex website for a DDNS. Then use Lorex IOS App to connect to the DVR Remotely. 

  • I don't want to do this, because i know that this could cause issues with the resturants POS

2. Call ATT. and have a Static IP setup just for the DVR.

  • Set up a new rule on the modem
  • Then Port forward throught the firewall on the NVG510 Modem. 
  • download a 3rd party viewing app or still use Lorex Remote app to view cameras on iphone remotely.

3. Use the Static Ip that is already there, and then open a different ports for the DVR, then what are being used for the rest of the system.

  • I was reading and somewhere it said that 2 machines cant have the same IP address or it won't work.

 

 

I you need anything else to understand the situation please let me know and i will get it ASAP.

So i am a little despite in my situation, its of my own making but if you don't take chances where will you get in life. I would appreciate any help.

 

https://drive.google.com/file/d/0B0jViPgVpDPdR2RJOTRzRk5BaXNYRXo4V1FjTVVyZnc2LV9j/view?usp=sharing  this is a link the the ATT modem manual

Attached Files

  • Attached File  dvr1.JPG   235.25KB   0 downloads
  • Attached File  dvr2.JPG   245.3KB   0 downloads
  • Attached File  dvr3.JPG   311.04KB   0 downloads

Edited by colituse, 01 March 2016 - 04:08 PM.


BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:08 AM

Posted 02 March 2016 - 06:44 AM

I would HIGHLY recommend that the DVR be on a separate network from the POS system.  You don't want a security flaw in the DVR, or the DVR setup, to allow someone to access the POS data, especially if you are allowing remote access into the DVR.

 

This project needed more front end planning.  Does the DVR system even allow for connection from an Apple device?

 

Personal opinion is that the store owner is looking to save money by having you do this and the job is beyond your abilities.  Getting it working is one thing, getting it working securely is quite another.



#3 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 02 March 2016 - 09:25 AM

BC,

 

I appreciate the advise very much.

I will info the owner of the possible security issues. I have already told him about issues i am concerned about, but as you said he is on a budget.

 

The Device has a App that it provides in apple store.

 

Like i said i did this to myself, and told the owner i  was not a guru. he has been nice to let me try and as a reward he will allow me to have access to his camera's to show proof i can set up a Surveillance system. Also he most likely pay at the end as well.

 

The project did need more upfront planning! However the situation  presented itself, i am in oil industry and concerned about my job. i saw a opportunity to secure my future and i couldn't pass up the chance and i didn't have time to prepare for it. i got thrown in to  it and gladly accepted.

 

I know my capabilities, i stated them earlier. 

I am not asking for your personal opinion on my choices in life!

I am asking for Network / Software / Port Forward /Security/ and general IT  advise! So if you can help thanks, but keep the opinions on me to yourself.


Edited by colituse, 02 March 2016 - 09:27 AM.


#4 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 02 March 2016 - 09:38 AM

So i did more work on the system last night.

 

I port-forwarded the device ports that are required by the DVR.

 

Questions:

If i port-forward from the modem, through the switch, and then to the  DVR, only using the modem's IP and DVR's IP. would the switch need to somehow be configured into the port forwarding? OR cause an issue. It is an UnManaged switch.

 

If the client has a static IP.

Does the modem port-forwarding settings need to be the IP of:  Static IP -to- DVR IP   "OR"   Modem IP -to- DVR IP? i also used the ports needed.

I tried to do this, and then i scanned the ports and only 1 port was open, and it was not the ports i was trying to port forward.



#5 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 02 March 2016 - 10:10 AM

switches don't forward ports, routers do.

 

the dvr has to be operational and listening on the port you have forwarded for it to show up in a scan

 

the dvr has to be set to a static ip NOT in the dhcp scope I am assuming is running on the router



#6 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 02 March 2016 - 10:38 AM

Wand3r3r

 

The network has a Static IP, however the DVR has its own ip that is different from the static ip.

 

I pinged the ip assigned to the DVR and it starting transmitting packets. the dvr is operational and i am getting live video feeds from all the  cameras.

i was able to connect to the DVR and view the camera feeds from another computer on the same LAN.

 

Structure :

modem and router in one

then you have switch

from switch it goes to dvr

also computer i connect to dvr come out of the switch

 

so yes its running on the router/modem.

 

do i need to turn DHCP off on DVR and give it its own ip "OR" can i give the DVR the static ip,  that is set up through att for the network


Edited by colituse, 02 March 2016 - 10:39 AM.


#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 02 March 2016 - 11:25 AM

Might want to spend some time at portforward.com reviewing some of their tutorials as well as spending some time at one of the tcp/ip tutorial sites.  You need to know the correct terminology and what they mean. Google is your friend.

 

"The network has a Static IP"

I assume you mean public one assigned for the WAN by AT$T?

 

" however the DVR has its own ip that is different from the static ip."

Now you are talking LAN ip or the lan subnet using private ip.

 

"I was able to connect to the DVR and view the camera feeds from another computer on the same LAN"

But since you did not either do a static ip assignment nor did you do a ip reservation in the dhcp server this means its getting random ip addresses and your port forwarding will not work.

 

"OR" can i give the DVR the static ip,  that is set up through att for the network"

That would be the wrong thing to do.  Google NAT for a better understanding of what the router is doing.

 

"do i need to turn DHCP off on DVR and give it its own ip "

This is the usual course of action but you have to know what the routers dhcp scope is set to.  You assign a static ip to the dvr that is also included in the dhcp scope you will have a ip conflict and neither device will work.

 

You need to logon to the router, go to the dhcp server settings and see what the scope [range of ip addresses] is set to.  Report this information here and we can advise you if you have available non conflicting ip addresses available or we need to take another tact.



#8 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 03 March 2016 - 06:49 PM

so first off i found out that the ISP (ATT) is not providing the STATIC IP. So they are providing me with an Dynamic WAN IP address.
 this is referred to as the "External","PUBLIC" OR "WAN" IP address(regardless if its Static or Dynamic). 
 
The WAN IP from my ISP goes to my Modem/Router (NVG510) and inside the NVG510 is a DHCP SERVER. the DHCP server in the NVG510 is what assigns all the IP address to my LAN 
 
(Local Area Network) devices. 
 
 
I logged into the NVG510 modem under firewall setting / IP Pass-through.
 
Allocation Mode: Pass-through (allows the device's public IP address to be assigned to a single LAN client)
Pass-through Mode: DHCPS-fixed (the WAN IP address will be handed out by the devices DHCP server to the LAN client whose MAC address has been specified.)
Pass-though Fixed MAC Address: 00:01:00:01:FB:00 (This is made up MAC address)
 
So from the settings above the NVG510 is taking the WAN (Public) IP and assigning an specific IP ONLY (single device) to the device with the MAC: 00:01:00:01:FB:00. 
Meaning that the device with the MAC 00:01:00:01:FB:00 will always get the same IP address assigned to it wether or not it asks for one, or another device requests a IP 
 
first. that IP address is reserved for the device with the MAC.
 
IF i am correct, that would mean:
The the computer i am access the router with locally (in same LAN), has a STACTIC IP given to it from the router's IP PASSTHROUGH DHCP server settings?
Because when i go to the computer local area connection settings, it is grabbing a IP and DNS automatically; but when i access the internet and go to canyouseeme.org it shows 
 
me a static IP address with all ports closed.
 
However im thinking that the device that the IP PASS-THROUGH is assigning fixed IP's is POS System and the static IP is being assigned by POS System server?
 
 
so moving on 
 
I was looking for the DVR in the Router / Device List.
 I couldn't find the IP of the DVR because its getting a random one, that is within the IP range set by the DHCP server.
the DHCPv4 address range is .64 to .253
 
 
 
Packet Filter Rules:
so this is where i port-forward (pinhole) i believe.
So i set up a rule but i am unsure about the settings.
 
Action   Source IP                  Destination IP     Protocol   Source Port   Destination Port
PASS     ROUTER IP?                     DVR IP?         TCP/UDP      80                80
         RANGE BETWEEN .64-.253?       LAN DEVICE IP?
 
 
Once i have successfully set up the port-forward rules i go to NAT/GAMING:
this is where i was getting stuck, because i was creating a custom service for the DVR but i was using it default IP and the DVR is set to DHCP. 
so i couldn't even find the DVR DEVICE, which i need to specify, for the service i wanted to run  for that device (DVR).
 
 
 
Accessing my DVR Locally on port 80:
I open Internet Explorer and type in the DVR IP (http://123.123.12.125:80)
the manual says that the page is controlled by Active X plug ins. The IE is up to date, but the screen that comes up never access to run Active X controls. It is just a solid 
 
green colored window. I am completely stomped by this one. I went into settings and said to allow Active X to run and everything. still nothing.
 
Accessing my DVR Locally using DVR CLIENT SOFTWARE:
it opens and connects are to the live feed and i can see all the cameras. now its got a good lag and skipping video feed but its communicatiting. 
 
 
So my plan of action:
go into the DVR SETTINGS and turn off DHCP. Give the DVR a set IP address that isn't already being used by another device.
Create Packet Filter rules for the DVR needed ports.
Then go to NAT/Gaming - Now that my Router shows the DVR's IP, Select the service (packet filter i made) and pick the DVR for the needed by Device.
 
 
 
I am thinking this will work. but i have been thinking that the last week and well haha. look at where i am.
 
 
Also i tried to use the Port Forward Wizard that the DVR company provides and it didn't work because it couldn't detect the DVR (i believe).

Edited by colituse, 03 March 2016 - 06:53 PM.


#9 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 04 March 2016 - 10:06 AM

 

so first off i found out that the ISP (ATT) is not providing the STATIC IP. So they are providing me with an Dynamic WAN IP address.
 this is referred to as the "External","PUBLIC" OR "WAN" IP address(regardless if its Static or Dynamic). 
 
The WAN IP from my ISP goes to my Modem/Router (NVG510) and inside the NVG510 is a DHCP SERVER. the DHCP server in the NVG510 is what assigns all the IP address to my LAN 
 
(Local Area Network) devices. 
 
 
I logged into the NVG510 modem under firewall setting / IP Pass-through.

Allocation Mode: Pass-through (allows the device's public IP address to be assigned to a single LAN client)
Pass-through Mode: DHCPS-fixed (the WAN IP address will be handed out by the devices DHCP server to the LAN client whose MAC address has been specified.)
Pass-though Fixed MAC Address: 00:01:00:01:FB:00 (This is made up MAC address)

 

  • -Hold on  i got that wrong. The pass through DHCPS-fixed is the device on the LAN that is creating the Static IP.
  • so the PUBLIC IP (Stactic IP) is being generated by the Device with the MAC address that the router is pointing to.
    • Thats where the DHCP Server is residing right?
 
However im thinking that the device that the IP PASS-THROUGH is assigning fixed IP's is POS System and the static IP is being assigned by POS System server?
  • i am thinking that the POS server is generating the Static IP for the other LAN Devices?
  • because i can't even pull up 

 

 
 
so moving on 

I was looking for the DVR in the Router / Device List.
 I couldn't find the IP of the DVR because its getting a random one, that is within the IP range set by the DHCP server.
the DHCPv4 address range is .64 to .253
  • so the IP range of the Router is .64 to .253
  • But the IP range of the POS system computer (Where i now believe the DHCP server resides) could be completely different.

 

  • This would also explain why when i try to remotely access the system the public ip doesn't work, because the IP of the PC i checked the IP of   (on canyouseeme . org) was being genereated from the POS system computer
    • I have not touched that PC because i didn't think of it, 
 


 
Action   Source IP                  Destination IP     Protocol   Source Port   Destination Port
PASS     ROUTER IP?                     DVR IP?         TCP/UDP      80                80
         RANGE BETWEEN .64-.253?       LAN DEVICE IP?
 
  • so this setting would change 
  • or i would have to access the POS system PC, and change the DHCP setting there.

 

 


#10 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 04 March 2016 - 10:25 AM

You are going places you shouldn't go and you are not understanding the concepts.  It is not the wan ip that is being handed out and if it was then you would screw up the pos system.

 

What is the dhcp scope?

Post the results of a tracert yahoo.com so we can see your routing from a internal pc.



#11 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 04 March 2016 - 02:43 PM

Wand3r3r,

 

  1. Thank you so much man. you have really been helping! Just want to say i appreciate your time.
  2. The post i made was rushed and didn't make since once i read it again, so i am sorry for that.
  3. i will preform a tracert and post the results


#12 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 04 March 2016 - 06:15 PM

the first tracert on left was run on pc hooked to switch

the second tracert on right is on pc skipping the switch and hooked straight to router/modem

Attached Files


Edited by colituse, 04 March 2016 - 06:18 PM.


#13 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 05 March 2016 - 12:32 PM

Appears you are only configured for IPv6 and not both v4 and v6.

 

Please do a nslookup yahoo.com and post the results.  The tracert ms times look average so not seeing any real bottlenecks.



#14 colituse

colituse
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:08 AM

Posted 07 March 2016 - 10:48 AM

removed


Edited by colituse, 07 March 2016 - 06:49 PM.


#15 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:08 AM

Posted 07 March 2016 - 11:49 AM

Back to the security of accessing these remotely.  You might want to check out Shodan.  That site is usually enough to scare the heck out of people who want to attached anything to the Internet.

 

How much information do you have for the POS system?  What ports is it using?

 

Provided you have port 80 forwarded to the DVR you should be able to access the DVR by accessing the public IP which can be found by going to WhatIsMyIPAddress from a machine on the network.  You might have to sign up for a dynamic DNS service in case the IP address changes, or show the user how to go to WhatIsMyIPAddress if he is having issues accessing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users