UPnP and Blue Iris

General discussion about Blue Iris
Post Reply
User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

UPnP and Blue Iris

Post by Thixotropic » Sat Feb 15, 2020 2:08 am

I used the Remote Access Wizard to set up the webserver built in to BI. I'm using a Nighthawk X4S AC2600 Smart WiFi Router, Model R7800.

As part of the process I set the port from '81' (the default) to '500', so I access my BI server remotely with something like 75.75.75.75:500 (obviously not my real IP)

Everything works fine, but as part of the process the wizard used UPnP to set one of the params, and it succeeded because UPnP is turned on in the router by default. So far so good, but....

I see lots of posts all over the web warning that UPnP is a potentially serious hazard, and from what little I've read that seems absolutely correct. Based on that, I'm thinking I should to turn UPnP off in the router. I found the setup page where you can do this in the router, a single checkbox.

My question is, will turning UPnP off now (after everything is set up) cause an issue with BI? It seems like it shouldn't but I thought I'd ask here and see what people say.

I've heard that it could cause issues with Skype (which I use) and with torrenting (which I don't).

In addition to any possible side effects with BI (??), what other kinds of issues or problems might I see if I turned off UPnP now?
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

User avatar
TimG
Posts: 452
Joined: Tue Jun 18, 2019 10:45 am
Location: Nottinghamshire, UK.

Re: UPnP and Blue Iris

Post by TimG » Sat Feb 15, 2020 9:42 am

Hi,

As I understand it, upnp is only used during initial set up, so turning it off shouldn't cause any problems if it's already working. I have it turned off, but then I'm using OpenVpn on the router, so I simply don't need it.

My first internet computer was a massively expanded Amiga A1200, so I got used to setting things up manually :mrgreen:
Blue Iris v5.2.3.0 | Win10 Pro x64 | Dahua IPC-HDW5231R-ZE, Foscam R2, Ertech 4MP, 2 analogue cameras on Euresys Picolo Pro 2 | FX-8350 AMD Piledriver CPU, 32GB Ram, Multiple SSD and HD| Homeseer HS3(4) Pro | TVMosaic | Emby | DVBViewer |

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: UPnP and Blue Iris

Post by HeneryH » Sat Feb 15, 2020 3:36 pm

uPnP is talked about negatively because 99% of the population doesn't understand it and it can be used maliciously by bad actors.

You sound like you know enough about router rules and networking to protect yourself.

I have a small marina with about 12 boat slips. I logged into my router one day and found port forwarding rules set up for some Chinese cheapo camera that one of my clients installed on his boat. That one cheapo Chinese camera introduced a stealth (had I not noticed it) tunnel into my network.

User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

Re: UPnP and Blue Iris

Post by Thixotropic » Sat Feb 15, 2020 5:16 pm

HeneryH wrote:
Sat Feb 15, 2020 3:36 pm
You sound like you know enough about router rules and networking to protect yourself.
Thank you, but I don't really understand it except at a basic level.

I went in to turn it off and noticed it had a bunch of entries, but I don't know if they were there by default or from something else adding them. After turning it off they all disappeared.

I turned it back on as a test and the list was as follows (there were fewer than before, about half as many, but I think they were all going to the same IP):

Code: Select all

Active 	Protocol 	Int. Port 	Ext. Port 	IP Address
YES	TCP	9010	34940	192.168.1.10
YES	TCP	9020	36255	192.168.1.10
YES	UDP	9030	34114	192.168.1.10
YES	UDP	9031	36008	192.168.1.10
YES	UDP	9032	33283	192.168.1.10
YES	UDP	9033	35870	192.168.1.10
192.168.1.10 is the static IP that's assigned to the RCA video doorbell; I don't know if that indicates a problem with it trying to phone home or if it did that during setup, or what. I turned uPnP off now and it'll stay that way unless I find a problem.

I also checked to see that no ports were being forwarded, and the only entry I saw was for FTP.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: UPnP and Blue Iris

Post by HeneryH » Sat Feb 15, 2020 11:40 pm

The video doorbell must have a web service offering and to get that service to work the doorbell had to punch a hole through your router. It basically set up a port-forwarding without you knowing about it.

User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

Re: UPnP and Blue Iris

Post by Thixotropic » Sun Feb 16, 2020 12:15 am

HeneryH wrote:
Sat Feb 15, 2020 11:40 pm
The video doorbell must have a web service offering and to get that service to work the doorbell had to punch a hole through your router. It basically set up a port-forwarding without you knowing about it.
That's probably it.

It seems to work fine with uPnP turned off, but I'll know for sure in a day or two. It'll either keep working and sending alerts or not. Maybe it's time to dump it and just use a dedicated BI cam to sense people approaching and send an alert.

I'm still looking for a good PoE doorbell cam. There are a few out there that look like possibles but the last one I tried wasn't real PoE and required some silly adapter to work. But like I say, maybe it's time to just use a regular cam to alert me to people and packages.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

Re: UPnP and Blue Iris

Post by Thixotropic » Sun Feb 16, 2020 5:30 pm

Okay, so I'm not sure what's going on, but here's what's going on..lol

I turned off uPnP and it seems to have cleared any uPnP forwarding that was active, meaning that BI is no longer reachable from the outside world.

I turned it back on and stepped through the wizard and got it working again. Turned off uPnP and yes, it appears to wipe out the port that was forwarded.

So I guess it's time to manually add a PF rule and go from there.
Last edited by Thixotropic on Mon Feb 17, 2020 6:38 pm, edited 2 times in total.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

User avatar
Thixotropic
Posts: 281
Joined: Wed Sep 04, 2019 7:20 pm

Re: UPnP and Blue Iris

Post by Thixotropic » Mon Feb 17, 2020 5:41 pm

I got this figured out, no thanks to the incompetent clowns at Netgear 'support'. I swear, the people at Netgear support couldn't pour milk out of a boot with the instructions written on the heel.

Any way, here's the setup to enter in the Port Forwarding screen. Select "Add custom service", and in the next screen select "TCP" from the Protocol dropdown.
portforward1.png
portforward1.png (17.26 KiB) Viewed 547 times
Service Name: put whatever you want here
External Ports: put the port number to be forwarded and visible to the outside world
Internal Ports: put the port number to be forwarded and visible to the host PC that BI is running on
Internal IP address: put the IP address that the BI box is connected to on your LAN.

After saving, you can check to see if the port is visible on the internet by going to https://www.canyouseeme.org and entering the port number (in this case, '500').

If it's visible, you'll see a message stating the following:

"Success: I can see your service on 169.55.13.238 on port (500)
Your ISP is not blocking port 500"


.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | Ngrok Tunneling

Post Reply