Remote access difficulties

General discussion about Blue Iris
Post Reply
MattS
Posts: 1
Joined: Sat Feb 08, 2020 11:08 am

Remote access difficulties

Post by MattS » Sat Feb 08, 2020 11:43 am

I have just purchased Blue Iris and I am trying to get the Remote Access working.
I have worked through the Wizard.

Port Forwarding seems to be working and I am able to log in to the LAN address using the browser without a fuss.

Unfortuntely, I cannot log into the LAN address using the software. The Remote Server status says "REmote server is not running as a service"

Also, I cannot seem to get the WAN working. It will not register in the test and I cannot find it on the test website in the wizard.

My setup is a follows:
We have cable internet and a modem router in a different building. The internet is channeled to the main house using a Ubiquiti Nanobeam AC bridge. The house is then served by a meshed Ubiquiti Amplifi router. So I expect there may be a problem because there is 2 routers and the server is not connected directly to the internet.

But I have no idea how to fix this?

Any advice would be appreciated
Matt

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: Remote access difficulties

Post by HeneryH » Sat Feb 08, 2020 3:23 pm

Couple of terminology items...

Port forwarding doesn't impact LAN operations. So saying port forwarding works because the system works on the LAN isn't technically connected.

What do you mean by you cannot log into the LAN address using the software? What are you trying to log into and with what software are you trying from?

I have a longer post of remote access hints somewhere that I will try to find that might help.

HeneryH
Posts: 269
Joined: Thu Jul 18, 2019 2:50 pm

Re: Remote access difficulties

Post by HeneryH » Sat Feb 08, 2020 3:28 pm

Here are some hints...

I'll try to get you started:

IP Addresses
Your home is connected to the internet through your ISP and most likely has one router/modem that is the interface between the internet (world wide) and intranet (your home). To make progress you will need to be able to log into your router/modem and have access to its configuration pages.

Technically every device in your home could have its own world wide available IP address but for a number of reasons that just isn't practical. You router/modem is the ONLY device that ends up getting assigned a publicly visible IP address. Google "what is my ip address" to see what your single address currently is.

All of your internal devices get private addresses that are reused by everyone. They are usually of the form 192.168.x.y or maybe 10.10.x.y but you need to understand that my 192.168.1.12 is not the same as your 192.168.1.12 and our internal addressing is only valid on our own networks.

Ports
The way computers talk to each other is by first identifying their IP address of the computer that is accepting connections, then secondarily identifying the sub-address (ports) withing that computer that will be accepting connection, then thirdly agreeing on what protocol they expect to chat with. For ease of use, there have been some standards that have been agreed to that the port should be usually equal to the protocol. Port 80 = web. Port 443 = secure web. Port 25 = email. etc etc etc. Of interest is that some folks think that they can 'fool' scammers by running their services on non-standard ports (ie running web on port 81 instead of 80) but that is a foolish idea because scammers can scan all ports in milliseconds to running web on non-standard will stop no one. FYI if you want to connect to web on a non-standard port you use the format http://domain.com:yy where yy is the non-standard port.

How web connections usually work...
Connect to web server at CNN by going to the web URL http://www.cnn.com your computer looks up the IP address of "www.cnn.com" and since we prefaced the URL with http:// then we assume we are going to use port 80. The data center at CNN is accepting incoming connections on their main firewalls on port 80 and serving up a nice pretty web page in the agreed upon protocol.

Connecting from the Internet to your Home devices...
Now let's think about your home rather than CNN... First, what domain name or IP address shall we use???? And what is your IP address???

This is always the first battle and is usually answered by using a Dynamic DNS service and a domain name assigned by that service. I think BI has some service for this but frankly I never used it and am not sure.

However you get the valid IP address of your home router, we then move to the second challenge... All incoming connections form the internet will hit your router/modem which by default... doesn't know what the heck to do with the incoming request. Your router gets a web request and barfs without setup steps.

Port Forwarding
What we need to do is set up some rules on your router to instruct the router what to do with incoming connection requests. This is the port forwarding rule. They will look something like this
Basic data -
  • Incoming port connection request to port X, should get forwards to LAN computer A on port Y.
There are some additional custom settings you can make to make it more complex but this is the basic rule.

Saving quickly now but I will update this paragraph.

Security
In general, exposing devices to the internet exposes them to the jungle of world wide scammers. Some devices are notoriously less secure and have long histories of being hacked by vulnerabilities. IP cameras are one of those notoriously insecure devices.

Your router/modem is your safety device between you and all of the skanks on the internet!!! (I changed my crude reference to something more tame :) )

NEVER setup your router to allow connection requests from the internet to be forwarded to your cameras or any other device that you don't have complete confidence in.

Some devices ARE more secure and can be set up to securely allow internet connection requests.

VPN - Virtual Private Networks are very secure and once a VPN connection is made, make it seem like you are actually home when you are away. You virtually tunnel through the VPN server and you are like home awaqy from home. The only problem is that they are more advanced to set up and use on a day to day basis.

Controlled and Limited Web Port Forwarding - If you trust your BI machine to be secure, you can expose just incoming web connection request to the internet. You do this by going into your router and configuring a rule to say that any incoming connection request to your home on port 80 (or 81) shall be forwarded to your BI computer on the same port 80 (or 81).

There are lots of alternatives in this area but you will NEED to grasp these basics first.

Post Reply