Finally figured out the windows defender issue and can see the data around my local network. Now I'm having trouble getting it past my ATT ABGW210 DSL modem. I ran the web setup and can see the web page inside my network, even got the app to work as long as on the home network but it looks like my modem firewall is blocking traffic out of the home LAN. I presume the service is blueiris.exe and port 81 but not sure what it means by "global port range" for the exception.
******************
OK, I may be asking the wrong questions; I installed stunnel and the web wizard is asking about ports, etc. from stunnel. (my gut feeling is I'm better off using stunnel than opening up a hole in the firewall.)
ADSL modelm firewall help needed
-
tardigrade
- Posts: 20
- Joined: Fri Dec 29, 2023 5:35 am
Re: ADSL modelm firewall help needed
Hi, yes, opening a port through your modem firewall should be the easiest method, but it opens you up to port scans and maybe worse. I did see people trying to scan or connect to my BI5 pc in the log when I did that.
It is usually as simple as knowing that external internet WAN port '123' needs to be sent to your internal LAN BI5 pc which is on <Your internal static IP> at port '123'. The difficulty is that your home WAN address can change, but there are many ways (including DDNS which your modem may handle) to get around that.
I haven't used Stunnel, but it does appear to be one of the secure methods for remote viewing. I previously used OpenVPN, but it made my brain hurt setting it up, and you had to initiate it on your mobile device before starting the BI5 app. I'm presently using Zerotier which was much simpler than OpenVPN to set up, but harder than just opening a port. You basically set up a free online account, and then add in and enable your BI5 pc and your mobile devices which each get a new IP address that can work across your modem/router without any further fiddling. Now I don't have to initiate anything, it just works - at home and remotely - and no foreign IP addresses trying to break in.
All of these methods have different security levels, but Stunnel or Zerotier and the like should be good enough for most of us.
It is usually as simple as knowing that external internet WAN port '123' needs to be sent to your internal LAN BI5 pc which is on <Your internal static IP> at port '123'. The difficulty is that your home WAN address can change, but there are many ways (including DDNS which your modem may handle) to get around that.
I haven't used Stunnel, but it does appear to be one of the secure methods for remote viewing. I previously used OpenVPN, but it made my brain hurt setting it up, and you had to initiate it on your mobile device before starting the BI5 app. I'm presently using Zerotier which was much simpler than OpenVPN to set up, but harder than just opening a port. You basically set up a free online account, and then add in and enable your BI5 pc and your mobile devices which each get a new IP address that can work across your modem/router without any further fiddling. Now I don't have to initiate anything, it just works - at home and remotely - and no foreign IP addresses trying to break in.
All of these methods have different security levels, but Stunnel or Zerotier and the like should be good enough for most of us.
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.
Re: ADSL modelm firewall help needed
Opening port 81 (or 80 or any other for that matter) is only a worry if you feel that the application listening on that port (BI in this case) has security holes that can be exploited through the port.
I trust that Ken has secured his app with enough thoroughness to trust it.
I have practiced enough user caution (not using "user"/"password" for my user credentials) to trust it.
That is just me though, I'm certainly not going to warranty your use of it.
I trust that Ken has secured his app with enough thoroughness to trust it.
I have practiced enough user caution (not using "user"/"password" for my user credentials) to trust it.
That is just me though, I'm certainly not going to warranty your use of it.