Port 80 blocked and video surveillance

Reply

This thread's discussion is locked. If it doesn't give you the information you need, head to its forum board for active discussions or to start a new discussion.

John2
Helpful Neighbour

Port 80 blocked and video surveillance

 

I use a CCTV system where the server has a web base access point for the user to enter from a remote location such as their home. This uses port 80 which Telus blocks by nature UNLESS you subcribe to their buisness plan. Shaw does not block port 80 with any of their internet plans.

Problem is the cctv server usually is located in a business but for the user to access this remotely is normally from home. It would not be feasible for the user to purchase a Telus business plan for their home just to have access to their cctv. As we know cctv/video surveillance is now being sold inexpensivly everywhere from Walmart to Costco and I think Telus is losing out on this sector of the market to Shaw which is ashame. I hope Telus would consider unblocking port 80 in the future just to stay competitive in this growing sector with Shaw Communication.

I heard Telus blocked port 80 in home users plans for reasons such as home based websites (increased traffic) to hacking, but doesn't Telus monitor and charge extra for excessive upload/downloads anyways?

Anyhow my short experience with Telus firber optic service/internet speed was very good and better than Shaw but blocking port 80 was a game changer. I am presently co-operating with the law enforcment in properly diciplining a criminal with thanks to CCTV, so having remote access is pretty important.

 I hope Telus would reconsider unblocking port 80 for home users in order to gain more users such as myself in the near future!

J

ScottyJ
Neighbourhood Alum
Neighbourhood Alum

Hi, @John2 - thanks for the comment, I have moved it fromt he article you commented on to the Home Services forums so that the community can better participate in the conversation.

 

Thanks!

 

ScottyJ

xl
CPU Alum
CPU Alum

For me.... I gave up on port 80 and looked for products that are not port dependent.  Drop/Nest cam is my preferred product.  DLink products are not port dependent either.

 

Not sure if it has changed.... my Trendnet cameras were port dependent, so they can no longer be used.

John2
Helpful Neighbour
I'm using a commercial grade system and have installed same ones in busy establishments such as Tim Horton's. I was hoping Telus would make it easier so folks would not have to dig around for systems that would work on their network. Why should the customer go through that much hassel or is this just a money thing from Telus point of view?
So as it stand for CCTV installation, Shaw's network, you can throw anything at it and it will work. Where as Telus, not so easy... I'm just hoping Telus would match up to Shaw. I know I would be back to Telus fiber optic in a heart beat!

J
Kolby_G
Ambassador
Why wouldn't you just redirect it to say port 8080 or 8081 using your router. Buying a different system seems pretty drastic for such a simple fix.
John2
Helpful Neighbour

That was the first thing I did but it's not an issue from the user end. It all has to go through Telus and they unfortunately block port 80.

While my short time with Telus Fiber Optic... at the time I did not know enough about the port 80, I tried changing the DVR server port to 8080...7575 etc. Then thought it was a Telus router issue so I bridged it and used a Linksys. Still no go because it's a internal Telus issue.

Kolby_G
Ambassador

Although I agree that Telus really needs to get with the times and unblock the ports, you are totally incorrect in saying that it has to go through port 80.

 

Leave the device alone, the DVR can run on port 80 just fine.

In the router(wording will be different depending on the model), change the external port to 8080(or anything really) and the internal port to port 80. The router will redirect all traffic targeting port 8080 to the local device at port 80. Of couse you will need to do something like this in the url to actually connect: "http://something.dyndns.com:8080"

 

I've done exactly this for FTP. I access FTP on port 821 externally, but the device itself is running on port 21 internally.

 

snip ftp 1.PNGftp 2.PNG

John2
Helpful Neighbour

I assume you mean in the router setting, I change it to portforwarding 8080 or any number? If yes I did that from the start. If not then I'm not sure what you mean. BTW, thanks for continuing with the inputs! 😄

 

J

Kolby_G
Ambassador

I'm not sure if every router has this feature, some consumer ones are pretty terrible. 

 

The screenshots I attached before are the screen where I can add nat translation (portforwarding).

 

You want the external(destination) port to be 8080, and the target port to be 80, the target IP should be the local IP of your device (usually 192.168.x.x)

 

Then when you are not on your network, open up a connection to yourip:8080 and it will let you access port 80 on the device.

 

So the device should be listening on port 80, the router LAN side should be forwarding to port 80, the router WAN side should be listening on port 8080, and your client (must be on a seperate network) should be targeting port 8080.

 

If you screenshot your router config page I can probably help, I haven't used a consumer grade router in years so I have no idea how its layed out or worded.

John2
Helpful Neighbour

Thanks again for input but I'm starting to understand you now and I can grab a screen shot from the dvr server tomorrow (at home now). But in all this really sounds like what I am already doing. Still didn't work when on Telus because .... Telus blocked me. I still have a hunch Telus should just let port 80 go like their competitor and make life easier for the customer(s). I think they may benefit more.

 

J

Kolby_G
Ambassador

Is the DVR server running at a business? You can't have a home plan at a business location and business plans are not port blocked (AFAIK). Were you having trouble accessing the DVR at your business from your home?

John2
Helpful Neighbour

Yeah I know what you are talking about hence my first few post explained all of that. So here is what I did...

 

1) DVR server on Shaw service.

 

2) At my home I had both Telus fiber Optic AND Shaw service.... I was actually switching back and forth for this test and actually found Telus service to be much faster plus customer support were much friendlier. 🙂

 

3) Did not have success connecting to my DVR server with Telus due to port 80 from home. What I saw was with Shaw, I was able to connect no problems. Switch to Telus, it would allow me to load up to login screen and cease right there. But during the long long climb to discovering this... I read that the Actiontec router I had did not have bridging features. I then upgraded to a better model of Actiontec router to allow me to bridge and still no go. I went through this with Telus tech support and they finally told me it was port 80 on their end.

 

So results was I either pay extra for "business plan" on both business and home location just to get the same results of what Shaw offers on their plain jane home plan. I said they should reconsider unblocking port 80 and gain more customers from surviellance users. After all these kind of technolgies are getting to be everywhere now and very inexpensively so why lose out to Shaw? This wouldn't be just me but many other out there I'm sure.... I'm just putting the efforts to speak out and hope Telus would address this so I can happily come back. They have it on record what lenght I went through just to stay with them. Anyhow they asked me to come here and make my say and hope the higher ups would read this and address the issue.

 

J

 

Kolby_G
Ambassador

As I said before, I agree with you that the port blocking is stupid, I'm not arguing that at all. However, if the DVR was on your shaw account and you were accessing it from your home account on telus, it was not a port block interfearing. Telus blocks port 80 incomming, not outgoing. If port 80 was blocked outgoing no websites would load, because that is the standard http port. Since your DVR was located at your site that uses shaw, it would not be effected by the port block at all.

The port blocks are for incomming ports on Telus's home plans, so if you were running the DVR at your house, port 80 wouldn't get through. There was/is another issue going on here, I'm not sure what it would be without more info, but it's definitly not a port blocking issue.

 

Care to provide:

DVR model or in the case of a server, the name of the software.

Any ACLs on your DVR or router at your business.

Screenshots of your port forwarding/firewall rules in your router.

Firewall rules of your home router.

Any VPN in use?

PhilTheThrill
Resident

So if I was to get a business account, with a static ip, port 80 would be unblock ?? I'm getting really frsutrated with this, I've been on the phone for days and most the time they dont even know that port 80 is blocked, tell me that is in my modem that I need to change port forwarding. They tried to tell me when we 3 way actiontec, that when i set my modem to using a static ip, when I enter the ip info that I need to use my domains ip ?!?!? Like WHAT, I don't think they even know what theyre talking about. I ended up entering the dhcp ip i was automatically given as the ip, but of course that ip's ports are blocked. I've really had it, all I want is the dam port 80 open so I can run my small business website from my house instead of renting a vps for a 100 bucks a month. Its garbage, I own a small construction business and I'm proficient with computers so I want to run a lemp setup from my second computer at home to host my small construction business website !!! I may serve like 500megs per month, and I have an unlimited gig plan right now at home which I usually make about 600 gigs of tranfers a month, what would my small website do ... nothing. I think its a load of crap ...

John2
Helpful Neighbour

Hi Kolby,

 

OK so Telus blocks "incoming".. I forgot to mention that part of how this works is the DVR server sends out a Quick Time components for me to activate the video. I can not download this component from home after login whith Telus. I use the same PC, same webrowser and reconnect my DLink router back to the Shaw modem and it then works. A reminder, my Telus Actiontec is in bridge mode so no changes were done on the DLink router settings during this test. I just like to hear your input before I post my router/DVR settings since I'm still trying to take in what you say about not Telus issue with blocking port 80.

Kolby_G
Ambassador

Port 80 still wouldn't be in the way, the DVR is the server sending you the file, your computer is not the server. 

If you are not changing config at all then there is something else stopping the connection, but it's not port blocks.

 

Did you verify that your modem is in fact in bridge mode? What kind of IP is your dlink router getting?

 

What is the exact part that the connection fails on? You say it's on downloading quicktime components? Why would you need to download those every time? Is there another part its failing on? Any error messages?

 

 

If it works with the exact same config on Shaw then its not an issue on the server side, unless you have setup ACLs, if so, post them here.

 

There should be absolutly no reason for you to not be able to view the DVR from ANY connection. Assuming its a webgui, it's no different then accessing google.com.

Kolby_G
Ambassador

@PhilTheThrill

 

Yes on accounts with static IPs there are no port blocks.

 

In your case, the port block would effect you as the webserver would be in your house. I totally agree that its rediculous to block ports when their charging for data anyways.

 

You clearly didn't look hard for VPSs if all you found was $100/mth.

https://www.digitalocean.com/pricing/

The $5 per month plan would be more then enough for a small business website running on LEMP. I would bet that your "server" would consume more then double that in electricity costs per month.

John2
Helpful Neighbour

gv port.jpg

John2
Helpful Neighbour

routerportforward.jpgJust some screen shots from the server. One of the systems I'm using and did the test on was on a Geovision system.

About a VPS, I didn't want to go through the hassel on my end. Just wanted this to work as easy as it does on the Shaw network.

Kolby_G
Ambassador

Ok, so according to that pic, you have a webcam server and a control center server. Are both of those located at your business location on Shaw? Port 80 isnt listed as a port that is used at all, the only one on there that telus blocks is 443, but again, only for incomming. So long as both those servers are at your business location you should be fine.

 

Is the dlink screenshot your home or business router? You dont need to port forward on the client side at all.

 

If that's your business side your missing TCP on the SSL port, SSL doesn't run on UDP.

John2
Helpful Neighbour

No, all those screen shot are from the server side, not my home. Still find it weird how this works on one network and not the other.

Kolby_G
Ambassador

If that dlink router is server side, that could be one of your issues, add TCP 443 to your SSL forwarding. 4550 and 5550 you have listed as UDP only as well, is that what they use according to your DVR documentation?

 

How do you connect to your DVR from home? Is it an application? or a web interface like http://1.1.1.1:7575?

John2
Helpful Neighbour

Those other ports are reserved for other features. Yes I do access the webserver like you said...http://1.1.1.1:7575

Kolby_G
Ambassador

I assume those ports are open in your windows firewall as well? I see you're using AVG, are they open there too?

 

If your accessing via a webgui chances are you dont need to forward anything other then 7575 and 443 (and possibly both mobile ports for an app). I could be wrong as I've never used that specific system, but it looks most of those ports would be used for inter-server communication. If that's the case what you have open is a huge security issue. 

 

Persoanly I wouldn't even open port 7575, I'd use the SSL port instead and connect with https://

John2
Helpful Neighbour

Yeah 7575 was left there due to me trying out all sorts of numbers to get it to work with Telus. I should change that! Ports should be opened for those numbers on firewall side... after all it works with no glitches on Shaw. Just didn't have success on Telus side until a few of their tech support mentioned something about the port 80 being blocked which was the cause of my headaches. Unless I paid more than what I already have with Shaw to get the same results which I thought was unlogical.

Kolby_G
Ambassador

Using 7575 rather then 80 is fine, in fact it is marginally more secure as its not a common bot target, but the fact you have ALL those ports open if they are not needed is a problem. Just because it works doesn't mean you don't have vulnerabilities, you shouldn't just open up every port and once it works just leave it at that. If you want open ever port to begin with and close ports until it stops working. Then you only have the minimum required ports open for it to function.

 

Saying it works with no glitches would be like saying that youve opened up port 1-65535 to point to your computer. Yes it works but its an extremely bad idea.

 

If you are completly sure that ALL of those ports are in fact nessesary for remote viewing then leave them open, but I would seriously consider using a VPN instead at that point and then closing ALL the ports.

John2
Helpful Neighbour

Yes, opening the ports are for other features I use to access the system and it's been running for several years with no problems. I know what you are saying but this is drifting from the main topic and doesn't resolve why I can't connect via Telus network. I was hoping to find a solution so this would work just as less complicated as it does with Shaw. Like I said before, Telus fiber optic speed is really NICE!

Kolby_G
Ambassador
There is no reason why what you are doing would not work. If you are using the exact same config and the only thing that changed was the ISP, then you are going to have to provide some server or router logs of your connection attempts with both isps so I can see exactly what's going on. I assume you no longer have Telus's service so that may not be possible. But your issue isn't with port blocks, it could be an issue with your bridged setup, but I can tell without a bit more info which you can't get if you no longer have Telus. I am curious why you went with bridge mode rather then just bypassing the actiontec entirely. You can just plug your router into the ONT instead.
John2
Helpful Neighbour

You know, speaking to you has been more interesting than speaking to the Telus tech support for sure! You have hit some points right on or made some accurate guesses as to what I was doing. Why did I bridge the Actiontec, I'm not proficient in this department I must admit but know a little. Anyhow after reading and trying to resolve this on my own and with so call Telus tech support. I was lead to believe bridging would mean by passing the Actiontec, since I was lead to believe some of their firewall stuff was just too tight.

Switching ISPs and getting no where with Telus, at the end they said, I had to pay extra for a Business Plan (for home) to unblock port 80. Then come here to talk about it (after I returned their modem). I wished they just aided me in by-passing their modem if you say it was a setting issue.

Oh I was told I should not connect my router in place of the Actiontec because my router can not determin which signal were optic TV or internet. Thus the Actiontec must be present to sperate those kinds of data.

 

So now I'm thinking..... was their tech support useful? Hmmm. All they basically said was to cough up more money. I am no means trying to boost Shaw but it seems they are not so bad after all.

 

Anyhow you are right, I no longer have a Telus modem nor account so I hope someone reads this and post what they did to their CCTV system on a Telus network and show how it worked for them. The brief reading I did while with Telus showed un positive results but then again they didn't have a guy like you around who can truely dig deep and trouble shoot.

 

J

Kolby_G
Ambassador

You are correct that your router probably cannot handle the TV stream, most consumer routers cannot. There is still another way rather then bridging though, I've never tried bridging so I'm not sure weather or not there are still limitations.

 

The best way IMO is to connect both the actiontec and your own router to the ONT using a basic network switch. Port 1 on the ONT is the only active port, so you will need a switch, you can't just use port 2. Connect the ONT port 1, your routers WAN port, and the actiontec WAN port all to the switch. Then connect all your computers to your own router and just use the actiontec for TV only.

 

As for the tech support, honestly, unless your only doing basic things that 99% of people do, tech support will be useless. They are trained to handle things like email not working, cable unplugged, resetting routers, etc.

 

Back when I had shaw, the modem had dropped offline one night, I knew it was their end (DS/US/Online were all off) but even so, they insisted it was my router. I pretended to go through all their troubleshooting steps and finally after about 5 minuted of pretending to follow their instruction they said that they would reset it.

 

As for the CCTV system, I can tell you that I have one at my house, redirected through port 4431, and it works just fine. In addition to that, I regularly connect to multiple other security systems similar to yours with no issues at all.

 

If you ever decide to get fiber again feel free to let me know and I'll help you troubleshoot.