Jump to content
kdberg

multi-NAT routers / firewalls

Recommended Posts

Installing two DVRs in the same customer location. They already have a single static ip through roadrunner, and will now need to access either dvr remotely over the internet. Looking for recommendation of routers / network appliances with multi-NAT support that will correctly route incoming traffice based upon which static ip address it came in on.

Share this post


Link to post
Share on other sites

This will not be easy. You will need a router that can announce two IP address and route them to the proper location. May I recommend Cisco. Or you can use two different ports on the DVR’s to transmit video. Your remote software must have the ability to change ports on a per site basis.

 

Are these PC base or embedded?

What manufacture?

Can you change the ports that the video transmits on?

Can you specify the ports that the client software uses on a per site basis?

Share this post


Link to post
Share on other sites

If you are using GeoVision, this is easy to via the software, using different ports as heloder suggested.

 

A good router that supports multiple NAT is the Draytek Vigor 2600. That is the router we use.

Share this post


Link to post
Share on other sites

The consumer grade stuff isn't going to do it, not well and not cheaply. Is the software using some sort of webserver?

Share this post


Link to post
Share on other sites

It's actually a mix of DVRs, Dedicated Micro DS2 and Kalatel so far. Both have imbedded web servers, and I wanted the user to be able to connect to each via default port 80 as well as being able to use manufacturer specific viewing software.

Share this post


Link to post
Share on other sites

K, a couple of things that might work. If you can change the ports to something else, you can use a service like no-ip.com to do a port redirect. If the manufactures software can deal with that then you should be golden.

Share this post


Link to post
Share on other sites

OK. You will want two static IP's behind one router. Each DVR will have a public IP. Your ISP may have a good router to do this. If not, use the Cisco SOHO 90 Series. http://www.cisco.com/warp/public/cc/pd/rt/ps4866/index.shtml But you will need someone to help you announce the IP range in the Cisco routers. I have two people in support who worked for UUNET and MIC. We may be able to help you out.

 

j

Share this post


Link to post
Share on other sites

Is there any reason why you could not just set DVR#1 to port 81 and DVR# 2 to port 82 then just give both internal I.P. and map through the router these ports to internal I.P's all comes down to if you can change the port on the DVR... this way 1 router, no need for expense either and only one static I.P. just remember to put port extension on the I.P address you enter into the browser eg 210.216.14.82:81

Share this post


Link to post
Share on other sites

if you can not change ports on your crapy dvr's

 

just use 2 low cost ~$80 routers like linksys/cisco

1 st router and 1 st dvr remap ports port 80 in 8088 out

2 nd combine all to one net out to internet on stack port numbers 8088 8089

or what ever is not use on your network to one static ip on your cable internet

 

dusan

Share this post


Link to post
Share on other sites

I have the same issue. I have a SQL Server running, a DVR running, and a Dlink DCS5300W wirless running on the same intranet. As long as I am in the intranet I have no problems communicating to them. But, when I attempt to view via the internet I can only communicate with the SQL Server. Port 80 is wide open but 81, 82, ect. are blocked by the ISP, which basically shuts down my choices. What other ports can I attempt to pass Video on and is there a better way to get around the ISP road blocks?

 

Thanks inadvance

Share this post


Link to post
Share on other sites

Strange that they block other ports. But some commanly used ones that should be open are:

 

20 FTP data (File Transfer Protocol)

21 FTP (File Transfer Protocol)

22 SSH (Secure Shell)

23 Telnet

25 SMTP (Send Mail Transfer Protocol)

43 whois

79 Finger

80 HTTP (HyperText Transfer Protocol)

110 POP3 (Post Office Protocol, version 3)

115 SFTP (Secure File Transfer Protocol)

119 NNTP (Network New Transfer Protocol)

123 NTP (Network Time Protocol)

137 NetBIOS-ns

138 NetBIOS-dgm

139 NetBIOS

143 IMAP (Internet Message Access Protocol)

161 SNMP (Simple Network Management Protocol)

194 IRC (Internet Relay Chat)

220 IMAP3 (Internet Message Access Protocol 3)

389 LDAP (Lightweight Directory Access Protocol)

443 SSL (Secure Socket Layer)

445 SMB (NetBIOS over TCP)

666 Doom

993 SIMAP (Secure Internet Message Access Protocol)

995 SPOP (Secure Post Office Protocol)

1352 Lotus Notes

1433 Microsoft SQL Server

1494 Citrix ICA Protocol

1521 Oracle SQL

1604 Citrix ICA / Microsoft Terminal Server

2049 NFS (Network File System)

3306 mySQL

5010 Yahoo! Messenger

5190 AOL Instant Messenger

5632 PCAnywhere

5800 VNC

5900 VNC

6000 X Windowing System

6699 Napster

6776 SubSeven (Trojan - security risk!)

7070 RealServer / QuickTime

7778 Unreal

8080 HTTP

26000 Quake

27010 Half-Life

27960 Quake III

Share this post


Link to post
Share on other sites

I know this is an old post, but I'm new here and I've got some relevant info on this subject.

 

We have a client with over 10 Geovision servers (6.05 currently, due to mix of new and old cards), each located at a different remote location. They have a fairly complex Wide Area Network.

 

They wanted to view ALL of their servers from the Internet (i.e., from home or anywhere else on the Internet, they wanted to pull up any of their 10+ servers).

 

The problem? Only 5 public IPs.

 

I ended up solving the problem using only ONE Internet IP. I installed a Linux server with firewalling software. On the Geovision side, I set up each server so that it had a unique port range. Then, I created a custom web-based (PHP/MySQL) app which had a GUI in which users could click on the server they wanted to view. It works great. Geovision must tell the ActiveX client what port range it's using, because no setup is required on client PCs.

 

Using the Windows clients of course requires lots of setup, due to the non-standard ports. But this particular client is fine with the ActiveX viewer.

 

Anyway, the client found the app so useful that they had me expand it to include usernames/passwords with security permissions, so certain users could only access certain sites. Of course, this wasn't REALLY blocking someone from accessing those particular ports, but none of these people are network hackers, and live by the GUI.

 

So, if you've got lots of systems behind a firewall, keep in mind, this IS definately possible. It does require some effort, but it can most certainly be achieved!

Share this post


Link to post
Share on other sites
Just use a $50 switch (not a router). We do it all the time. A linksys does it for us:D

 

How does a switch provide for routing capability via the Internet?

 

Some clients think that Linksys routers are totally insecure and won't go for them. At those locations I put in a Linux router box.

Share this post


Link to post
Share on other sites

When the DVR's (not PC Junk-High End Standalones) are the only items on THAT network a 50 dollar linksys will do. Try it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×