#garfield Logs

Jun 04 2014

#garfield Calendar


03:54 Tom_itx those changes i made i believe had to be done
03:55 Tom_itx the port forward to the server was causing all the traffic to go there
03:55 Tom_itx so now i changed it to NAT rules but i'm still lacking a bit for success
03:56 Tom_itx the DVR connects to the dyn site and says it's working
03:56 Tom_itx i _think_ i can connect to it locally but i'm not sure since the program isn't working quite right
03:56 Tom_itx i can't connect thru the web yet
03:58 Tom_itx the guys from the ubiquiti forum seem helpful and real responsive
03:58 Tom_itx and suggested a fix but i'm not sure how to implement part of it
04:00 Tom_itx i can post the current config later on
10:48 rue_more 81/tcp open hosts2-ns
10:48 rue_more 82/tcp filtered xfer
10:48 rue_more 83 is closed
10:49 rue_more 82 is not setup right
10:49 rue_more what were your media ports?
10:49 rue_more and why is 53 open!?
10:50 rue_more whats 843 and why is it open?
13:11 Tom_itx i dunno about 53 or 843
13:11 Tom_itx i'm not using 83
13:11 Tom_itx i want to use 82
13:12 Tom_itx but it's good you can tell 82 is set wrong
14:23 rue_more you cant use 82 for two different things
16:00 Tom_itx i'm not
16:00 Tom_itx i'm using 81 for the server and 82 for the DVR
16:01 Tom_itx i'll post the latest config when i get back
16:44 Tom_itx http://tom-itx.no-ip.biz:81/~webpage/rue/video/router.txt
16:44 Tom_itx i haven't tested that one yet
16:44 Tom_itx untested changes are in the upnp section
16:45 Tom_itx that's the whole of the config
16:45 Tom_itx i think i need something in the firewall to allow for 82 but i'm not sure how to script it
21:30 rue_shop2 82 is your webserver right?
21:30 Tom_itx no
21:31 Tom_itx 81 is
21:31 rue_shop2 get mowerbot2 going
21:31 rue_shop2 convert hand tractor to vacuum motors
21:31 rue_shop2 ride bike
21:31 Tom_itx 82 is for the DVR
21:31 rue_shop2 new boiler design, figure out
21:31 rue_shop2 VMMF
21:31 rue_shop2 restock the nuts and bolts
21:31 rue_shop2 put goldfish in pond
21:31 rue_shop2 clear deck
21:32 rue_shop2 pnp cannot set up the dnat for you
21:32 Tom_itx without it, the DVR won't connect to their site
21:32 rue_shop2 82/tcp filtered
21:32 rue_shop2 that means it wont work, its not translating to your dvr
21:33 Tom_itx i need a rule in the firewall allowing it thru
21:33 rue_shop2 yes, a dnat rule
21:33 Tom_itx but i'm not sure how to write it
21:33 rue_shop2 how are dnat rules phrased
21:33 Tom_itx look at the txt file
21:33 rue_shop2 oh yea
21:34 Tom_itx that's the one running right now
21:35 rue_shop2 does your webserver run on port 80 or 81 internally?
21:35 rue_shop2 81 isn't it?
21:35 rue_shop2 you want it phrased like rule 2
21:37 rue_shop2 rule 4 {
21:37 rue_shop2 description "rues dvr rule"
21:37 rue_shop2 destination {
21:37 rue_shop2 port 82
21:37 rue_shop2 }
21:37 rue_shop2 inbound-interface eth0
21:37 rue_shop2 inside-address {
21:37 rue_shop2 address 192.168.1.121
21:37 rue_shop2 port 80
21:37 rue_shop2 }
21:37 rue_shop2 log disable
21:37 rue_shop2 protocol tcp
21:37 rue_shop2 type destination
21:37 rue_shop2 }
21:37 rue_shop2 set that up and I'll test it for you
21:37 Tom_itx server is on 81
21:37 Tom_itx it works
21:37 rue_shop2 I'm gonna go clear the deck and figure out a boiler design
21:38 rue_shop2 that rule above is for the dvr webpage
21:38 rue_shop2 biab
21:38 Tom_itx where did that come from?
21:38 Tom_itx but see, i made a group for that one
21:38 Tom_itx 82 is specified there
21:38 Tom_itx look at the top of the page
21:39 Tom_itx inside port wouldn't be 80 either
21:46 Tom_itx what you suggested is exactly what i have for the rule save for the addition of 'address-group ADDRv4_eth0'
21:46 Tom_itx the port 82 is defined in the group at the top of the file
21:46 Tom_L group {
21:46 Tom_L port-group dvr {
21:46 Tom_L description "port forward for VIDEO DVR"
21:46 Tom_L port 82
21:46 Tom_L }
21:46 Tom_L }
21:47 Tom_itx you can do port or groups
21:47 Tom_itx the group is in case i need to add the individual camera ports to it
21:47 Tom_itx which i've tried with no success
21:49 Tom_itx and rule 5 is the same but for the lan instead of wan
21:54 rue_shop2 did you make agroup for the ssh access?
21:54 Tom_itx no
21:54 rue_shop2 does your dvrs webpage not on port 80
21:54 rue_shop2 ?
21:54 Tom_itx no it's on 82
21:54 rue_shop2 then dont make agroup for the dvr
21:55 rue_shop2 ugh
21:55 Tom_itx my ISP blocks 80
21:55 rue_shop2 rule 4 {
21:55 rue_shop2 description "rues dvr rule"
21:55 rue_shop2 destination {
21:55 rue_shop2 port 82
21:55 rue_shop2 }
21:55 rue_shop2 inbound-interface eth0
21:55 rue_shop2 inside-address {
21:55 rue_shop2 address 192.168.1.121
21:55 rue_shop2 port 82
21:55 rue_shop2 }
21:55 rue_shop2 log disable
21:55 rue_shop2 protocol tcp
21:55 rue_shop2 type destination
21:55 rue_shop2 }
21:55 rue_shop2 then do that
21:55 rue_shop2 yea, you leave the webservers/ dvrs at 80 and use the firewall to translate it to other ports
21:56 Tom_itx so i'd leave the DVR at 80?
21:56 rue_shop2 well you changed it now, lets leave it
21:57 Tom_itx read this:
21:57 Tom_itx just got a reply
21:57 Tom_L http://community.ubnt.com/t5/EdgeMAX/Need-Port-Fwd-for-DVR-on-Edgemax-Lite-Help/m-p/864686#U864686
21:58 Tom_itx he suggested a couple firewall rules to allow those ports thru
21:59 Tom_itx and his rule matches what you just said
21:59 Tom_itx except the port 80 bit
22:02 Tom_itx the firewall rules may be what i was looking for... i'm gonna try it here next
22:16 Tom_itx brb rebooting router...
22:21 Tom_itx http://tom-itx.no-ip.biz:81/~webpage/index.php
22:21 Tom_itx can you see that page?
23:09 rue_shop2 nat rules, you have to use the nat rules
23:10 rue_shop2 did you try the rule I gave you?
23:11 Tom_itx it was the same rule
23:11 Tom_itx yes i removed the group and added port 82 etc
23:12 Tom_itx gotta go for tonight though
23:12 Tom_itx i had to put an old config on it for now
23:12 Tom_itx it wasn't working quite right
23:12 Tom_itx i'll make some edits tomorrow and try it
23:12 Tom_itx storms coming...