SouthernYankee
IPCT Contributor
Depend on how you disabled the bi computer.
How did you disabled the bi computer on the router.
How did you disabled the bi computer on the router.
Easiest Way to Secure Camera System
- Thread starter scquestions
- Start date
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
Just went in the Asus router interface and disabled internet access to the computer.
SouthernYankee
IPCT Contributor
Scquestions
In the Asus router, I disabled internet access for the complete home subnet. No internet access for the all computer, tablets, tv...
But from my tablet I am able to access the UI3 blue Iris web site. 192.168.1.234:8081 .... This is my local bi server IP address, with a web portal
Asus RT-AC66U router, clicked network map. Clicked the globe in the network status, internet status, click internet connection off.
In the Asus router, I disabled internet access for the complete home subnet. No internet access for the all computer, tablets, tv...
But from my tablet I am able to access the UI3 blue Iris web site. 192.168.1.234:8081 .... This is my local bi server IP address, with a web portal
Asus RT-AC66U router, clicked network map. Clicked the globe in the network status, internet status, click internet connection off.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
I can't access via my phone via the browser, nor the Blue Iris app, nor my laptop. Just the Blue Iris computer itself.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
The range on the Asus router was 192.168.50.2 to 192.168.254 but I changed it to 192.168.240 in order to assign IP addresses above 240 for the cameras.
I'll try to log in to the cameras if I'm able.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
I've found the camera settings.. I've found the page you mentioned but would rather not post a screenshot. It looks like I'm able to change the IP address from this interface. Maybe I'll try that?
And the camera is in DHCP mode, not static.. Maybe that is the problem.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
Well, I've been able to get all of the camera's IP addresses to switch to static and be outside the DHCP range. Your post helped me to figure it out. I had to set everything up in the router's interface (assigning the camera to an IP address) and then went into the camera's interface and changed it to static and entered that same IP address.
So, I'm set up there. Next I'm assuming it's necessary to change the Blue Iris PC's IP address to static also?
Tiny Cam Monitor Pro is working with the new IP addresses but I'm not sure why the Blue Iris app isn't working. Also, I'm still not able to access Blue Iris from another PC on the same network.
Yes, that cured the issue you faced last. Looking back, you were advised to assign static IP's to cams but I think it was assumed you would log into the cam and config it to be static. Even yours truly failed to make that clear...sorry.
Yes, by all means.
Insure in BI, 'Options' that the webserver is 'enabled'; when you attempt to run UI3 from another PC on your LAN open your browser (preferably Chrome) with this URL :
Code:
http://Your-BI-server-IP:BI-port/ui3.htmIf you do have user 'anonymous' enabled, insure that it is set for 'LAN access only' for that user.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
Thanks for all of your help.
UI3 is still just working from the computer itself, not from any other device. Maybe there's a setting within the router that should be changed?
It's just saying the connection timed out on Chrome.
Last edited:
SouthernYankee
IPCT Contributor
Scquestion.
From other PCs on your network can you ping the BI server.
Also what anri virus, firewall are you using on the BI server.
Disable your anti virus, firewall on the BI server, test from another PC if you can connect via ui3
From other PCs on your network can you ping the BI server.
Also what anri virus, firewall are you using on the BI server.
Disable your anti virus, firewall on the BI server, test from another PC if you can connect via ui3
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
Just tried to ping using command prompt and it timed out.
Everything is default Windows 10. I didn't install antivirus. The computer is disabled access to the Internet via the Asus router.
looney2ns
IPCT Contributor
Windows 10 includes antivirus and firewall, you will have configure it properly, with opening ports and such.
The BI help file discuss's this.
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
That was the problem! Thank you!
I opened up the help file, searched for firewall, and got the instructions. Now, on Windows Firewall there are three options, allow, allow if secure, and block. I chose "allow". Hopefully that's alright.
And this also fixed the issue with the Blue Iris app. It's working on my phone now.
Last edited:
scquestions
Getting the hang of it
- Joined
- Jan 19, 2015
- Messages
- 189
- Reaction score
- 17
I'm still struggling to connect to Blue Iris via UI3 via a cellular connection using Open VPN. I've tried both on my cell phone and on a laptop using the phone's mobile hotspot. It'll connect to the Asus interface, it'll show my cable IP address, but it won't connect to UI3 or the cameras.. Once connecting to the home WiFi network both worked again. I'm not sure if there's a problem but as far as I know the OpenVPN settings are all default. I've chosen to disable Internet access to the Blue Iris computer and each camera, so maybe that's the reason it's not letting me connect, but because it works on the home network I'd think it would work via the VPN too.
catcamstar
Known around here
- Joined
- Jan 28, 2018
- Messages
- 1,659
- Reaction score
- 1,193
The only odd thing I see in your setup, is the "block internet access" for the BI system. Just to make sure that this isn't the showstopper: can you enable it for just 1 minute, open VPN connection and try to load the UI3 webpage again. If that ain't not working either, you might have to look into a firewall rule on your BI system: if you connect locally, you are coming from a 192.168.x.x address, however coming from VPN, you enter through a 10 address.
Hope this helps!
CC
cuz
Getting the hang of it
Wow, lots of good info here, thanks a lot. One question I didn't see answered is...
Does anyone make an affordable 8 or 16 channel NVR that can require login over HTTPS?
So far the only one I can find is from Axis, but it's expensive considering the limited features when you compare it to Hikvision's offerings.
Thanks,
-Cuz
Does anyone make an affordable 8 or 16 channel NVR that can require login over HTTPS?
So far the only one I can find is from Axis, but it's expensive considering the limited features when you compare it to Hikvision's offerings.
Thanks,
-Cuz
catcamstar
Known around here
- Joined
- Jan 28, 2018
- Messages
- 1,659
- Reaction score
- 1,193
I'm not behind my NVR wheel right now, but I do know that Dahua IPC's carry the HTTPS feature (eg IPCamera/Setup HTTPS - Dahua Wiki). Not sure about the NVR though.
Edit: yes, it does: Troubleshoot/NVR/Expired Cert - Dahua Wiki
cuz
Getting the hang of it
Thanks, but the link you provided shows that the Dahua NVR supports login over HTTPS, but it doesn't say anything about requiring it. I want to disable the NVR's ability to accept an HTTP login attempt. The setup screen shown in the Wiki looks like you can pick any port you want for HTTP login, but not disable it. When we run vulnerability scans on our internal network, having an open HTTP port flags an alert. I am looking to replace my current old DVR with a newer IP based NVR system but it must have the ability to disable HTTP access.
catcamstar
Known around here
- Joined
- Jan 28, 2018
- Messages
- 1,659
- Reaction score
- 1,193
From the manual (http://www.dahuasecurity.com.ph/download/dhi-nvr5208_5216_5232-8p-4ks2_user_manual_20160822.pdf) on page 228, I deduct that you could throw HTTP port to 37337 for example, not sure whether (or not) someone is scanning these high ports for a webservice. Personally, I would secure your NVR in a seperate vlan just to avoid being able to be scanned anyways, then you just allow specific ips to connect to intervlan port forwards only.
Mike A.
Known around here
- Joined
- May 6, 2017
- Messages
- 3,828
- Reaction score
- 6,385
Everything gets scanned 24x7 these days. Common ports get hit more frequently but trying to obscure things on high ports doesn't do anything now beyond maybe delaying it being found for some number of days. e.g., From my logs just now over a couple of minutes (DPT= destination port):
And once something gets tagged as begin open you can often watch multiple remote hosts then start to target that host/port specifically.