access outside of local internet

[icerabbit]

Shooting from the hip here. Does both your incoming and outgoing traffic go over dish, or is incoming faster over dish and outgoing slower over the phone line?

I recall back in the day when I looked into sat internet, traffic was split.

 

[nayr]

Huges is two-way; no phone line dependancy.

 

[icerabbit]

Interesting.

Seems the customer IP is private within a larger pool of customers and so whatever rule you setup in your house may not / won't work, because the way the dish network is supposedly setup (from what I just gleened). That rules and ports would need to be set up one layer higher withun the dish infrastructure.

Upgrading to a static IP may help, though $$.

https://community.myhughesnet.com/hughesnet/topics/gen_4_public_and_dynamic_ip

Funny thing is though that all of us on landlines pretty much have dynamic ip adresses, yet get to knock on our own digital door, but with dish that doesn't happen.

Clearly the OP is not alone though.

Back to the network engineer?

 

[nayr]

ouch; yeah your behind a NAT router you cant control (the dreaded double NAT).. your basically shit out of luck; I doubt Hugesnet is going to help

The only real way arround this would be to get a box somehwere you can get access anywhere and then VPN to it from your home network; and use it as a relay.. not exactly simple.

A Cloud NVR service might work since you connect to it and not the other way around.

Basically your router/modem does not get a routable IP address so you cannot access it externally; it gets an address in the local IP space so nothing external can find it... or to put it another way your router uplink is to a larger LAN and not direct to the internet.

 

[icerabbit]

Thanks for confirming that, Nayr.

 

[shera]

Thanks for confirming that, Nayr.

I called wild blue/exceed and they say it won't work with their satelite either. What if I use one of this DNS websites? Would that help any?

 

[icerabbit]

Most unlikely from what I gather, because the service will have the IP address of the customer pool that you are in, which contains a few hundred customers, or more.

It gets technical really quick, but this has some info from within the last month near the top:
https://community.myhughesnet.com/hughesnet/topics/accessing_security_cameras_through_hughes_net_gen_4

and links to this recent thread:
https://community.myhughesnet.com/hughesnet/topics/several_questions_regarding_gen4_ipv6_operation

Supposedly according to one earlier article the new ipv6 web addresses would solve the issue, where they ran out of ipv4 addresses before; but that doesn't seem to have materialized. New addresses are there and remote access and server stuff is still not working.

Of note in the above link, one of the Hughes reps deflecting that it is for security reasons. " ... In order to keep you as secure as possible as both a HughesNet customer and satellite technology user, the ability to remotely access your system is limited. "

While the increased security is certainly there, we can't deny if you can't serve something and nobody can see you, it is hard to get hit with something; but is saves Hughes a boatload of bandwidth by neutering all customers' online capabilities.

Given that upload speed with HN is also not great, you may be stuck with setting up an (extra) email address and sending snapshots; or something like dropbox and uploading images maybe clips, or using ftp to send stuff to a server, ...

Keep in mind that upload bandwidth is a similar issue for all the folks on a standard hardline broadband internet line in the US. I can do 1 web stream up to 100KB/s; while each of my cameras sends out 500KB/s for the main stream and the sub streams maybe a 1/3 or 1/4 of that.

Remote login to a computer at your home is a thought but probably futile. Some of the tech support solutions can poke through restrictions and require no setup, ... but I'm just not seeing anything practical work.

Hughes and other dish internet providers probably all run the same tight ship, to keep their limited infrastructure from crumbling under load. The more they can minimize traffic and keep off the network; the more they have a chance of giving customers at least some minimal email and browsing service. Only option would be to switch to a land line, which more than likely is not an option since you are using dish internet.

 

[shera]

So using like no-ip.com for a dns name won't help me ?

 

[icerabbit]

The way it reads how Hughes Network is setup: no

Conventional system:

WWW Internet
> ISP Backbone
> Provider Equipment
> Physical line
> Every customer has internet modem with a conventional internet IP address (dynamic or static, visible to outside world)
> Local Network in your home, with router and other devices

Dish system

WWW Internet
> ISP Backbone
> Provider equipment with internet IP (visible to outside world) + Firewall and other equipment
> Over the air traffic to customer dish
> Customer device / modem WITOUT conventional IP ADDRESS
> Local Network in your home

That just to say, that they are treating a pool of subscribers all as a local network; and so when you are online and do a whatismyip or similar discovery; the address returned is that of hughes equipment, where they filter all incoming and outgoing traffic, compress some to save bandwidth, etc. So when you give a DNS service that IP address, it knows where Hughes equipment is on land and in the cloud maybe, but not where you are on the ground. Stuff gets blocked, hung up and/or filtered due to technical limitations from the get-go whenever they started with dish internet and / or the intent to preserve as much bandwidth as possible.

 

[shera]

Thank you. Looks like I am SOL. Thanks everyone for your help and input!

 

[icerabbit]

It does look that way unfortunately.

If you have the time and energy, give Hughes a call and ask the right questions. I know they probably have heard it all, and they know their customers don't have any leverage to get them to change their minds on allowing more services, because there most often is not another provider to switch to (which offers some faster service with some limited web server options). Maybe they'd give you some line credit for the trouble. Even land line customers in rural areas only have one choice typically. I have two options and picked the less evil one. Last person on the line. I cannot get more bandwidth until they upgrade the whole state to fiber in the next hundred years and double to quadruple the service bill.

Found something different
Logmein for remote computer access supposedly works, so if you can get the home computer to see cameras and setup logmein you'd at least have one remote viewing option. Whether the line is fast enough to do it is another matter.

http://jacksontech.net/index.php/articles/hughesnet-networking-faq/

Note: I think there's an error two in the above faq - as I've read a couple statements elsewhere that said a few details otherwise with regards to blocking ports and services (I think hughes actively blocks it, whether as a side effect of the infrastructure or through additional hardware and/or software means ) but anyhow, it confirms that the noip dns stuff doesn't work.

At the same time it is saying again that an ipv6 address for the new box is routable to the outside.
Maybe our local expert nayr can chime in one more time, for that. I know a few things about it (like how it is a longer address etc) but don't know how and if you could leverage it for the remote access you are looking for.

 

[nayr]

Unless your mobile/remote service includes IPv6 native stack it wont work.. if you do get IPv6 access on your mobile/remote it should work over the v6 network as he'd have a routable IPv6 address.

http://test-ipv6.com/

 

[shera]

Unless your mobile/remote service includes IPv6 native stack it wont work.. if you do get IPv6 access on your mobile/remote it should work over the v6 network as he'd have a routable IPv6 address.

http://test-ipv6.com/

ip6 worked on my pc via hughesnet ! does this mean it can be done ? I also tried getting a ddns name, minormountain.dnsalias.com but have not had any luck getting that to work either. any help is greatly appreciated.

 

[nayr]

It has to work on everything you ever wish to access it from or it wont work at all...

Few places have IPv6 support; even fewer have it configured to be used.. my AT&T Android on 4G LTE Failed the IPv6 test so it would not be able to communicate with your routable IPv6 address.

 

[JackRubin]

I just moved into Hughes country and want to set up security cameras with remote access. Has anything changed for the better in the last three years? I'm perfectly happy with stills instead of streaming; I just want access! WeMo works for lights so I guess I could fall back to a web-based service like Foscam Cloud but that doesn't seem like as much fun as running MotionEyeOS on a Raspberry Pi.

 

[Bryan Ebeling]

I just moved into Hughes country and want to set up security cameras with remote access. Has anything changed for the better in the last three years? I'm perfectly happy with stills instead of streaming; I just want access! WeMo works for lights so I guess I could fall back to a web-based service like Foscam Cloud but that doesn't seem like as much fun as running MotionEyeOS on a Raspberry Pi.

We deal with customers quite often that have Hughesnet and unfortunately it just isn't possible to do any port forwarding with their equipment. Exceed is the only satellite service that allows port forwarding that I am aware of. Get some type of web based service (like you mentioned) that does not require port forwarding. CheckVideo cameras will send images based on analytic events but there is a monthly cost associated with that because it connects to their servers and you will need a dealer as a middleman. Sorry, I wish I had more recommendations for you. Good luck.

 

[JackRubin]

Grr - thanks(?) for confirming the bad news. :>(
Looks like I'll have to go commercial.

 

[Bryan Ebeling]

Grr - thanks(?) for confirming the bad news. :>(
Looks like I'll have to go commercial.

My brother has Dropcams at his house and doesn't need port forwarding for them. You might want to look into those. He has them inside looking out of the windows and they connect to his wifi.

 

[fenderman]

My brother has Dropcams at his house and doesn't need port forwarding for them. You might want to look into those. He has them inside looking out of the windows and they connect to his wifi.

worthless garbage...