Banned IP Addresses

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
Three options really:

1. Change from port 81 to a random high number port (between 10000 and 65535) that is not commonly used for any particular service. Literally just pick a number, google it "port xxxxx" and see if it is commonly used for anything. This will dramatically reduce the amount of unwanted bot connections you get, since most bots are just scanning for low hanging fruit on default ports.

2. Run a VPN server. Doesn't have to be on your router. It can be on the Blue Iris machine, even. Disable all other port forwarding (including UPnP and NAT-PMP functions in your router) and only use the VPN for remote connections.

3. Run ZeroTier instead of a VPN server. It is basically a cloud-hosted VPN server that you can connect all your machines to, and they keep it free for home users by utilizing peer-to-peer tunneling methods whenever possible so they don't have to carry a lot of your network traffic on their own infrastructure. The downside is you have to trust a cloud service, and it will only provide access to specific machines that are running the zerotier client, not your entire LAN unless you do some advanced routing stuff that is even over my head.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
A Netgate 1100 is a fine little router and the pfSense OS has OpenVPN server built in, and Wireguard VPN server (which is simpler and more efficient) available as an installable package. I like the 1100 specifically because it is super energy-efficient compared to high-end consumer routers, and especially compared to old PCs that some people may use to run pfsense.
 

OICU2

BIT Beta Team
Joined
Jan 12, 2016
Messages
821
Reaction score
1,330
Location
USofA
Well now this has turned into something else I would like to build. Or I could just buy a Netgate 1100, and be done with it.
I have pfS running on an HP T730 thin client and also and HP T610 thin client, these are available fairly cheap on ebay, much cheaper then buying the actual Netgate hardware.
 

OBXJeepGuy

Pulling my weight
Joined
Oct 29, 2021
Messages
79
Reaction score
101
Location
Powells Point, NC
I have pfS running on an HP T730 thin client and also and HP T610 thin client, these are available fairly cheap on ebay, much cheaper then buying the actual Netgate hardware.
I am partial to the HP GT7720, as I have a few of them. Downside is, only 1 NIC.
 

CCTVCam

Known around here
Joined
Sep 25, 2017
Messages
2,660
Reaction score
3,480
Well now this has turned into something else I would like to build. Or I could just buy a Netgate 1100, and be done with it.
For that money just get a higher end home router been as you say you need a new Router anyway (I think you mean Router Modem rather than router).

I chose an Asus AX82U Router paired with a Vigor 130 modem run in bridge mode. The Router has modern features, top class performance reviews and a VPN Built in. May others on here are using Asus routers.

I have yet to set my system up - on with other projects ie renovating a room in my house, and still need some bits eg cabling. However, if you don't want to go True Router + Modem combination, others on here are using some slightly lower end but similarly priced Modem Routers from Asus (all in ones). I couldn't tell you the models but I'm sure someone will chime in. The 82U also has another model with slightly different letters in front that's an all in one. Its the same router but with a modem included internally.

I went separate as it means less to replace when something fails and generally there's evidence to suggest the separate parts are better overall. Can't comment on the router difference other than to say they should be the same, but I imagine the Vigor being a business modem is a world better than a built in modem especially when the price difference between built in and not built in 82u's is only around £10. By contrast the Vigor is a £100 modem. You get what you pay for as they say.

One advantage of going Asus, is I believe the VPN tutorial on here relates to an Asus Router.
 

OBXJeepGuy

Pulling my weight
Joined
Oct 29, 2021
Messages
79
Reaction score
101
Location
Powells Point, NC
Okay..... So to continue (finally) I settled on a Netgear CM1100 for simplicity's sake. I also now have a pfSense appliance in place, and running. Now I can't make thing access remotely via port 81 because I can't figure out the correct port forwarding rule. Yes, I know this isn't supposed to be done. Baby steps. I will change everything once I figure this rule thing out.
 

TVille

Getting comfortable
Joined
Apr 26, 2014
Messages
672
Reaction score
1,639
Location
Virginia
I just got an SG-1100 running last week and OpenVPN on Android. Works fine. Did you use the export add on for pfSense?

Sent from my Pixel 4a using Tapatalk
 

TVille

Getting comfortable
Joined
Apr 26, 2014
Messages
672
Reaction score
1,639
Location
Virginia
How are you trying to connect using OpenVPN? OpenVPN basically dumps your connection into your LAN side of your router. So if on your phone, it is like it is on the LAN, even when not. For things on the LAN, OpenVPN has nothing to do with it. The BI LAN connection is the same as to connect from another computer or phone on your LAN.
 

OBXJeepGuy

Pulling my weight
Joined
Oct 29, 2021
Messages
79
Reaction score
101
Location
Powells Point, NC
I am not trying to connect with OpenVPN. I’m trying to do so via port forwarding, which I still can’t seem to figure out.
Yes, I know port forwarding is the devil. Once I get that figured out for BI (and others), I will move in to a more secure way of viewing remotely.
 

TVille

Getting comfortable
Joined
Apr 26, 2014
Messages
672
Reaction score
1,639
Location
Virginia
I just installed the Android client, easier than port forwarding. Export from pfSense, use that for the client. Now I can get to ANY thing inside my network, including pfSense, wherever I am.

Sent from my Pixel 4a using Tapatalk
 

OBXJeepGuy

Pulling my weight
Joined
Oct 29, 2021
Messages
79
Reaction score
101
Location
Powells Point, NC
Well it appears port 81 is in fact open on my end, so I must have someting else out of whack. That's what I get for "upgrading".

EDIT: My DynDNS account didn't see the new public IP because I forgot to set it up in pfSense FACE PALM.
 
Last edited:

The Automation Guy

Known around here
Joined
Feb 7, 2019
Messages
1,377
Reaction score
2,738
Location
USA
Well it appears port 81 is in fact open on my end, so I must have someting else out of whack. That's what I get for "upgrading".

EDIT: My DynDNS account didn't see the new public IP because I forgot to set it up in pfSense FACE PALM.
That will do it (and we've all been there or somewhere similar).
 
Top