There are several ways to do it. First of all, unless it is a PTZ camera, you probably don't need port 80 to be open. Only 554 is necessary to pull a video stream.
If you are going to forward ports over the internet,
you need to consider security. IP cameras are notoriously vulnerable to being hacked, and then the hacker not only has access to your video but they can use your camera and internet connection to attack other targets. You should not expose IP cameras to the internet. If your router supports
restricting the port forwarding rules to a particular source address or address range, then use this to lock it down so that only your own IP address is allowed to access those cameras.
Method 1) Use a site-to-site VPN
Install a site-to-site VPN tunnel between the two locations. This would typically be done by the routers at each location. When properly set up, this will allow devices on both networks to talk to each other as if it was one network. Here's one example with a good diagram:
Setting up a VPN Tunnel on two (2) routers
Method 2) Use a gateway VPN and connect the Blue Iris machine to it
It is also possible to achieve VPN-based access without support from your router by using a cheap linux PC (raspberry pi or similar, or just an old PC you have laying around) to run a
VPN server, then create a port forwarding rule at the remote site to allow the VPN traffic (for Wireguard VPN that would be UDP traffic on port 51820 by default). You can download and run the Wireguard client on your Blue Iris machine. That will join your Blue Iris machine to the remote network via the VPN so that Blue Iris can connect to cameras via their private IPv4 addresses.
Method 3) Use different source port numbers when you forward ports
When you forward a port, most routers allow you to specify a different external port number, e.g. like this:
In this example:
Traffic coming into the router on port
30107 would go to
192.168.30.54 port
554.
Traffic coming into the router on port
30105 would go to
192.168.30.51 port
554.
Traffic coming into the router on port
30106 would go to
192.168.30.53 port
554.
It is very important that you limit port forwarding rules to only trusted source addresses in order to prevent your devices getting hacked.
Method 4) Use IPv6 instead of IPv4
IPv6 is an IP addressing scheme that offers every internet customer literally 18,446,744,073,709,551,616 publicly routable addresses (or a larger multiple of that number!). With IPv6, all your cameras have their own public IP address and you can configure your router's firewall to allow inbound traffic on port 554 to whichever addresses you like, and it doesn't matter that they are all the same port number because each rule is for a different address. It requires a bit of a different way of thinking and it seems very complex initially, but IPv6 is actually simpler than IPv4 because you don't have to deal with a NAT (network address translator -- it is the thing that allows you to have multiple devices sharing one public IPv4 address). IP cameras from quality brands have supported IPv6 for a long time. However not all ISPs support it, and IPv6 support may be lacking in some routers. There's also less guidance online about how to set it up, so there is a bit of a learning curve as you discover how IPv6 addresses are written, what IPv6 subnets look like, and how to edit IPv6 firewall rules.
If you use IPv6, it is still important to restrict which source addresses are allowed when you write the IPv6 firewall rules, just like you would for the port forwarding rules when using IPv4.
