How to turn off WAN access ?

Spookiepower

Young grasshopper
Joined
Jun 9, 2015
Messages
78
Reaction score
2
I don't want WAN access to my camera or recordings, but can't find anywhere in the manual or the settings to turn it off. If I delete my WAN IP in the "Web server - Remote external wan/internet access", Blue Iris put my WAN IP back again by it self.

I already have VPN access to my server from the WAN side and want to keep it that way.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,023
Reaction score
4,823
Location
Houston Tx
if you have an ASUS router or similar router you can block the camera MAC address with the parental controls from access the internet.

From the camera or from BI there is no real way to prevent the camera from accessing the internet. If the camera is a chinese hack it must be blocked at the firewall / router.

Little thing that do not prevent the bad guy.. On the camera disable the p2p and upnp. Do not set a valid DNS or gate way addresses in the camera.
 

Spookiepower

Young grasshopper
Joined
Jun 9, 2015
Messages
78
Reaction score
2
It doesn't matter whats in Blue Iris, if you didn't open any ports on your modem/firewall then noone can access it ouside.
I thought that a program, like BI, could open ports from the inside by it self, so that one from the out side could get access in.

A lot of cameras has a web interface you can access from the WAN, but was not sure if BI has this function turned on or off.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,023
Reaction score
4,823
Location
Houston Tx
Depending on the manufacture/model of the cameras. I use dahua and Hikvision cameras.
Do not use cameras that that have you scan a QR code on your phone.
If your phone can access the camera your home network is at risk.
No cloud cameras. No nest or reolink type cameras.
The web interface on most cameras are for camera configuration. They use a local ip address that is not exposed to the internet.

If you want secure remote access to the BI machine and / or the cameras you will to set up a correct VPN

Please read the WIKI. the WIKI is in the blue bar at the top of the page.
 

Spookiepower

Young grasshopper
Joined
Jun 9, 2015
Messages
78
Reaction score
2
I already use VPN to connect to my cameras from the outside and that part works just fine, so I can connect to my LAN IP. I have always been using iVMS 4200, but startede a few days ago to use BI. It was then I saw that there was a web interface in the software, that gives access from the WAN side. I just want to be sure that there is no access from the WAN side, other than my own VPN.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
34,529
Reaction score
15,208
I already use VPN to connect to my cameras from the outside and that part works just fine, so I can connect to my LAN IP. I have always been using iVMS 4200, but startede a few days ago to use BI. It was then I saw that there was a web interface in the software, that gives access from the WAN side. I just want to be sure that there is no access from the WAN side, other than my own VPN.
The webserver does not provide any access to the outside. The only way it would be accessible would be if you port forwarded or went through the upnp process and also had upnp enabled on your router which your should not.
 

Rednick69

Getting the hang of it
Joined
Feb 5, 2019
Messages
35
Reaction score
32
Location
US
Just remove the gateway IP from your BI PC and your cameras. Will still be accessible on the LAN but not the WAN.
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
597
Reaction score
524
Location
Southern California
Just remove the gateway IP from your BI PC and your cameras. Will still be accessible on the LAN but not the WAN.
That would keep BI from sending notifications since it needs Internet for that. As already stated, the router is what regulates inbound access from the Internet. If no ports are forwarded, then the computer is not visible from the Internet. Removing the gateway from the cameras is fine because they shouldn't have any Internet access.
 
Top