Which ports to forward for dahua ptz?

wrybread

Pulling my weight
Sep 12, 2018
256
119
San Francisco
I'm setting up port forwarding for a dahua SD49225T-HN ptz camera. I'm well aware if the risks of doing so.

I can't find a list of the exact ports I need to forward. One guide I found says I need to forward ports 23, 80, 443, 554, and 37777, both udp and tcp. That's a lot of ports though and I don't want to forward anything I don't need to obviously .

Does anyone know which ports need to be forwarded exactly?
 
I think I am. And this camera is using an internet connection with almost nothing else on it (it's this and the web interface for a solar charge controller). And the camera itself is a semi public camera to look out over the beach, not a security camera. If someone does somehow manage to gain access to the admin interface it would be at worst a small short lived nuissance. If they somehow managed to install software on the camera it would be downright interesting, and I think the danger of that happening is way overstated on this forum anyway (assuming of course we're doing sensible things like using the latest firmware and good passwords). And if I suspect anything I can monitor our router's logs.

But if you can think of some compelling reason that the danger is so bad that it's worth sacrificing significant functionality given our scenario, then I'm listening.

Otherwise, still curious about which ports are required for this camera, since I've read a lot of conflicting information and obviously don't want to open ports that don't need to be opened.
 
Last edited:
  • Like
Reactions: hidroela
@wrybread , it depends on the application, you want to use to access.

Use Port 80, if you want to access with http = browser.

Use Port 553, if you want to access the rtsp stream, e.g. with IP Cam Viewer App on your mobile.
 
Great, thanks.

> Use Port 553, if you want to access the rtsp stream, e.g. with IP Cam Viewer App on your mobile.

Guessing you mean port 554?
 
Sorry, you are right = 554
 
Probably not worth it's own thread, but does anyone reading this happen to know how to change the default password for the ONVIF admin username (Settings -> System -> Account -> Onvif User)? It's requiring the current password to change it, which I don't know (it's not "admin" or the password for the main admin account). I can create a new ONVIF user, but not delete or change the password for the default account.

And any other suggestions for hardening (as much as possible) a public facing Dahua camera?

Obviously keep the firmware up to date and use good passwords.
 
Last edited:
The ONVIF admin password is the same, that you use at the login to your camera. Maybe you had a typo?
 
> The ONVIF admin password is the same

You'd think it would be, but it definitely isn't on my SD49225T-HN with the latest firmware.
 
Well, I just test it = change the ONVIF Admin password at my SD59430U-HNI. And the "old password" is my camera Admin password, which I use to login to the camera.

Maybe your SD49225T-HN is different, or someone (or you) changed that password in the past?
 
> or someone (or you) changed that password in the past?

I haven't changed the Onvif password. It's a brand new camera, and I started with factory defaults a couple of hours ago. Odd.
 
Your manual says:

5. Change ONVIF Password:
On older IP Camera firmware, the ONVIF password does not change when you change the system’s
credentials. You will need to either update the camera’s firmware to the latest revision or manually
change the ONVIF password.

That helps not very much. At my camera it is the systems admin password... maybe you start a new Thread for that theme.

Or try Settings -> default -> factory default and setup the camera from scratch.
 
Last edited:
  • Like
Reactions: looney2ns
I suggest you stream to YouTube, then use that feed from yt for your public view. Don't forward ports.
The risk is that your cam could become part of a botnet attack on others.
 
Good idea, and I'll certainly continue doing that for people who won't be controlling the camera, but I can't get less than a 4 or 5 second delay when streaming through YouTube. Which is pretty good considering that the stream is relaying, but it makes PTZ unsuable.

I made a system that plays a YouTube stream and lets a user send presets using Javascript, the Dahua API and a Python wrapper I made for it, which works decently even with the 5 second delay, but manual PTZ is a no go with that much delay. And it requires port forwarding anyway.

I'm not particularly worried about becoming part of a botnet and think the stated risk on this forum is *way* overblown, especially if people run the latest firmware and strong passwords, but of course that's a decision each person needs to make for themselves, and I'm not advocating that anyone else takes my advice. I'm a lifelong professional tech so am comfortable keeping an eye on my router's logs from time to time as needed. And as I said I'm not willing to lose the massive amount of functionality to protect myself against a one in a million calamity that, at worst, causes a day or two of the camera being down.
 
Last edited:
  • Like
Reactions: hidroela
I'm a lifelong professional tech............
So you come to this forum with a networking how-to question but instead leave the forum with networking security advice.
Interesting.....:rolleyes:
 
  • Like
Reactions: looney2ns
> So you come to this forum with a networking how-to question but instead leave the forum with networking security advice.
Interesting.....:rolleyes:

Sorry but that's not true. I wasn't asking a general networking question (how to forward ports or whatever), I was asking a question about the Dahua camera's networking specifically (which ports it needs forwarded).

I love the Dahua cameras, but documentation is definitely not one of their strengths.
 
Last edited:
Nonsense. If I keep my firmware updated and passwords strong the risk is minimal. And the rewards far outweighs the risk, for me at least.
 
Oh sure there are. There's lots of danger in the world, so we have to assess risk versus reward constantly. Which, in my opinion, doesnt necessarily mean eliminating risk altogether. And both the risk and consequences in this case are minimal. Your mileage and reasoning may vary of course .
 
Last edited: