Wi-tek WI-LTE117-O router port forward issue

[Sam Alley-Stump]

Hi.

What settings is needed for port forwarding with the router? I have done port forward from right page but it seems something is blocking it. Is there separate enable/disable setting somewhere and is that 4g- pages ”ppp” setting affecting somehow this?

 

[tech_junkie]

Hi.

What settings is needed for port forwarding with the router? I have done port forward from right page but it seems something is blocking it. Is there separate enable/disable setting somewhere and is that 4g- pages ”ppp” setting affecting somehow this?

Usually there are videos for this for most routers, but it is router specific to where you do port forwarding and enabling responding to wan ping. But your router buries the destination and type in the advance tab where you would set unicast, and source (WAN port)

 

[looney2ns]

It's a really bad idea to portforward.
How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

 

[tech_junkie]

It's a really bad idea to portforward.
How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

Its actually worse to VPN
I imagine some DVRs are susceptible to this, but I doubt the BI server would have issues and none of the linux servers I ever port forwarded got hacked. I run a few hundred linux servers without a network firewall for decades.
Btw, that was a paranoid article "weapons of mass destruction"
But I prefer to split the WAN than to do port forwarding so the known address is separate from the private network.

 

[tech_junkie]

Hi.

What settings is needed for port forwarding with the router? I have done port forward from right page but it seems something is blocking it. Is there separate enable/disable setting somewhere and is that 4g- pages ”ppp” setting affecting somehow this?

if there is a setting in its firewall to "ignore ping from WAN" make sure its disabled.
That is what I can see if you are having issues forwarding.

 

[looney2ns]

Its actually worse to VPN
I imagine some DVRs are susceptible to this, but I doubt the BI server would have issues and none of the linux servers I ever port forwarded got hacked. I run a few hundred linux servers without a network firewall for decades.
Btw, that was a paranoid article "weapons of mass destruction"
But I prefer to split the WAN than to do port forwarding so the known address is separate from the private network.

Troll much?
Either you enjoy yanking chains, or you don't realize that you are spewing outdated/incorrect information that is doing a complete disservice to the members of this forum.

You are absolutely wrong about a VPN being worse than port forwarding. You are spewing information that will put a lot of users networks at risk.

 

[alastairstevenson]

Its actually worse to VPN
I imagine some DVRs are susceptible to this, but I doubt the BI server would have issues and none of the linux servers I ever port forwarded got hacked. I run a few hundred linux servers without a network firewall for decades.
Btw, that was a paranoid article "weapons of mass destruction"
But I prefer to split the WAN than to do port forwarding so the known address is separate from the private network.

Best not to post after you've smoked a few.
That's just garbage, IMO, and adds to the recent factual errors you've posted that I should probably have reacted to and corrected.

 

[tech_junkie]

Troll much?
Either you enjoy yanking chains, or you don't realize that you are spewing outdated/incorrect information that is doing a complete disservice to the members of this forum.

You are absolutely wrong about a VPN being worse than port forwarding. You are spewing information that will put a lot of users networks at risk.

Its seems like you are trolling.
The problem with the VPNs you guys suggest are not that secure because of self signed Certificates. Which DVR's problem is that besides people not changing them and someone getting a hold of the copy the DVR manufacturer has. Public CA certs applied remove all the security issues with these outside connection methods. But I do notice few ever talk about regenerating the self signed certificates in cameras and DVRs But that would be the easiest way to hack the video systems and hijack the internet connection.

 

[tech_junkie]

Best not to post after you've smoked a few.
That's just garbage, IMO, and adds to the recent factual errors you've posted that I should probably have reacted to and corrected.

Complaints and negative comments w/o examples show how much this is a troll post.
Attacking me on a personal level will not get you anywhere, so go have a smoke and reflect on that.

 

[wittaj]

Its actually worse to VPN
I imagine some DVRs are susceptible to this, but I doubt the BI server would have issues and none of the linux servers I ever port forwarded got hacked. I run a few hundred linux servers without a network firewall for decades.
Btw, that was a paranoid article "weapons of mass destruction"
But I prefer to split the WAN than to do port forwarding so the known address is separate from the private network.

Please explain how a VPN is worse than port forwarding.

I have never worked for a company that had us port forward into our system. Instead we would VPN in.

I have only heard of unsuspecting home owners using port forwarding, not corporations.

 

[tech_junkie]

Please explain how a VPN is worse than port forwarding.

I have never worked for a company that had us port forward into our system. Instead we would VPN in.

I have only heard of unsuspecting home owners using port forwarding, not corporations.

Thinking VPNs are better generically than other hosting methods is ludicrous. I think assuming they are secure by themselves is where people get into trouble. If any hosting server doesn't use public internet approved 3rd party certificates and use self signed certificates They automatically open themselves up for certain cyber attacks. Most common type is the man in the middle attack. I find it interesting some try to use it to hide their ip address. Which doesn't work because there is a way to get the destination IP address from packet headers.

Port forwarding is for hosting services. VPN is just a type of remote connection. So VPN would be a common use for remote workers.

Unsuspecting home owners ? Nothing is going to happen automatically, but I guess if they don't know multiplayer games do that dynamically I can see them panic for no reason.

 

[wittaj]

So you are saying OpenVPN is less secure than port forwarding???

 

[tech_junkie]

So you are saying OpenVPN is less secure than port forwarding???

if you use self signed certificates with any connection type/services its going to be vulnerable.

 

[jmhmcse]

Thinking VPNs are better generically than other hosting methods is ludicrous. I think assuming they are secure by themselves is where people get into trouble. If any hosting server doesn't use public internet approved 3rd party certificates and use self signed certificates They automatically open themselves up for certain cyber attacks. Most common type is the man in the middle attack. I find it interesting some try to use it to hide their ip address. Which doesn't work because there is a way to get the destination IP address from packet headers.

Port forwarding is for hosting services. VPN is just a type of remote connection. So VPN would be a common use for remote workers.

Unsuspecting home owners ? Nothing is going to happen automatically, but I guess if they don't know multiplayer games do that dynamically I can see them panic for no reason.

using self signed certificates for VPN services is not going to introduce a MITM attack; self signed certificates would be an attack vector for web/hosting sites. perhaps useful in test/private web/hosting environments but NEVER for public use.

a VPN used to allow remote access into a network is not going to be one used to hide addresses. they also (should) require user/password (encrypted traffic) to validate a public/private key combination to open an encrypted connection to the LAN. trust of a self signed certificate is that the one who is using it, themselves.

games, and lots of other service, use ports which are for outbound connections; such uses are ‘safe’ as they are initiated by someone inside the LAN. the firewall only allows return traffic into the LAN. open ports to allow unsolicited WWW traffic to enter the local LAN are NOT safe practice. the destination, within this forum, is typically a camera. cameras have been known to do mischievous acts and should never be trusted. restricting their WWW access by VLAN or physical separate network is the norm.

i would rather trust an open port forwarded to OpenVPN than to an open port forwarded to a camera, website, etc


=======

please articulate specifically how/why using a self signed certificate is not safe (vulnerable) when used to create a VPN; e.g OpenVPN

 

[tangent]

Cameras, NVRs, and other embedded devices receive security updates far less frequently (and they may not be automatically applied) than a Linux or Windows server that updates automatically. This is a big part of why exposing them to the internet is a bad idea.
Using a router with a built in VPN server isn't a whole lot better as they also can fall behind on updates / or have support discontinued. It is an attack surface that's been tested more thoroughly, but there can still be issues.

Using the cam mfg's P2P / easy4IP nat traversal service is better than port forwarding, but not great.

Running your own service like tail scale, zero tier, or ngrok is better. You can also run your own VPN / firewall or a reverse proxy on a PC, or even pair that with a cloudflare tunnel. Some ISPs use cgnat and these types of services or using IPv6 are necessary to get around that.

Plain old port forwarding to an embedded device, don't do it.