Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




36 posts

Geek


#233747 1-May-2018 09:43
Send private message

Help! Anyone here familiar with getting Port forwarding working on a Huawei HG630b router? I need some ports forwarded so I can get remote access to an NVR for an IP CCTV system. Have set up port mapping as below to the Internal host IP of the NVR (it appears to have a Static IP address) but when I check from my laptop to see if the ports show open using a couple of different check port forwarding tools they dont show as open

If some kind soul could check what I have done and tell me what I am doing wrong would greatly appreciate that!

 

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
/dev/null
9436 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2005680 1-May-2018 09:54
Send private message

DON'T DO THIS!

No, seriously. CCTV NVR's are very insecure and should not be exposed to the internet. Plenty of threads on here. You're best to grab something like a Raspberry Pi, set up PiVPN and VPN to view the security cameras.

 

Further reading:
https://en.wikipedia.org/wiki/Mirai_(malware)
https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/







36 posts

Geek


  #2005732 1-May-2018 10:20
Send private message

Thanks for that - but that is strange, given that this NVR (Its a Swann NVR8-8000) is specifically designed to be accessed remotely (via a mobile app and a software package for laptops) which was the goal of the excercise. It shows on the router LAN port as running some sort of Linux if I recall correctly

 

 

 

Edit looking at your links, the malware concerned exploited devices that had been left with "common factory default usernames and passwords". One of the first thing I did with my NVR was change the default password!


 
 
 
 


2531 posts

Uber Geek

Lifetime subscriber

  #2005736 1-May-2018 10:23
Send private message

VPN circuits are for accessing remotely. You however need an appliance or suitable router to implement.




36 posts

Geek


  #2005834 1-May-2018 11:37
Send private message

OK, I've looked at Rasberry Pi's online, and it probably makes more sense for me to just get a VPN capable router cost and simplicity wise

 

Any recommendations for such?

 

Am also looking to see if its possible to set up a VPN on my current router

 

 

 

Thanks for the help so far


/dev/null
9436 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2005842 1-May-2018 11:47
Send private message

@Laworder Even if you secure these boxes by changing the password there are still many exploits that can get full admin / root access that get around that. This is what this Malware targets also. Simply put, these boxes are not at all secure.

 

Raspberry Pi is the cheapest and easiest option. I wouldn't suggest running it on a router (you could) but again one configuration slip-up on the routers end leaves your whole network open. With running it on a Linux box you've got PiVPN (http://www.pivpn.io/) which is a secure and very simple way of setting up a VPN server.

 

Ask in the offers / wanted with "WTB - Raspberry Pi 2 or 3" and I am sure somebody around here would be able to sell you a cheap Pi to get you started.







36 posts

Geek


  #2005886 1-May-2018 12:07
Send private message

Thanks, have stuck an ad up in there now, see what turns up.

 

Dont need a fancy case or anything as it'll be sitting in the hall cupboard with the NVR and router etc

 

I'll go have a look at the VPN software now

 

 

 

Edit : just checked on the PiVPN page here

 

http://kamilslab.com/2017/01/22/how-to-turn-your-raspberry-pi-into-a-home-vpn-server-using-pivpn/

 

 

 

I still need to get port forwarding working on my router from the Pi VPN port.... so it looks as if my original question isnt going to be entirely redundant - I still need to get the port forwarding going, just a different port to a different device


566 posts

Ultimate Geek


  #2006328 2-May-2018 00:11
Send private message

If you have a PC that is on 24/7 anyway, you can install OpenVPN on that, or some other VPN software, rather than needing an new box to do it on.  I use my MythTV box (Linux) as that is always on to record TV for me.  OpenVPN is extremely secure, but a bit fiddly to set up.


 
 
 
 




36 posts

Geek


  #2006355 2-May-2018 07:14
Send private message

Dont have a PC on 24/7, and even if I did there'd not be room for it where it needs to be anyway. Thanks for the tip on Open VPN, something less fiddly might be appreciated at this point!

 

All of this is going to be pointless anyway if I cant get port forwarding to work on my router - "The final step you will want to do is to forward your Raspberry Pi’s VPN port on your router. The default port you need to forward will be 1194 unless you changed this port in the PiVPN setup. Google “port forwarding” and your router name to find out how to do this for your own router."

 

Tried forwarding this port on router instead of the CCTV ports. No dice. Still shows closed

 

Does the port forwarding even work on these Huaweis at all? Or should I just go and get a Draytek or similar?


2185 posts

Uber Geek


  #2006492 2-May-2018 11:58
Send private message

Laworder:

 

Does the port forwarding even work on these Huaweis at all? Or should I just go and get a Draytek or similar?

 

 

Its hit & miss with any ISP supplied router . Sometimes some ports forward OK but other ports dont at all on the same router .
You honestly wont know untill you try , just budget in a replacement .


'That VDSL Cat'
12440 posts

Uber Geek

Trusted
Spark
Subscriber

  #2006493 2-May-2018 12:00
Send private message

Laworder:

 

Dont have a PC on 24/7, and even if I did there'd not be room for it where it needs to be anyway. Thanks for the tip on Open VPN, something less fiddly might be appreciated at this point!

 

All of this is going to be pointless anyway if I cant get port forwarding to work on my router - "The final step you will want to do is to forward your Raspberry Pi’s VPN port on your router. The default port you need to forward will be 1194 unless you changed this port in the PiVPN setup. Google “port forwarding” and your router name to find out how to do this for your own router."

 

Tried forwarding this port on router instead of the CCTV ports. No dice. Still shows closed

 

Does the port forwarding even work on these Huaweis at all? Or should I just go and get a Draytek or similar?

 

 

sounds like user error tbh, that router's port forwarding works fine.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 




36 posts

Geek


  #2006497 2-May-2018 12:07
Send private message

Yes, user error is always a possibility, thats why I asked here!

 

So can you see if I've done anything wrong in the image in my original post up top?

 

I did the same thing for the VPN port, that isnt showing open either, even after rebooting the router


3885 posts

Uber Geek


  #2006504 2-May-2018 12:18

Laworder:

Yes, user error is always a possibility, thats why I asked here!


So can you see if I've done anything wrong in the image in my original post up top?


I did the same thing for the VPN port, that isnt showing open either, even after rebooting the router



Do you have the PiVPN running yet? If not, then the external website can't tell if port forwarding is working or not. As it needs a device to listen and respond to the TCP SYN packets.





4561 posts

Uber Geek

Trusted

  #2006507 2-May-2018 12:20
Send private message

The VPN port will show closed if there isn't anything listening on that port you forwarded. So if you haven't go the VPN server running yet it will show closed.

 

Grab yourself a little baby Mikrotik router to be the VPN server - less hassle than manually doing a VPN on a Pi, the mikrotik mAP is a good option

 

 


/dev/null
9436 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2006514 2-May-2018 12:33
Send private message

@chevrolux To be honest I think a Mikrotik is much more difficult to secure / set up VPN for a new user than using the PiVPN scripts. With PiVPN it is very hard to muck it up which is why I like it and it has very good doco.





2469 posts

Uber Geek


  #2006627 2-May-2018 16:50
Send private message

Port forwarding directly to NVR/webcam interface, you say?

 

https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/

 

 

Fernandez discovered that by accessing the control panel of specific DVRs with a cookie header of "Cookie: uid=admin," the DVR would respond with the device's admin credentials in cleartext.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




News »

New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40


Vector and AWS join forces to accelerate the future of energy
Posted 28-Jul-2020 21:35


JBL launches new mobile earbuds and PC speakers
Posted 22-Jul-2020 16:04


Ingram Micro brings virtualisation intelligence to market
Posted 21-Jul-2020 13:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.