DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

How to enable external IP to access an IP on my network?

More
16 May 2018 16:35 #7 by piste basher
Replied by piste basher on topic Re: How to enable external IP to access an IP on my network?
Something is definitely wrong if you can't access the router on 8080 but you can on 80. I doubt it's the firewall.

Please Log in or Create an account to join the conversation.

  • kamilcmm
  • Topic Author
  • User
  • User
More
16 May 2018 17:17 #8 by kamilcmm
Replied by kamilcmm on topic Re: How to enable external IP to access an IP on my network?

hornbyp wrote:

kamilcmm wrote: In theory if I change the port to remotely access the router to 8080 and use port 80 to access LAN IP 192.168.1.200 it still doesn't work. Am I correct in thinking that if I entered 2.2.2.2:8080 it should take me to the router login page and if I enter 2.2.2.2:80 it should take me to the cameras which are on IP 192.168.1.200?



Yes.

You could try temporarily disabling the Firewall, to ascertain if that's the cause of the problem.



I disabled the firewall but still no luck unfortunately.

Lets look at it this way, I have the below setup;

DLS cable is connected to a Cisco router which has to be used as it was supplied by the provider, this Cisco router has a relaxed firewall and has routed IPs. The Draytek is connected to the back of the Cisco and is configured to get connectivity from the Cisco and the Draytek acts as the main router that controls everything on the network.

If you had a camera system on IP 192.168.1.200 how would you set up the Draytek in order to get remote access from your home? Please let me know step by step and I will try to follow it on my side.

Many thanks.

Please Log in or Create an account to join the conversation.

More
16 May 2018 18:31 #9 by piste basher
Replied by piste basher on topic Re: How to enable external IP to access an IP on my network?
I have two IP cameras, one on 192.168.1.37 and one on 192.168.1.38 they are both on port 80 but since I have multiple WAN IP's I can use NAT- Open Ports to direct TCP/UDP from a single (separate) WAN IP to each of them individually. I assume you have the correct WAN interface (WAN2 in my case) set in Open Ports and "Any" Source IP?

There seems to be no reason why this shouldn't work for you with a single WAN IP if nothing else is using port 80. But that problem with using 8080 is troubling - that should certainly work unless the Cisco is doing something to block it?

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
17 May 2018 13:31 #10 by hornbyp
Replied by hornbyp on topic Re: How to enable external IP to access an IP on my network?
I would agree that the Cisco Router could well be interfering with this...
(...though it does strike me as odd, that the camera system uses port 80, rather than 443 by default...)

Personally, I have used a VPN to facilitate access to (I.O.T.) devices of this nature. The only time I have used "Open Ports", is for things such as inbound SMTP/DNS & Web Server traffic.

Please Log in or Create an account to join the conversation.

  • kamilcmm
  • Topic Author
  • User
  • User
More
18 May 2018 12:03 #11 by kamilcmm
Replied by kamilcmm on topic Re: How to enable external IP to access an IP on my network?

Piste Basher wrote: I have two IP cameras, one on 192.168.1.37 and one on 192.168.1.38 they are both on port 80 but since I have multiple WAN IP's I can use NAT- Open Ports to direct TCP/UDP from a single (separate) WAN IP to each of them individually. I assume you have the correct WAN interface (WAN2 in my case) set in Open Ports and "Any" Source IP?

There seems to be no reason why this shouldn't work for you with a single WAN IP if nothing else is using port 80. But that problem with using 8080 is troubling - that should certainly work unless the Cisco is doing something to block it?



I see, I removed all the ports and the firewall rules and started everything from scratch.

Remote management is disabled so all ports should be free.

I went into NAT > Open Ports > Index 1 > and added all the details so I chose WAN interface: ALL, Local computer;192.168.1.200 and opened ports 80, 8000 and 554 using TCP/UDP.

I then went into Firewall > Filter setup > Set 3 > Created a new rule with following details; Source IP; My home public IP as an example lets use 9.9.9.9, Destination IP; 192.168.1.200, Service type; TCP/UDP port from 80 to 80 and everything else as default.

In theory this means that if I entered in the routers public IP followed by the port number it should take me to 192.168.1.200. e.g. lets say our work public IP is 2.2.2.2 I would enter 2.2.2.2:80 and it should take me to 192.168.1.200 correct?

I don't believe the Cisco should have anything to do with this because it has a relaxed firewall so shouldn't be blocking anything. The Cisco just gets connectivity from the BT socket and passes it straight to the Draytek and everything is controlled from the Draytek.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
18 May 2018 13:32 #12 by hornbyp
Replied by hornbyp on topic Re: How to enable external IP to access an IP on my network?

kamilcmm wrote: Remote management is disabled so all ports should be free.


I'm not sure that necessarily follows - it may well still respond, but just not allow access. I would put some effort into getting it to work on (say) port 8080. This is normally a trivial exercise and if it can't be made to work, would still point (in my mind) to interference by the Cisco.

and he wrote:

I went into NAT > Open Ports > Index 1 > and added all the details so I chose WAN interface: ALL, Local computer;192.168.1.200 and opened ports 80, 8000 and 554 using TCP/UDP.


Isn't port 554 RTSP and so used OUTBOUND? ... and so doesn't need to be specified here. Port 8000 could be anything...

then he wrote:
I then went into Firewall > Filter setup > Set 3 > Created a new rule with following details; Source IP; My home public IP as an example lets use 9.9.9.9, Destination IP; 192.168.1.200, Service type; TCP/UDP port from 80 to 80 and everything else as default.


The source port used by your home PC is unlikely to be "80" - you should probably use "any" instead. (Though as you said, turning off the firewall doesn't fix the problem - so this is possibly a secondary issue)


In theory this means that if I entered in the routers public IP followed by the port number it should take me to 192.168.1.200. e.g. lets say our work public IP is 2.2.2.2 I would enter 2.2.2.2:80 and it should take me to 192.168.1.200 correct?

 Yes


I don't believe the Cisco should have anything to do with this because it has a relaxed firewall so shouldn't be blocking anything.


Does it provide some logging, to confirm it is not getting involved?

Please Log in or Create an account to join the conversation.