[URGENT] No connection to IP cameras from outside network

Hey all.

Basically I've set up a network of IP cameras at a relatives construction site to prevent damage, theft etc.

They connect to the internet via a TP-Link TD-W8968 modem/router with a TP-Link MA180 wireless dongle plugged in the back. The dongle is connected to the Optus network and has an external IP address (not sure if dynamic, doesn't actually matter for me). This gets me access to the internet fine and I can update my DynDNS settings fine (with the correct external IP being the one that it's forwarding to).

Now comes the annoying part.
I've got the cameras set up to do mail alerts through my Gmail account (SMTP port 465) and they work fine. I'll get the message and it shows the message has sent correctly on the cameras too.
However I also want to be able to remotely monitor the cameras from my phone/home etc. For this I've set them a static IP outside of the address pool and set port forwarding on the two cameras (port 90 and 91 respectively) for both TCP and UDP and port triggering on the same ports.

For some damn reason though I can't, no matter how I try connect to the IP address or via the DNS name. Will constantly show cannot display the web page.

Does anyone know if Optus block ports on their end to disallow connections on most ports other than your basic HTTP ports, SMTP/IMAP ports etc? If so what are some available ports I could route them through instead as the only thing this modem/router is servicing is these cameras, no computers or anything? If they don't block from their end though why the hell am I not getting a connection? I can see the cameras fine when I'm connected to the internal network but off the network heeds null results.

Any help would mean the world right now as I'm four weeks behind schedule (DOA parts, parts never arriving etc).
Thanks all

 

I know Telstra block non standard ports on their mobile internet devices (well they used too, not 100% if they still do). Optus prob do as well.
As a test, set one of the external ports to port 80 and give it a go.

Also, have you modified the ports on the cameras, or have you just told externalip:90 to forward to camera1ip:80 and exteranlip:91 to forward to camera2ip:80

 

I'll give Optus a call tomorrow and ask them.
I also set the corresponding ports on the cameras too so that's no issue. I have the exact same setup at home but using a dedicated ADSL connection and that works fine.
Pretty sure at this point it's Optus blocking the ports.

 

Can you telnet to the port via the external IP? This will at least tell you of you are hitting the devices.

 

You're probably being NATed; Optus and Telstra both do this to conserve IPv4 space. the external IP you're seeing is likely an optus gateway.

 

Definitely not behind a NAT. It manages to update my DNS service fine and the IP isn't consistent with one behind a NAT (10.X.X.X etc). Definitely an external plus I called and triple checked with them before I purchased the SIM card.

 

Unless you are on very specific business plans provided by Optus you are behind a massive NAT gateway. Check the IP on your modem it's more than likely.

I've had a lot of trouble getting real public IPs on optus SIMs that we use at work, and getting someone in Optus that understands the difference is like pulling hens teeth.

 

What is the WAN address of the modem? (as reported by the modem, not whatsmyip or dyndns etc). You might as well make it public, if its secure, no worries, if its not, Shodan will find you soon enough.

If it fits 10.0.0.0/8 172.16.0.0/12 or 192.168.0.0/16... your being carrier natted. (as everyone has already told you.

If you were with Telstra, you could ring and ask for GPTEXB3 to be added to your account, someone in Business support will know what your asking for .

No Idea of the optus equivalent.

 

Spoke to a tech before buying and they explained they weren't behind a NAT. Whirlpool seem to corroborate this too.

Couldn't do Telstra. Useless people everywhere. No the IP for Optus is something like 49.X.X.X

 

I've an optus business plan wireless 4G thingy, I get real IP addresses (not static) on it.
My phone on the other hand, gets NATed addresses.

I've run my home servers (incl commonly blocked things like email) from it in the past when moving etc. meaning no fixed connection, with no problems about blocked ports or anything.


tl;dr; get a business plan.

 

the number of people who DON'T get business connections, when they have business needs, is astounding.

 

Or 100.64.0.0/10

49.199.37.249 is one of the nat box's, even my iphone shows me my WAN and public IP address as 10.x.x.x and public is 49.199.37.249, i don't care if people know.


lets start with a can you ping your 49 IP that you think you have?

 

I can ping it but no response obviously. Was assuming that was because Optus had port blocking enabled.

So basically Optus lied, sold me a product they promised they have and fucked me.

The number of people who can't afford business plans or don't want to have to go on one just for basic internet service is astounding too. I'm not wanting to force my uncle into a $100 a month contract just for this. Thanks for the help though.

gords edit: Please do not double-post. Either edit your previous post or use the multi-quote feature.

 

Hosting services is not really covered by "basic internet service". Many terms and conditions specifically prohibit it (although its rarely enforced).

Because Nat, and now Carrier Nat is getting more and more common the 'internet of things' is using cloud based services for management... so the device itself initiations the connection out to a cloud service, that you also connect to for management of it... this gets around all the hassles of port forwarding through multiple layers of Nat.

I know there are some home security cameras that use this method for management/alerting.

That being said, if Optus sold you the service and explicitly said that you get an external IP address, and you aren't getting one, then you will be entitled to a refund.

 

lol. the business plan I'm on is $37/mth. some proper research* wouldn't prevented all this problem.



*asking someone who get comped on sell you anything (and the easier/faster the better) is not proper research.

 

I also don't want to get onto a plan at all. I didn't mention a salesperson. I actually called the internal helpdesk and asked them rather than a salesperson who wouldn't know that at all.

 

you're not talking about needing basic functionality. You're talking about running a server (or to be more specific, providing something from the inside of the connection, to the outside of it - thus, serving something, thus, server.)
This is not basic functionality.

The reality is, most ADSL services won't block ports like this (although optus seem to block port 80 on my home cable service, and outbound 25. I just accept it. If I had a desperate need for those business features, i'd get a different service.)

Consider:
exetel ADSL2, 'home service' unlimited, 49.99 per month
exetel ADSL2, 'business service', unlimited, 79.99 a month

hardly a huge price difference. some of the differences include dedicated account manager, service level agreements, guarantee of uptimes, rebates, different helpdesk team. In some circumstances, you get a better contention rate.

and yes, i know. it's 3g,not ADSL. I simply wanted to demonstrate.

eheheh. you expected a level1 helpdesk at Telstra or Optus to know something.

 

You could set up a raspberry pi to connect to a vpn service, that would give you a way to access the local network without having to worry about external IPs or being through a NAT