• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Blue Iris Remote access?

NAT
4
47
9.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chpalmer @Elmojo
    last edited by May 26, 2022, 9:30 PM

    @elmojo

    Destination should be "WAN Address".

    Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.

    Triggering snowflakes one by one..
    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

    E 1 Reply Last reply May 26, 2022, 9:52 PM Reply Quote 0
    • C
      chpalmer @Elmojo
      last edited by May 26, 2022, 9:36 PM

      @elmojo

      login-to-view

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • E
        Elmojo @chpalmer
        last edited by May 26, 2022, 9:52 PM

        @chpalmer said in Blue Iris Remote access?:

        Destination should be "WAN Address".
        Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.

        I had it set to WAN address previously, but I changed it based on the image you posted, which didn't seem to make any difference.
        Yes, port 81 is the correct port for BI remote access.
        Using the settings you show in the image above, I'm back to "connection refused" when I check port 81.

        C 1 Reply Last reply May 26, 2022, 9:58 PM Reply Quote 0
        • C
          chpalmer @Elmojo
          last edited by May 26, 2022, 9:58 PM

          @elmojo

          Can you post a picture of you wan firewall rule?

          Do a packet capture on the LAN side of this connection. I think you will find out that you are hitting the BI computer now.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          E 1 Reply Last reply May 26, 2022, 10:43 PM Reply Quote 0
          • E
            Elmojo @chpalmer
            last edited by May 26, 2022, 10:43 PM

            @chpalmer
            WAN rule:
            login-to-view

            I'm not real familiar with packet captures, so it's entirely possible I'm not doing it correctly, but here's my output...
            When I set it up as shown in the image below, then try to access the BI GUI from my phone, I get no results.
            login-to-view
            If I change the capture interface to WAN, I get this...
            18:38:01.251228 IP 174.203.211.11.10057 > 174.19.24.xxx.81: tcp 0
            18:38:01.251248 IP 174.19.24.xxx.81 > 174.203.211.11.10057: tcp 0
            18:38:01.251565 IP 174.203.211.11.10058 > 174.19.24.xxx.81: tcp 0
            18:38:01.251576 IP 174.19.24.xxx.81 > 174.203.211.11.10058: tcp 0
            18:38:02.041991 IP 174.203.211.11.10060 > 174.19.24.xxx.81: tcp 0

            The IPs with ".xxx" are my external IP. I'm not sure what the others are. I assume my phone...
            No idea why the traffic appears to be 2-way now? It was only incoming last night.

            J 1 Reply Last reply May 26, 2022, 10:48 PM Reply Quote 0
            • J
              Jarhead @Elmojo
              last edited by May 26, 2022, 10:48 PM

              @elmojo The destination should be the BI address

              E 1 Reply Last reply May 26, 2022, 10:49 PM Reply Quote 0
              • E
                Elmojo @Jarhead
                last edited by May 26, 2022, 10:49 PM

                @jarhead said in Blue Iris Remote access?:

                The destination should be the BI address

                That IS the BI address. It's designed to be accessible via the external IP.
                I've tried putting the LAN address in there, and it makes no difference anyway.

                J 1 Reply Last reply May 26, 2022, 10:50 PM Reply Quote 0
                • J
                  Jarhead @Elmojo
                  last edited by May 26, 2022, 10:50 PM

                  @elmojo In the rule, you have destination as wan. Should be single host, then the BI address.

                  E 1 Reply Last reply May 26, 2022, 10:51 PM Reply Quote 0
                  • E
                    Elmojo @Jarhead
                    last edited by May 26, 2022, 10:51 PM

                    @jarhead Please read back through the thread, we've covered this already.
                    Thanks for the input, though. :)

                    J 2 Replies Last reply May 26, 2022, 10:52 PM Reply Quote 0
                    • J
                      Jarhead @Elmojo
                      last edited by May 26, 2022, 10:52 PM

                      @elmojo Look at your rule. You have the destination as the wan address. You're forwarding port 81 back to the wan. It needs to forward to BI.

                      E 1 Reply Last reply May 26, 2022, 11:13 PM Reply Quote 0
                      • J
                        Jarhead @Elmojo
                        last edited by Jarhead May 26, 2022, 10:58 PM May 26, 2022, 10:57 PM

                        @elmojo This is what your NAT and Rule should look like. Insert your IP's and ports.
                        login-to-view

                        login-to-view

                        E 1 Reply Last reply May 26, 2022, 11:09 PM Reply Quote 0
                        • E
                          Elmojo @Jarhead
                          last edited by May 26, 2022, 11:09 PM

                          @jarhead I've tried it that way as well, and it still just times out or refuses the connection outright, depending on if I use the WAN or LAN IP. If you scroll back through the thread, you'll see the various configs I've tried, and that none of them seem to make any difference.

                          J 1 Reply Last reply May 26, 2022, 11:13 PM Reply Quote 0
                          • E
                            Elmojo @Jarhead
                            last edited by May 26, 2022, 11:13 PM

                            @jarhead See, this is how I have it set up now, which unless I've missed something obvious is the same as your example. When I try to connect from my phone (cellular), I get an immediate "connection refused".

                            login-to-view

                            J 1 Reply Last reply May 26, 2022, 11:14 PM Reply Quote 0
                            • J
                              Jarhead @Elmojo
                              last edited by May 26, 2022, 11:13 PM

                              @elmojo You're saying you did but there's no images with it like that.
                              The guess is you had something wrong, that's why you're here now.
                              So why not try it again?

                              1 Reply Last reply Reply Quote 0
                              • J
                                Jarhead @Elmojo
                                last edited by May 26, 2022, 11:14 PM

                                @elmojo Posted when you did..

                                The NAT is good. In the RULE you had WAN as destination. It needs to be the BI address. Can you check that it is?

                                E 1 Reply Last reply May 26, 2022, 11:15 PM Reply Quote 0
                                • E
                                  Elmojo @Jarhead
                                  last edited by May 26, 2022, 11:15 PM

                                  @jarhead So the rule is being automatically set up by the NAT. Are you saying that I need to override it and manually change it to the LAN IP of my BI server?

                                  J 1 Reply Last reply May 26, 2022, 11:16 PM Reply Quote 0
                                  • J
                                    Jarhead @Elmojo
                                    last edited by May 26, 2022, 11:16 PM

                                    @elmojo No, I'm saying in the picture you posted it's wrong.

                                    E 1 Reply Last reply May 26, 2022, 11:18 PM Reply Quote 0
                                    • E
                                      Elmojo @Jarhead
                                      last edited by May 26, 2022, 11:18 PM

                                      @jarhead I don't understand, it looks exactly like yours, other than the ports and IPs being different...
                                      Please tell me where you see a difference, and I'll be happy to fix it.
                                      I'll be back in a bit, time to eat! :)

                                      J 1 Reply Last reply May 26, 2022, 11:23 PM Reply Quote 0
                                      • J
                                        Jarhead @Elmojo
                                        last edited by Jarhead May 26, 2022, 11:24 PM May 26, 2022, 11:23 PM

                                        @elmojo
                                        This is mine.
                                        login-to-view

                                        This is yours.
                                        login-to-view

                                        The destination is not the WAN, it's the BI box.

                                        C E 2 Replies Last reply May 27, 2022, 12:20 AM Reply Quote 0
                                        • C
                                          chpalmer @Jarhead
                                          last edited by May 27, 2022, 12:20 AM

                                          The WAN Firewall rule should be built correctly when you make a Port Forward. If it is not then something is up.

                                          This is what your "NAT rule should look like.
                                          https://forum.netgate.com/assets/uploads/files/1653600958727-natrule.jpg

                                          Can you post a screenshot of Firewall / Rules / WAN Please include the title of the page as I have done.

                                          login-to-view

                                          Triggering snowflakes one by one..
                                          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                          E 1 Reply Last reply May 27, 2022, 12:56 AM Reply Quote 0
                                          27 out of 47
                                          • First post
                                            27/47
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.