Blue Iris Remote access?
-
Destination should be "WAN Address".
Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.
-
-
@chpalmer said in Blue Iris Remote access?:
Destination should be "WAN Address".
Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.I had it set to WAN address previously, but I changed it based on the image you posted, which didn't seem to make any difference.
Yes, port 81 is the correct port for BI remote access.
Using the settings you show in the image above, I'm back to "connection refused" when I check port 81. -
Can you post a picture of you wan firewall rule?
Do a packet capture on the LAN side of this connection. I think you will find out that you are hitting the BI computer now.
-
@chpalmer
WAN rule:
login-to-viewI'm not real familiar with packet captures, so it's entirely possible I'm not doing it correctly, but here's my output...
When I set it up as shown in the image below, then try to access the BI GUI from my phone, I get no results.
login-to-view
If I change the capture interface to WAN, I get this...
18:38:01.251228 IP 174.203.211.11.10057 > 174.19.24.xxx.81: tcp 0
18:38:01.251248 IP 174.19.24.xxx.81 > 174.203.211.11.10057: tcp 0
18:38:01.251565 IP 174.203.211.11.10058 > 174.19.24.xxx.81: tcp 0
18:38:01.251576 IP 174.19.24.xxx.81 > 174.203.211.11.10058: tcp 0
18:38:02.041991 IP 174.203.211.11.10060 > 174.19.24.xxx.81: tcp 0The IPs with ".xxx" are my external IP. I'm not sure what the others are. I assume my phone...
No idea why the traffic appears to be 2-way now? It was only incoming last night. -
@elmojo The destination should be the BI address
-
@jarhead said in Blue Iris Remote access?:
The destination should be the BI address
That IS the BI address. It's designed to be accessible via the external IP.
I've tried putting the LAN address in there, and it makes no difference anyway. -
@elmojo In the rule, you have destination as wan. Should be single host, then the BI address.
-
@jarhead Please read back through the thread, we've covered this already.
Thanks for the input, though. :) -
@elmojo Look at your rule. You have the destination as the wan address. You're forwarding port 81 back to the wan. It needs to forward to BI.
-
@elmojo This is what your NAT and Rule should look like. Insert your IP's and ports.
login-to-view -
@jarhead I've tried it that way as well, and it still just times out or refuses the connection outright, depending on if I use the WAN or LAN IP. If you scroll back through the thread, you'll see the various configs I've tried, and that none of them seem to make any difference.
-
@jarhead See, this is how I have it set up now, which unless I've missed something obvious is the same as your example. When I try to connect from my phone (cellular), I get an immediate "connection refused".
-
@elmojo You're saying you did but there's no images with it like that.
The guess is you had something wrong, that's why you're here now.
So why not try it again? -
@elmojo Posted when you did..
The NAT is good. In the RULE you had WAN as destination. It needs to be the BI address. Can you check that it is?
-
@jarhead So the rule is being automatically set up by the NAT. Are you saying that I need to override it and manually change it to the LAN IP of my BI server?
-
@elmojo No, I'm saying in the picture you posted it's wrong.
-
@jarhead I don't understand, it looks exactly like yours, other than the ports and IPs being different...
Please tell me where you see a difference, and I'll be happy to fix it.
I'll be back in a bit, time to eat! :) -
@elmojo
This is mine.
login-to-viewThis is yours.
login-to-viewThe destination is not the WAN, it's the BI box.
-
The WAN Firewall rule should be built correctly when you make a Port Forward. If it is not then something is up.
This is what your "NAT rule should look like.
https://forum.netgate.com/assets/uploads/files/1653600958727-natrule.jpgCan you post a screenshot of Firewall / Rules / WAN Please include the title of the page as I have done.