Blue Iris Remote access?
-
@elmojo Try just turning off the Windows firewall first. That will help to verify it is or is not the problem.
-
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/
-
@chpalmer Thanks, but I don't see any change. There was already a rule in the Windows firewall (I added a new one also) to allow Traffic for BI. The existing one was for the BI program specifically. I added a new one for port 81 on all IPs. I still get a timeout error when trying to connect.
Notice, it's a timeout, not a connection refusal. This tells me that something is getting at least partway through, since before I added the NAT entry to pfsense, I got a flat "connection refused" message.
I no option to disable the Windows firewall. I'll keep looking.... -
Okay, I found out how to disable the Windows Defender firewall, but it made no difference.
It still reports that port 81 "connection timed out" when I check it with either yougetsignal or canyouseeme.
It seems to be something in PFsense, or could it be a configuration thing with my server, since this is a VM? The VM running BI is bridged directly to my external network, and it's using my pfsense box as its gateway, so I wouldn't think so, but anything's possible I guess. -
@elmojo Post a screenshot of your firewall rules.
-
Did you do a packet capture on your LAN port? You do have a NAT forwarding rule??
The WAN firewall rule should have the BI address as the destination address..
-
@chpalmer I did, as noted in the OP, please see above for output.
Do you mean it should be the BI LAN address for destination? That's not what the BI documentation says, but I'm willing to give it a try. Or do you mean it should be my external IP (WAN) address? That's what I have in there now, that doesn't work. My WAN for BI and for everything else is the same, it's all on the same physical network. Maybe I'm not understanding you properly, sorry. :/ -
I'm doing all this under NAT. Is that wrong? Should I just be adding a firewall rule directly? All the documentation I've found says to add the NAT entry, and let it populate the rule, but that screenshot you posted kinda looks like the rule screen....
Does this help?
-
Destination should be "WAN Address".
Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.
-
-
@chpalmer said in Blue Iris Remote access?:
Destination should be "WAN Address".
Is your Blue Iris setup to use port 81 on the host computer? otherwise Redirect Target Port should be 80.I had it set to WAN address previously, but I changed it based on the image you posted, which didn't seem to make any difference.
Yes, port 81 is the correct port for BI remote access.
Using the settings you show in the image above, I'm back to "connection refused" when I check port 81. -
Can you post a picture of you wan firewall rule?
Do a packet capture on the LAN side of this connection. I think you will find out that you are hitting the BI computer now.
-
@chpalmer
WAN rule:
I'm not real familiar with packet captures, so it's entirely possible I'm not doing it correctly, but here's my output...
When I set it up as shown in the image below, then try to access the BI GUI from my phone, I get no results.
If I change the capture interface to WAN, I get this...
18:38:01.251228 IP 174.203.211.11.10057 > 174.19.24.xxx.81: tcp 0
18:38:01.251248 IP 174.19.24.xxx.81 > 174.203.211.11.10057: tcp 0
18:38:01.251565 IP 174.203.211.11.10058 > 174.19.24.xxx.81: tcp 0
18:38:01.251576 IP 174.19.24.xxx.81 > 174.203.211.11.10058: tcp 0
18:38:02.041991 IP 174.203.211.11.10060 > 174.19.24.xxx.81: tcp 0The IPs with ".xxx" are my external IP. I'm not sure what the others are. I assume my phone...
No idea why the traffic appears to be 2-way now? It was only incoming last night. -
@elmojo The destination should be the BI address
-
@jarhead said in Blue Iris Remote access?:
The destination should be the BI address
That IS the BI address. It's designed to be accessible via the external IP.
I've tried putting the LAN address in there, and it makes no difference anyway. -
@elmojo In the rule, you have destination as wan. Should be single host, then the BI address.
-
@jarhead Please read back through the thread, we've covered this already.
Thanks for the input, though. :) -
@elmojo Look at your rule. You have the destination as the wan address. You're forwarding port 81 back to the wan. It needs to forward to BI.
-
@elmojo This is what your NAT and Rule should look like. Insert your IP's and ports.
-
@jarhead I've tried it that way as well, and it still just times out or refuses the connection outright, depending on if I use the WAN or LAN IP. If you scroll back through the thread, you'll see the various configs I've tried, and that none of them seem to make any difference.