Blue Iris Remote access?
-
@chpalmer
WAN rule:
I'm not real familiar with packet captures, so it's entirely possible I'm not doing it correctly, but here's my output...
When I set it up as shown in the image below, then try to access the BI GUI from my phone, I get no results.
If I change the capture interface to WAN, I get this...
18:38:01.251228 IP 174.203.211.11.10057 > 174.19.24.xxx.81: tcp 0
18:38:01.251248 IP 174.19.24.xxx.81 > 174.203.211.11.10057: tcp 0
18:38:01.251565 IP 174.203.211.11.10058 > 174.19.24.xxx.81: tcp 0
18:38:01.251576 IP 174.19.24.xxx.81 > 174.203.211.11.10058: tcp 0
18:38:02.041991 IP 174.203.211.11.10060 > 174.19.24.xxx.81: tcp 0The IPs with ".xxx" are my external IP. I'm not sure what the others are. I assume my phone...
No idea why the traffic appears to be 2-way now? It was only incoming last night. -
@elmojo The destination should be the BI address
-
@jarhead said in Blue Iris Remote access?:
The destination should be the BI address
That IS the BI address. It's designed to be accessible via the external IP.
I've tried putting the LAN address in there, and it makes no difference anyway. -
@elmojo In the rule, you have destination as wan. Should be single host, then the BI address.
-
@jarhead Please read back through the thread, we've covered this already.
Thanks for the input, though. :) -
@elmojo Look at your rule. You have the destination as the wan address. You're forwarding port 81 back to the wan. It needs to forward to BI.
-
@elmojo This is what your NAT and Rule should look like. Insert your IP's and ports.
-
@jarhead I've tried it that way as well, and it still just times out or refuses the connection outright, depending on if I use the WAN or LAN IP. If you scroll back through the thread, you'll see the various configs I've tried, and that none of them seem to make any difference.
-
@jarhead See, this is how I have it set up now, which unless I've missed something obvious is the same as your example. When I try to connect from my phone (cellular), I get an immediate "connection refused".
-
@elmojo You're saying you did but there's no images with it like that.
The guess is you had something wrong, that's why you're here now.
So why not try it again? -
@elmojo Posted when you did..
The NAT is good. In the RULE you had WAN as destination. It needs to be the BI address. Can you check that it is?
-
@jarhead So the rule is being automatically set up by the NAT. Are you saying that I need to override it and manually change it to the LAN IP of my BI server?
-
@elmojo No, I'm saying in the picture you posted it's wrong.
-
@jarhead I don't understand, it looks exactly like yours, other than the ports and IPs being different...
Please tell me where you see a difference, and I'll be happy to fix it.
I'll be back in a bit, time to eat! :) -
-
The WAN Firewall rule should be built correctly when you make a Port Forward. If it is not then something is up.
This is what your "NAT rule should look like.
https://forum.netgate.com/assets/uploads/files/1653600958727-natrule.jpgCan you post a screenshot of Firewall / Rules / WAN Please include the title of the page as I have done.
-
@jarhead But that's the rules screen. I have no control over the settings there. They're linked to the NAT and locked.
-
@chpalmer said in Blue Iris Remote access?:
The WAN Firewall rule should be built correctly when you make a Port Forward. If it is not then something is up.
This is what your "NAT rule should look like.
https://forum.netgate.com/assets/uploads/files/1653600958727-natrule.jpg
Can you post a screenshot of Firewall / Rules / WAN Please include the title of the page as I have done.Yeah, this ^ lol
Your first image didn't load, so I'm not sure what I was meant to see, sorry.
Here's my WAN rules page:
-
@elmojo Then delete the NAT and recreate it.
Edit: And use the picture I posted as a template.
-
@elmojo Go to the bottom of the NAT page and disassociate the rule from the NAT. Then you will be able to change it.
Notice your other firewall rules go to the LAN address of the server.. Your Blue Iris should be similar.
