Subscriber Discussion

Hikvision NVR With A Mifi 2 Issues: Port Forwarding/Ddns Not Working And Turn Recording Off

UI
Undisclosed Integrator #1
Jun 23, 2015

Situation is I have installed a HiKvision 76xx model at a residence. Location only has Cellular internet and are using the ATT Netgear Unite Pro for wifi/internet. It is wireless only. Purchased a Netgear Wifi Bridge for the hard wired NVR to connect to. Installed seamlessly. Created the DDNS using the HIK built in and the NVR registered itself on the hik-online site. The Netgear bridge got a DHCP address and I gave the NVR a .100 static, out of the DHCP range. NVR is readily available on the local wifi through the Unite Pro from my laptop. I set port forwarding both UDP and TCP for the 3 main ports HIK uses to .100.

Here's where it gets weird. The mobile app will not connect to the NVR. canyouseeme.org shows ports aren't visible. I checked several on line forums and one suggestion was to port forward to the Netgear Bridge. So I tried giving the bridge .100 static address and moved the NVR to .101. Still no luck. What's even more weird is that the HIK-online account shows one outside address for the NVR as supposedly it's last updated address that is totally different from the address my laptop gets when I run an "IPChicken.com" request. I could find no way to try to force the NVR to send another update. I even deleted the account and reentered it and it still had that odd outside IP address. Any thoughts?

2nd issue. The customer has a pool in their backyard that is covered by a camera. Sheepishly they asked me how they could turn that camera off record for a while if they wanted to. (I assume they might like to nature swim:) I could find no simple way to mouse click or use the remote that might accomplish this with a simple reverse click to resume recording. (We were using 24 hour scheduled motion recording.) The best work around I had to offer was to just construct a small screen that could hang from the gutter and block the camera when such a mood arose. Is there something I'm not aware of?

Thanks in advance

UI
Undisclosed Integrator #2
Jun 23, 2015

I'll see if I can help a little. ISP's will block ports without asking. Outbound requests typically get through as do responses to outbound requests. Trying to connect is an inbound request and may not get through.

On on the other item, I'm more familiar with Dahua products but they are similar. Dahua lets an end user with permission stop recording on any channel through the GUI and enable it again. I'm sure on both you could wire a switch in the home and connect to an alarm input. Set recording on alarm. This might also work for them. They could leave recording off by accident.

U
Undisclosed #3
Jun 23, 2015

Have you tried to do a tracert out to google or something from your laptop? (assuming laptop and NVR are on same switch)

DW
David Westberry
Jun 23, 2015
IPVMU Certified

When you select a channel there should be a camera looking icon, that when you hover over it says stop or start recording. A single click on this will toggle it. Not sure if accessible with the remote.

I was thinking the same as B about ISP blocked ports, I would give them a call and ask. Ive had mixed results with Hik's DDNS and if a customer wants DDNS we sell them a sub-domain and a Raspberry PI running No-IPs Linux client for a monthly fee. You could take a laptop and grab a free DDNS account from any of the various providers and run their client on the network and see if that works better. It would at least let you know it is the Hik service failing and not something ISP related.

For the port forwarding depending on how the bridge is acting you would need to forward from the MiFi box to the bridge ip and then in the bridge to the recorders IP. It sounds like you may have tried this. Locally nothing should be blocked and you are accessing the IP directly and would be expected to work fine. The fact that it does work fine locally says that the problem is in your forwarding configuration/rules or ISP blockage.

You said that Hik's DDNS was reporting a different address than discovered. Have you tried to connect through the discovered address? Also because these recorders are Linux based a full reboot may be required for the network settings to stick. Always go back and check. I have seen them many times appear to save the information but exiting and returning to the configuration page shows back to default settings.

I have put at least a couple dozen OEMd Hik boxes online and it is never painless hah.

GR
Graham Reid
Jun 23, 2015
IPVMU Certified

In Australia, most cellular data services do not offer a public IP address. The IP address of a cellular data service may be on the 10.0.0.0/8 range which is a reserved internal use range whereas the public IP address will be something different. In these circumstances, the public IP address is being used by many cellular services at the same time & the router with the internet face is the telcos router not the router on the cellular connection. Consequently, outgoing traffic works fine but when any incoming traffic hits the telco router, that router has no idea where to send it to so it blocks it.

Here it is possible to get the Telco to provide a public IP address on the cellular service but it can be a long & painful process.

Avatar
John Bazyk
Jun 23, 2015
Command Corporation • IPVMU Certified

I've had this problem before too, try changing ports to something other than the default. Also, check to see if you can connect outside of their local network. I have seem some netgear routers not allow you to connect using external IP while you're inside the network.

UI
Undisclosed Integrator #1
Jun 24, 2015

@John Bazyk, I was aware of the loop back problem trying to connect from outside while inside the LAN. That's why I turn off wifi on phone and try to connect from my LTE to customer's IP address. Will try some different ports. Neither outside address (one from HIK and the one from my laptop) allowed any connectivity to the DVR. Will try the reboot next time I'm on site.

DW
David Westberry
Jun 25, 2015
IPVMU Certified

Jon's post above reminded me about the fact that you must input the gateway address in the recorder for outside remote access on Hik recorders. Some older units from other manufacturers did not always require this. It will work locally without it but not remotely. Probably not your issue but know Ive ran into this when going behind another tech and spending time verifying rules, rebooting etc come to find out the default gateway was not enetered.

Avatar
Jon Dillabaugh
Jun 25, 2015
Pro Focus LLC

Ok, going super simple with my recommendations.

For the Internet issue, make sure you are using the correct gateway address for the static IPs. Usually ATT devices use .254 as the gateway, not .1 as you would assume. This would prevent any device from reaching the Internet, but would work fine internally.

You might also be double NAT'ed behind another gateway at the tower. If so, not much you can do about that.

And finally, to disable the pool cam easily, simply run a switch on the camera power that they can simply flip to cut power while "nature swimming?"

U
Undisclosed #4
Jun 25, 2015
IPVMU Certified

And finally, to disable the pool cam easily, simply run a switch on the camera power that they can simply flip to cut power while "nature swimming?"

And if PoE?

Avatar
Jon Dillabaugh
Jun 25, 2015
Pro Focus LLC

Obviously it wouldn't work if it had PoE power. You would have to use 12vdc instead. I just assumed his cameras had a separate power input. If not, you could use a midspan PoE injector that you switch power on instead.

Avatar
Sean Nelson
Jun 25, 2015
Nelly's Security

Before you go any furthur, you should check to see if ATT allows port forwarding on that type of device. With some satellite and certain cell phone connections, port forwarding is not possible. I do realize that you may have seen a port forwarding section in the Mifi settings, still though, it may not work due to the way their network topography is designed.

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions