This page is a
translated version of the page
Port Forwarding and the translation is 100% complete.
Equipment control via the Internet
General instructions for use of static IP-address, DDNS service, and configuring NAT, Port Forwarding when connecting i3 pro and iRdium server to controlled equipment via the Internet
Ways of Connecting iRidium to Equipment
The i3 pro application and iRdium server can connect to remote equipment to control and receive data. But it requires some settings of your network equipment (router). Ways to control remote equipment with the help of i3 pro and iRdium server:
To use the application with the server, you need to open the following ports:
30464 - for connecting the panel to the server using the iRidium protocol
8888 - for access to the web interface of the server (it is not recommended to open access from the outside)
But we strongly do not recommend opening access from the outside.
The server's web interface has a limit on the number of open connections - 10. When you open network ports to the outside, you may lose access to the web interface if someone opens too many connections to it. (botnets, intruders, etc.).
When the connection limit is reached, the web server will show you a message. Follow the instructions in this message to regain access to your server's web interface:
Connection via Static IP-address on the Internet
i3 pro or iRdium server can connect to a remote router (and to the equipment via the router) by using the IP-address of the router on the Internet, provided that the address does not change, i.e. it is static.
1 "'Receipt of static IP-addresses on the Internet"'
The static IP-address on the Internet can be assigned to your IP router only by your Internet service provider (ISP). If you use the mobile Internet, the assignment of static addresses is impossible. Use the next option (DDNS).
The static IP-address on the Internet is called "external static" or "white". If you have such address, it means that your router can be connected from anywhere and its address will not change.
What is my Internet address? (the address will change if it is not static)
Not all ISPs offer static IP-addresses. But if the ISP provided this service, follow the instruction of your ISP to set up the router for work with the static address.
The next step will be to provide access via the router to the equipment - setting up the NAT service and Port Forwarding.
2 "'Setting up of the NAT service, PortForwarding on the router"'
The NAT service provides transfer of data sent to the router from the external network to LAN. If rules of data transfer are not set up, commands will not be sent anywhere but your router.
NAT (Network Address Translation) - the service for translation of internal network IP-addresses to IP- addresses of the external network. Before you start to set up NAT, give the equipment you use static local IP-addresses
The principle of forwarding data from the external network to the internal one:
- a remote device sends a command to the router address in the Internet and the "external" port of the equipment specified in the table of data forwarding
- the router forwards the command to the device in the local network specified in the table of data forwarding
- the command is executed by the device
The number of forwarding "rules" on the router has to be set up based on what devices of your network have to receive data or commands from the Internet.
Using the example of the D-Link router, let us set up one forwarding rule (every network device needs its own rule):
- "IP Address" - the local IP-address of the device on which you want to send commands from the Internet
- "Public Port" - the port where you need to send the command from the Internet so it would come to the device
- "Private Port" - the real hardware port that receives commands (it can be different from "Public Port")
- "Traffic Type" - the allowed protocol for connection between the sender and receiver of commands (TCP or UDP)
for example: Your ISP gives your router a static public IP-address "'215.110.10.15"'.
You set up the rule on the router to forward data from external TCP port "'8080"' to internal TCP port "'80"' of address "'192.168.0.100"' which is the address of the equipment.
To connect to the equipment via the Internet, in connection settings you need to specify:
Host: 215.110.10.15, Port: 8080
To connect to the equipment from the same (local) network, you need to specify:
Host: 192.168.0.100, Port: 80
ATTENTION A potential security issue when using Port Forwarding!
The open port on the router means that your equipment can be connected by anyone who finds an open port and finds out the type of the equipment. This problem can not be avoided because it is dictated by the technology of communication with remote devices via an open router port.
Observe basic safety precautions:
- do not open remote access to cameras that are not protected by a complex password
- do not open remote access to equipment hardware that is not protected by a complex password
- try to select an external port of the equipment which is different from the standard one to complicate the determination of the equipment type by the hacker
Connection via the DDNS Subdomain - Without the Static IP-address
i3 pro or iRdium server can connect to a remote router using a domain name issued for the router by the DDNS service. The domain name is used, if the ISP cannot give static IP-addresses, or if you use the mobile Internet.
In there is no static external address, the IP-address of your router on the Internet will constantly change - this address is called "dynamic". The address change leads to the fact that the control program cannot access the equipment via the external IP-address of the router because it periodically loses relevance.
The service of dynamic DNS (DDNS or DynDNS) provided by some companies can help to solve the problem of dynamic IP-address . It is used to assign a constant domain name to the router with the dynamic IP-address. This service is provided by several companies: No-IP, DynDNS, etc.
How to assign a subdomain to the router with the help of the "'No-IP"' paid service. There are 3 setting stages:
- Register the subdomain on the website providing the DDNS service
- Set up the DDNS service on the router
- Ser up the NAT service, PortForwarding on the router
1 "'Registration of your account and subdomain on the No-IP web site"'
- Register a new account on the website No-IP. During the registration process, select the subdomain address - this address will be used as the address of your router. For example:
i3pro.hopto.org
- Confirm the account registration (the confirmation code will come by e-mail). You will be able to manage your domains in the "Managed DNS" tab.
- The subdomain created at account registration is already active. The name of the subdomain is required during setting up of your router
- Please, note that in the No-IP free account the subdomain has to be renewed every month (to press the renew button on the website), otherwise it will stop working. You can subscribe for 1 year or more to create multiple domains that will work constantly. See the terms of subscription on the web site.
2 "'Setting up the router for work with the DDNS service from No-IP"'
Make sure your router supports DDNS. The path to the DDNS settings depends on the model and manufacturer of the router. A few examples:
Regardless of the router model, the DDNS settings are about the same:
- "Enable the DDNS Client" - it activates the service on the router
- "Server" - the server of a DDNS service provider, in our case:
WWW.NO-IP.COM
- "User Name or E-mail Address" - the username or email you indicated during the registration process on the No-IP website
- "Password" - your password from the account on the No-IP website
After you save the DDNS settings, your router will periodically report your IP-address on the Internet to on the No-IP web site, and the No-IP web site will redirect data sent to the subdomain address to router.
3 "'Setting up of the NAT service, PortForwarding on the router"'
The NAT service provides transfer of data sent to the router from the external network to LAN. If rules of data transfer are not set up, commands will not be sent anywhere but your router.
NAT (Network Address Translation) - the service for translation of internal network IP-addresses to IP- addresses of the external network. Before you start to set up NAT, give the equipment you use static local IP-addresses
The principle of forwarding data from the external network to the internal one:
- a remote device sends a command to the router address in the Internet and the "external" port of the equipment specified in the table of data forwarding
- the router forwards the command to the device in the local network specified in the table of data forwarding
- the command is executed by the device
The number of forwarding "rules" on the router has to be set up based on what devices of your network have to receive data or commands from the Internet.
Using the example of the D-Link router, let us set up one forwarding rule (every network device needs its own rule):
- "IP Address" - the local IP-address of the device on which you want to send commands from the Internet
- "Public Port" - the port where you need to send the command from the Internet so it would come to the device
- "Private Port" - the real hardware port that receives commands (it can be different from "Public Port")
- "Traffic Type" - the allowed protocol for connection between the sender and receiver of commands (TCP or UDP)
for example: You registered the "'i3pro.hopto.org"' subdomain on the No-IP website and turned on the DDNS service on the router.
Also, on the router you set up the rule for forwarding data from external TCP port "'8080"' to the internal TCP port "'80"' of address "'192.168.0.100"', which is the address of the equipment.
To connect to the equipment via the Internet, in connection settings you need to specify:
Host: i3pro.hopto.org, Port: 8080
To connect to the equipment from the same (local) network, you need to specify:
Host: 192.168.0.100, Port: 80
ATTENTION A potential security issue when using Port Forwarding!
The open port on the router means that your equipment can be connected by anyone who finds an open port and finds out the type of the equipment. This problem can not be avoided because it is dictated by the technology of communication with remote devices via an open router port.
Observe basic safety precautions:
- do not open remote access to cameras that are not protected by a complex password
- do not open remote access to equipment hardware that is not protected by a complex password
- try to select an external port of the equipment which is different from the standard one to complicate the determination of the equipment type by the hacker