Peplink balance 310 Open ports for HIK Vision nvr


#1

Hi,

This is a new install of peplink balance 310. Using wan1 (IP with a dsl and wan 2 with a T1 connection.

A digital video server (static IP# 192.168.1.23) (subnet 255. 255.255.0) Port 80 is open. But I cannot open port 8000 tcp/udp or port 554 for rtsp.
The peplink is at 192.168.1.1

This is important and I have spent two days playing with it. I will gladly hire someone who can set this up. There is only 1 IP camera

The video tech needs this.
192.168.1.23 NVR static


#2

Assuming that you can access the digital video server (192.168.1.23) on Port 80;

  1. Check to see if the digital video server (192.168.1.23/24) itself is really listening on port 8000 and 554.

  2. Check to see if “Inbound Firewall Rules” under Network > Firewall > Access Rules > Inbound Firewall Rules on the Balance are blocking the traffic.

    -> If Default rule is set to [Any, Any, Any, Any, Allow] , the Balance should be fine.
    -> If Default rule is set to [Any, Any, Any, Any, Deny] , create a rule that specifies the destination IP address (192.168.1.23)
    and an applicable destination port.

  3. Make sure that there is no NAT Mappings rule.

Please keep us posted so that our team can follow up.


#3

Thank you for your reply.

  1. No NAT Mappings Defined ( this is how the router came.)

and yes all “Inbound Firewall Rules” under Network > Firewall > Access Rules > Default rule is set to [Any, Any, Any, Any, Allow]

I am using port www.yougetsignal.com/tools/open-ports/ and www.canyouseeme.org/ To be sure the ports are open (they are always closed)

I installed the Peplink Balance 310 router. A security specialist is installing the NVR and has told me he needs these port open. 80, 8000, and 554. I must be doing something stupid, I have worked on this for 2 days. (I own and use a peplink Balance 20 for my office).

Patrick


#4

I am also testing all this on my Balance 20. Using the test sites canyouseeme and you get signal, all the ports remain closed.


#5

Hello,

I would create a FW rule and define under destination port each of the UDP ports needed and enable event logging. Then run your port scanner. Once done you should see the Balance log these messages under Status>Event Log. IF you don’t see these messages there I would check to see if the ISP is blocking these ports.

Good UDP scanner:


#6

Those 3rd-party port checking sites are marginal at best, don’t trust the results explicitly. I would just try the application itself and see if it works…


#7

Using the test above.

And this FW.


The event log had this …“Jul 16 16:12:03 System: Changes applied” Nothing else.

And the ISP is “Century Link” I will call and see if they are blocking ports.

Thanks.


#8

This from Century Link…

"Application-Specific Policy

CenturyLink High-Speed Internet customers receive full access to all of the lawful content, services, and applications that the Internet has to offer. CenturyLink does not block, prioritize, or degrade any Internet sourced or destined traffic based on application, source, destination, protocol, or port unless it does so in connection with a security practice described in the security policy section below."

Port 25 Port 25 Blocking

CenturyLink filters port 25 to reduce the spread of email viruses and spam (unsolicited email). Email viruses allow malicious software to control infected computers. These viruses direct the infected machines to send email viruses and spam through port 25. Port 25 filtering is a recognized Internet industry best practice for service providers like CenturyLink to filter e-mail traffic. The Messaging Anti-Abuse Working Group (MAAWG), a global organization focused on preserving electronic messaging from online exploits and abuse with the goal of enhancing user trust and confidence, recommends that “providers block incoming traffic to your network from port 25.”

That is the only port they block. as far as I can tell.


#9

Can you send the inbound access port forwarding page as well?

There is the place where you define the ports to be forwarded.

AG


#10

Hello again, just wanted to let you know how grateful I am for the help. I was looking kind of foolish in front of the IP camera guy. Anyway, the problem is resolved and was not in any way an issue with the Peplink. There was a DSL modem misconfigured. It should have been in “Bridge Mode”. Once it was set to Bridge Mode… all good. Thank you again.

Patrick McAllister
PS. If anyone else sees this post. I downloaded “Zenmap” from the NMAP website. Very useful tool for scanning ports. https://nmap.org/download.html


#11

Hi Patrick, glad you got it up and running :up: