Router Configuration for Home Security:

Router Configuration for Home Security:Forward your Ports

Presenter: Steve HarrisSCTE Director Advanced Network

Technologies Program Development

Router Configuration for Home Security 2© 2011 by the SCTE

LINK

Router Configuration for Home Security 3

Agenda

• Describe the relationship of TCP/IP and TCP and UDP ports

• Explain the role and function of a NAT enabled GWR in the customer premises network

• Demonstrate the configuration of an IP surveillance camera and port forwarding

© 2011 by the SCTE

Introduction

21

23

80


Why?

HDTV / 3DTV

STB / DVR / PVR

eMTA

WirelessGWR

Printer

CordlessAnalog PhoneDesktop

PC

Smartphone

Laptop

Fax

Internet

remote devices

LAN IP 192.168.1.x/24

WAN IP98.225.216.185

© 2011 by the SCTE


What is TCP/IP?

© 2011 by the SCTE


TCP/IP

• Ubiquitous Communication Protocol

• Suite of protocols (65,535)

• Client / Server model

Internet

CableOperator

© 2011 by the SCTE


TCP/IP

• Internet devices have at least one IP address– e.g., 192.168.1.120

• TCP/IP defined 216 ports (65,535) per IP address

• Devices send data using port number from source to destination

© 2011 by the SCTE


What is a port (socket)?• TCP/IP uses an abstract destination point called a

protocol port.• Ports are identified by a positive integer value, e.g. 80.• Operating Systems provide some mechanism that

processes use to specify a port.

53

443

DNS port

SSL port

TCP/IP80 HTTP port GWR

CM/eMTA

© 2011 by the SCTE

http://98.225.216.185:8080/


Port Numbers

Well-known ports 0 – 1023HTTP, FTP, SSL, Telnet, SSH, DNS, etc…

Dynamically or Private Ports49,152 to 65535

http://www.iana.org/assignments/port-numbers

Registered ports or vendor-specific applications

1024 to 49,151

0 = no port has been allocated

© 2011 by the SCTE



Port Names

DNS = 53

HTTP = 80

© 2011 by the SCTE


What is the OSI model?

© 2011 by the SCTE


Network Model

RF

DOCSIS/ PacketCable™

IPv4/6

TCP UDPLaye

rs

ICMP

DATA

Port Numbers

Protocol Numbers

© 2011 by the SCTE


User Datagram Protocol

• Connectionless• Unreliable• Datagram

Delivery• Video traffic

Source Port Destination Port

Length Checksum

Data

© 2011 by the SCTE


Transmission Control Protocol

• Connection-oriented

• Reliable• Full-duplex• Byte-Stream• Voice & data

traffic

Destination Port

TCP Options (if any)

Data

Source PortSequence Number

Acknowledgement Numberoffset Reser. TCP Flags Window

Checksum Urgent Pointer

© 2011 by the SCTE


UDPTCP

Common Ports

8080

22 22Internet

FTP HTTP

Telnet SSH SM

TP DNS SNMP

HTTPS

21 8023 22 25 53 161 443

Application Layer

Transport Layer

© 2011 by the SCTE


NETBIOS

137-139


Network Address TranslationPort Address Translation

21

23

80


What is NAT & PAT?

© 2011 by the SCTE

NAT

© 2011 by the SCTE Router Configuration for Home Security 19

192.168.1.123iPad2

192.168.1.124

192.168.1.1

192.168.1.125

Inside Outside

192.168.1.123 68.10.0.171#29225

Internet

Inside Local IP Address

192.168.1.123192.168.1.124192.168.1.125

Inside Global IP Address

68.10.0.171#2922568.10.0.171#2922668.10.0.171#29227

scte.org

private side public

Remote PC

CM

http://98.225.216.185:8080/


NAT

© 2011 by the SCTE

Example

21

23

80

Connect Surveillance Camera


GWR

eMTA

LAN IP 192.168.1.x/24

1.120

1.121

1.1

Connect Surveillance Camera


GWR

eMTA

LAN IP 192.168.1.x/24

1.121

1.1

http://192.168.1.120

Wireless Setup Page


DHCP Client Table

© 2011 by the SCTE


Wireless Setup

1.2.

XXXXXXX

3.4.

© 2011 by the SCTE

Surveillance Camera is Wireless


GWR

eMTA

LAN IP 192.168.1.x/24

1.121

1.1

http://192.168.1.120

Wireless Setup Page


DHCP or Static?

© 2011 by the SCTE

GWR Config


GWR

eMTA

LAN IP 192.168.1.x/24

1.121

1.1

http://192.168.1.1

GWR Config


Port Forwarding

© 2011 by the SCTE


Port Range Forwarding

© 2011 by the SCTE


Port Triggering

Port triggering is a configuration option on a GWR with NAT to allows a host to dynamically and automatically forward a specific port back to itself.

© 2011 by the SCTE


What the inside global IP (outside)?

© 2011 by the SCTE

http://www.ipchicken.com

HDTV / 3DTV

STB / DVR / PVR

eMTABroadband Connection

WirelessGWR

Printer

CordlessAnalog Phone

DesktopPC

Smartphone

Laptop

Fax

Let’s test it!

http://98.225.216.185:8081/

http://98.225.216.185:8080/


SMC

© 2011 by the SCTE

10.1.10.2 to 10.1.10.9 are static local inside IP address

TCP / UDPPort 10


NETGEAR

© 2011 by the SCTE


You try

© 2011 by the SCTE

Internet

192.168.1.1 98.24.56.15

Camera 1 8085 1024 140

.140

.141

.142

Camera 2 8086 1025 141

Camera 3 8087 1026 142

http://98.24.56.15:8085http://98.24.56.15:8086http://98.24.56.15:8087

http://98.225.216.185:8080/


Summary

• Described the relationship of TCP/IP and TCP and UDP ports

• Explained the role and function of a NAT enabled GWR in the customer premises network

• Demonstrated the configuration of an IP surveillance camera and port forwarding

© 2011 by the SCTE

Documents

Router Configuration for Home Security: