Remote surveillance and Networking (part two)

How to make your DVMS accessible: port forwarding

In our July article we discussed redirection of domain name services. We saw that
the IP public address allows communication with the router, and that in turn the
router must be able to interpret this request by forwarding it correctly to the DVMS
(port forwarding). As you now might have guessed, this will be the theme of the
second part of our series on remote surveillance and networking.

Our objective is simple: to open a communication channel between the client (from
1
your house as an example) and the server (DVMS installed at the surveillance site).
To better understand the principle of port forwarding and it’s numerous components,
let’s use the hotel as a metaphor. As an example, when you want to phone a hotel
guest, you first phone the hotel reception (the IP public address managed by the
router’s DHCP 2 server). You then ask to be put in contact with the hotel guest
(DVMS’s fixed address). Reception then transfers you to the guest’s room (port
forwarding). Then the guest picks up the phone and starts talking (server’s positive
answer and data transfer).

Now let’s apply this metaphor to the port forwarding concept, i.e. in order to make
the communication between the client and the server possible, we must:

1. Assign to the DVMS (server) a fixed IP address3 so the client’s requests

will be properly forwarded to it (ex. to assign a room to a visitor).
2. Create exceptions on Windows firewall so that the DVMS’s services
become accessible. (ex.to allow the guest to make long distance calls).
3. Redirect one or several ports that are necessary for the client and the
server to communicate (ex. to allow the reception to redirect the calls to
this room).

1. Assignment of a fixed IP address

To be able to assign a fixed IP address to the DVMS, first we must know where it is
located. As in our telephone metaphor, this would be like saying that Mr. Desjardins
is situated at (514) 940 4346 (router’s external and public4 IP address) extension 25
(DVMS’s internal and private IP address). To obtain the router’s private IP address
(also named default gateway), we can type in, from the command window
(Windows, Start, Run) these three letters: CMD followed by ‘Enter’. Then we type in
IPCONFIG and then ‘Enter’ to see the results. You will get 3 types of information: the

1
We call the DVMS a ‘server’ because it ‘serves’ something namely a Web service. It transfers data from
the cameras and the system.
2
The DHCP server (Dynamic Host Configuration Protocol server) is a software component integrated to a
router or to a server. This service works like a traffic cop: it manages IP addresses allowing the redirection
of the requests inputted in the internal network (intranet) and the requests outputted to the external or
public network (extranet or Internet).
3
Conversely to the dynamic address that can change in the event of a power outage the fixed address is
called ‘static’ therefore never changing.
4
A public IP address may be obtained by going to the site www.whatismyip.com that will automatically
post it.
IP address (computer), the subnet mask5 and the default gateway (the router’s
internal address). Take note of them. From there, there are two methods that you
can use to give a fixed IP address to your computer:

1. By configuring the router’s DHCP server (this point will not be discussed
in this article; this method is more complex but has nevertheless the
advantage of better documenting the IP addresses assignments when
using a local network).
2. By modifying the computer settings for the IP addresses by using
Windows directly. To do this go to: Configuration, then Network
Connection, right click on Local Network Connection, then click on
Properties. Then double click on Internet Protocol (TCP/IP). Select ‘use
the following IP address’ then enter the info previously collected. Then
replace the last number of the IP address with a number found outside
the range6 of IP addresses managed by the DHCP server. And there you
are, you have just assigned an IP address to your server (DVMS). We will
now know exactly where to find you...

2. How to create exceptions to the firewall

When a client’s site try to communicate with a server (DVMS) on a specific port,
Windows will automatically consider the request as unauthorized and will post a
message saying that the firewall has blocked this application’s service. You must
authorize the execution of these services when requested by the client. To authorize
these services you must create specific exceptions on Windows firewall. Go to
Control panel, then Windows firewall, and click on ‘add port’. According to your
DVMS add one or several ports required by your software application. If you belong
to a network comprised of several DVMS it would be advisable to use the ‘add a
program’ option to manage the exceptions. This method will avoid freeing extra ports
to differentiate each DVMS.

3. Port forwarding

When a client’s software connects to a server (DVMS), it is in fact a computer on the

Internet sending data to a router (external IP address). When the router receives
this data, it must know to which computer to forward it. (DVMS’s internal IP
address). The port forwarding therefore consists of setting the path needed to
transport this data so that it will be directly forwarded to the DVMS. At the receiving
end, the DVMS must be in ‘receiving mode7’ that means that one or more
communication ports must be open, waiting to receive the requests. To ensure a
greater connectivity stability with the router it would be advisable to configure the
DHCP in static mode. As an example, in a power outage, the IP address would
remain unchanged; this would avoid having to reconfigure the router with a new
dynamic address. In other regards, our router must be able to open some

5
A subnet mask shows the number of bits that distinguish the hosts (this in turn indicates also the
number of possible hosts in this subnet).
6
To be aware of the range of addresses managed by the DHCP server, you must access the router’s
management console using a Web browser. We suggest that you consult the instruction manual provided
with the router.
7
Again, with the telephone metaphor, when the telephone rings at your home, if you are absent, you will
not be able to answer, which is the same as if your communication ports were closed.
communication ports so that direct communication with it is possible. This is similar
to asking Bell to program a different ring to the residential line, the equivalent of
creating a dedicated line for your beloved teenagers…

Therefore, to summarize, there are two steps to follow: first, put the DHCP server in
static mode and then open one or several communication ports (regardless of the
number of services offered 8). To configure these two elements, you must access the
router’s management console. Since the vocabulary is different from one
manufacturer to another it is somewhat of a risk to explain this procedure in this
introductory article. As an example, port forwarding on a D-Link model is done from
the ‘advanced thumbnail’, then Virtual Server; comparatively the Linksys router port
forwarding will be accessed from the Application link. To avoid possible confusion in
regards to the model of the router that you use, we invite you to consult this link:

http://www.portforward.com/english/router/port forwarding/routerindex.htm

This site offers short guides, and step-by-step instructions supported by screen
captures specifically designed for the model that you use.

It is rather difficult to resume this type of procedure in an article destined to all

readers. However, if you are interested in an in depth look, we suggest that you
consider registering to one of our technical seminars on this subject. Contact us for
the schedule of our seminars presented in our offices or in your region.

René St-Pierre
Director, Training, Sphere Video

8 As an example, some DVMS can forward audio as well as video. To ensure a better connection, including
the efficient transfer of data packets the audio services will be delivered by a secondary port.