External access to my Exetel IP address

All other technical assistance queries (General technical issues, IPv6. P2P, News groups, etc)
Post Reply
Daniel Simpson
Posts: 12
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

External access to my Exetel IP address

Post by Daniel Simpson » Tue Jan 27, 2015 2:46 pm

Hi,

I have just installed an NVR for security monitoring.

The LAN access from any computer on the LAN is fine through Explorer/Activ X at 192.168.20.xxx.

Port forwarding has been set up in the Netcomm NB16VW-02 and verified with www.canyouseeme.org - success on Port 80 and Port 9000 at my Exetel IP address 115.70.92.xxx. These are the ports allocated in the NVR for http (80) and client services (9000).

When I key my Exetel IP address 115.70.92.xxx:80/, the 'search does not find'.

Can anyone suggest what I am likely missing here or doing wrong, thank you in advance.

Cheers

ShaminG
Exetel Staff
Posts: 960
Joined: Wed Jan 06, 2010 10:11 am
Location: Sydney, Australia

Re: External access to my Exetel IP address

Post by ShaminG » Tue Jan 27, 2015 6:43 pm

Daniel Simpson wrote:Hi,

I have just installed an NVR for security monitoring.

The LAN access from any computer on the LAN is fine through Explorer/Activ X at 192.168.20.xxx.

Port forwarding has been set up in the Netcomm NB16VW-02 and verified with http://www.canyouseeme.org - success on Port 80 and Port 9000 at my Exetel IP address 115.70.92.xxx. These are the ports allocated in the NVR for http (80) and client services (9000).

When I key my Exetel IP address 115.70.92.xxx:80/, the 'search does not find'.

Can anyone suggest what I am likely missing here or doing wrong, thank you in advance.

Cheers
Apparently http://115.70.92.xxx:80 is resolving to http://115.70.92.xxx/html/webplugin.html

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: External access to my Exetel IP address

Post by Dazzled » Tue Jan 27, 2015 7:03 pm

Further to Shamin's advice - The ports are open. A simple test without resorting to port scans with hping or nmap and the like, waiting for 5 secs for a response, is:
nc -z -w5 <host> <port>; echo $?
nc is netcat, a very handy Linux tool also ported to Windows.
For your IP, using both ports, the returned value is 0, which means success. Curl can also connect to both.

Daniel Simpson
Posts: 12
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: External access to my Exetel IP address

Post by Daniel Simpson » Wed Jan 28, 2015 11:00 am

Thank you Shamin and Dazzled. I looked at these tools but I am a novice meaning that I only have a Windows based machine and MS Explorer browser.

Shamin mentioned that when I key in the http instruction 115.70.92.XXX that it is "...Apparently http://115.70.92.xxx:80 is resolving to http://115.70.92.xxx/html/webplugin.html".

This is EXACTYLY what happened in the LAN and I switched to MS Explorer and 'allowed', temporarily, FOR the Activ X to PERMIT THE WEB BROWSER TO ALLOW access without a signed certificate etc. After that, the LAN access to the NVR video was fully functional. I re-instated security thereafter.

Unfortunately, when the issue arose at 115.70.92.xxx, I tried the same fix but nothing I have tried so far with MS Explorer such as enabling "allow" on Activ X has worked when trying to access my EXETEL IP ADDRESS 115.70.92.xxx.

Similar results with Firefox and Chrome.

Any specific suggestions appreciated as I am not a developer.

Thank you again.
Daniel

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: External access to my Exetel IP address

Post by Dazzled » Wed Jan 28, 2015 11:53 am

I can't help with ActiveX, it's a Windows only phenomenon, but I can see your device and the code it sends, using the Boa web server. (Not very exciting at present mind you).

Here's what I mean:
The browsers (I used Opera and Konqueror) connect to 115.70.x.x with the host field also 115.70.x.x and issue the usual GET request.

The response from you was:

HTTP/1.1 200 OK
Date: Wed, 28 Jan 2015 03:26:31 GMT
Server: Boa/0.94.14rc21
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=10, max=1000
Content-Length: 17652
Last-Modified: Wed, 28 Jan 2015 03:26:31 GMT
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
<title></title>
<link href="css/main.css" rel="stylesheet" type="text/css" />
<link href="ligerUI/skins/Aqua/css/ligerui-all.css" rel="stylesheet" type="text/css" />
<script src="js/jquery-1.11.1.min.js" type="text/javascript"></script>
<script src="ligerUI/js/ligerui.min.js" type="text/javascript"></script>
<script src="js/json.js" type="text/javascript"></script>
<script>
var version_safari = "3.12.65"; //改版本号信息
var version_ch_fox = "1.0.0.4"; //注意Firefox中webplugin.html中也要做同步修

etc etc ........

(it isn't exactly a nice web page....) The parts of the site are all visible, including graphics. The javascript code is commented in Chinese. There were 22 requests, totalling 532 kB, and loaded in 2.8 secs.

Daniel Simpson
Posts: 12
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: External access to my Exetel IP address

Post by Daniel Simpson » Wed Jan 28, 2015 8:54 pm

Thank you Dazzled, you are doing better than me with this.

I am not sure why you went to the Boa server, but, that aside, I take it that the response from http 1.1 200 was actually from 192.168...200 and only shortformed for security?

I loaded up Opera and tried to get Konquerer running but it was too tough to do.

Same result from these two browsers when trying to get 115.70.92.xxx as with my current list FireFox, Chrome and Explorer "This webpage is not available" or "search has not found.." etc - all the same.

With Explorer (Activ X), at least I can get to the IP address of ther NVR within my LAN at address 192.168...200/html.login - gives a login screen for client 9000.
The other browsers don't even offer that much - don't see the NVR device even in the LAN at IP address of the NVR.

I have tried dropping firewall and virus protection for brief intervals with no luck.

Is there any reason why I should not be able to address to my Exetel IP from home...meaning I am on this IP address looking out and back in? I note that Dazzled has used a Boa server - reasons not clear to me?

Any other hints appreciated,

regards
daniel

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: External access to my Exetel IP address

Post by Dazzled » Wed Jan 28, 2015 10:55 pm

I just pointed two standard browsers at your IP address, to see what replied. The GET came from my browsers. That is normal. Your router arrangements connected me to whatever was listening behind your NAT to port 80. My system runs straight Linux, and cannot deal with ActiveX, a Microsoft feature.

Your device is running Boa. It is a very simple web server popular for embedded applications. As I quoted above, it identified itself and returned to me an HTML page interface largely composed of javascript, with a few images and bits and bobs in separate files. All these were loaded by my browsers, and the network monitor I had running in parallel, so I could see the two-way exchanges going on.

This is the content you are having trouble with. It is visible to the world. The netcat example above earlier showed the router ports were open, though did not attempt a conversation. Does your router support your looking at yourself via the internet? This may need a special router loopback configuration.

I also had a peek this morning at port 9000 using a browser and curl, got to whatever is listening there also, but it quite properly disconnected me. I haven't used any of the penetration techniques, and won't.

Daniel Simpson
Posts: 12
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: External access to my Exetel IP address

Post by Daniel Simpson » Thu Jan 29, 2015 8:59 am

Thank you again for the insights (now I understand that the device is using Boa and have done a bit of research about that.

I will try to access from outside my LAN today using the MS Explorer browser since it provides access through Activ X on the LAN.

Meanwhile I would love to be able to get the Firefox and Chrome browsers to access the device (at least in the first instance) on my LAN using the LAN IP address of the device as has already been achieved with Explorer...any ideas appreciated.

Thanking you for the great support!

dan

Dazzled
Volunteer Site Admin
Posts: 6003
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: External access to my Exetel IP address

Post by Dazzled » Thu Jan 29, 2015 10:39 am

A couple of networking things to check.
1) You can't see yourself at your external address from within your network unless the router allows it. It needs special iptables nat entries. Internal addresses are fine, but:
2) Do you have a subnet problem - is the device on a different subnet from the computers?

Daniel Simpson
Posts: 12
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: External access to my Exetel IP address

Post by Daniel Simpson » Thu Jan 29, 2015 1:49 pm

ISSUE RESOLVED AND THANK YOU AGAIN FOR THE GREAT SUPPORT.

With a strong signal to my phone, I tethered to my Notebook, opened IE Browser, entered my EXETEL IP address as http://117.70.92.xxx/login.html and up came the Client login menu at Port 9000. What a nice surprise!

I also logged into a Free WiFi service at my favourite cafe and again SUCCESS.

The browser issue is with the device, they appear from the manual to have set it up only for IE & Activ X. (I can live with that.)

Many learnings for me here - I researched and loaded up 'Curl' (and ran a few commands in the windows prompt).
Curl advised me that it could not see port 80 from my LAN with the Netcomm router port forwarding only. This was a break through in retrospect. I may continue and see if I can set the router up to "look out" and "look in" as you have suggested, thank you.

I also understand that the Boa server is a configuration (again fixed) for the NVR device in question. Research on this opened me up into that sphere of knowledge, thanks to your guidance. Also now aware of a few more browsers with flexibility (eg Opera). Many other "networking and IP discoveries" through the CHAT..

I would like to close this thread at this point with a final thanks to Dazzled on the support provided.

regards
Daniel

Post Reply