RE: Web Cam ports
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Nov 2004 07:58:22 -0800
Yeh; the live demo is nothing more than marketroid spew and it requires
their "special ActiveX control"; that ain't happenin' here.
Actually, this gives something approaching "real" information:
http://support.dlink.com/faq/view.asp?prod_id=1433&question=DCS-2000%20/
%20DCS-2100+%20/%20DCS-5300%20/%20DCS-5300W%20/%20DCS-5300G
(watch out for the wrap beast)
Even then, it's really sloppy info.
According to that page, you need (direct quote):
- 80 (TCP) HTTP Port (allows access to web-configuration and transmits
video if other ports are not forwarded)
- 5001 (TCP/UDP) Control Channel Port (used to synchronize audio and
video)
- 5002 (TCP/UDP) Audio Channel Port (transmits synchronized audio)
- 5003 (TCP/UDP) Video Channel Port (transmits synchronized video)
Based on the second DI-604 screenshot, these protocols are "inbound",
since they specify that it's from WAN to LAN. Notice that they also
allow it from any external IP. Welcome to hacker-land, boys & girls...
Here's the deal:
1 - only Firewall clients can use this, SecureNAT and Web Proxy folks
ain't getting audio at all (are you listening?). If you can't / won't
support FW clients, stop reading now.
2 - create your protocol definition thusly:
Primary connection = TCP:80 outbound
Secondary connection = TCP:5001-5003 Inbound
Secondary connection = UDP:5001-5003 Receive-Send
3 - create your "camera" rule using this protocol and make sure it's
listed BEFORE any other HTTP-based allow rule or you won't get the
secondary port behavior you need.
4 - create Firewall Client Application settings as:
<name of app> RemoteBindTcpPorts = 5001-5003
<name of app> RemoteBindUdpPorts = 5001-5003
5 - install the Firewall client software on any host that expects to
view / control this camera
..bear in mind that I have absolutely no way to test this, but if their
information is correct, it should work.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: Paul Deen [mailto:pdeen@xxxxxxxxxxxx]
Sent: Wednesday, November 24, 2004 7:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Web Cam ports
http://www.ISAserver.org
Hello,
Thanks for your reply.
The actual camera is a DLINK, I have read the mfr website and manuals
etc. I have tested/connected to it via several different locations and
the only place I am having problems is behind our ISA. For example, at
home, using my basic linksys router and Zonealarm, everything loads
fine, I hear audio, can move the camera etc.
But when I'm behind ISA 2004, the only way it seems to work (sometimes,
like on my machine, but not my users) for me is if I disable the clients
Web Proxy settings, making the machine use only the Firewall client,
then I can control it, but still no audio.
The setup on the camera end it uses Protocols TCP and UDP on ports
5001-5003 as well as port 80 for the HTML portion.
Here is a live demo from the mfr of the camera:
http://www.dlink.com/products/liveDemo/?model=DCS-5300W
Any other advice?
Thanks again,
Paul Deen
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Tuesday, November 23, 2004 4:35 PM
Subject: RE: Web Cam ports
"any advice" would depend on a better understanding of:
1 - the actual camera in use; maybe the mfr website has some clues
(though not always)
2 - the actual protocols (TCP/UDP) that use those "ports" and their
direction (I suspect "outbound", or "send", but that's assumption)
Your internal hosts will have to be firewall clients to use secondary
protocols that have no matching application filter; no way around that.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-----Original Message-----
From: Paul Deen [mailto:pdeen@xxxxxxxxxxxx]
Sent: Tuesday, November 23, 2004 2:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Web Cam ports
http://www.ISAserver.org
Hello,
We are using ISA 2004 and my clients are Firewall Clients as well as
Web Proxy Clients (IE6).
There is a WebCam (long story) on the internet that we need to be able
to view and control. It uses 3 ports, 80 (normal, used for the html
part) and 5001,5002,5003 (used for audio and to control the camera).
I have tried creating a user defined protocol rule with parameters of
Port 5001-5003 TCP with a secondary connection of Port 80 TCP. If I set
them to inbound, doesn't seem to help, but when I set them both to
Outbound, then it seems to work, somewhat, only with the Firewall
client, not the web proxy.
If I disable the Web Proxy settings in IE, then it seems to work okay.
But then my users don't get the benefits of the Web proxy cache, which
is why I have made them Web Proxy clients. How can I make this work
through the Web Proxy?
This camera is not hosted by us, it is host externally, we just need to
be able to view it and the audio and controls use ports 5001-5003.
Any advice would be greatly appreciated.
Thanks,
Paul
All mail to and from this domain is GFI-scanned.
Other related posts:
