trying to view "evo" webcam remotely from ibook G4

Hi

Try this search in the iSight forum
http://discussions.apple.com/search.jspa?forumID=802&threadID=&q=evocam&objID=f8 02&dateRange=all&userID=&numResults=15&rankBy=10001

Hi,

I have only used EvoCam to push pics to my Website and viewed them back from there

The method you want to use via your own computer and DynDNS is not something I am familiar with

I would ask in the Leopard Networking Forum



9:54 PM Friday; February 13, 2009

This is a networking issue. So set up evocam like the directions said, so you can once again view the webcam successfully from another computer on your local network.

Now go to your router configuration web pages and set up port forwarding to the computer running evocam, on the port that you have specified in the evocam application to be the evocam webserver port. Every router/modem is different, so refer to your instruction manual that came with your modem/router to set up port forwarding. Or check out portforward.com (but your user manual is going to have much greater odds of being error-free).

Register for a free domain name at https://www.dyndns.com/account/

Download the application "DynDNS Updater" from http://www.dyndns.com/support/clients/. Install it. As I recall, it automagically installs a daemon as a bootup item. If it doesn't, find the preference setting that makes it a bootup item. That daemon runs in the background facelessly and monitors the external WAN IP address assigned from your ISP to your modem/router, that is who the external world sees you as. When it sees your external WAN IPA has changed (my ISP changes mine on me at least once a week, and twice daily is not unheard of), it will report that change to dyndns.com DNS servers.

Now you should be able to connect to, say, http://bluefishjd.dyndns.com:8080 from the outside world and be routed to your evocam webserver. (I am assuming, in my example here, that you are mapping the same external port number 8080 to the internal port number 8080 on the computer that is running the evocam webserver, and am also assuming that bluefishjd.dyndns.com is what you chose to be your free dyndns host name). (Actually, I think I would choose some random 5-digit port number from one of the "unassigned" ranges listed on http://www.iana.org/assignments/port-numbers. 8080 is kind of a common port number to use as an alternate port number and internet evildoers may be more likely to probe that port in an attempt to break in to your computer. Just a thought.)

Ok,

That seems clear for one computer.

I have 2 Macs, one of which can be Ethernetted or Wifi. And run Windows in Booth camp (5 IPs so far)
My son and daughter have an X box 360 each (2 more)
My son also has a PlayStation 3 and a Tower PC. (Another 2)
My Daughter has a tower PC and a Wifi Laptop (Another 2)
My Wife has a PC which can only do Ethernet (just one IP)
Add two IPs for my daughters's Laptop and a second Laptop to be Ethernet and 1 more for the second to be Wifi

I make that 15 IPs that I could be using on My LAN.

I use Static Routing to assign IPs on my LAN and use UPnP to open ports.

How do I make sure only one computer is accessible on the ports I give to Evocam via DynDNS ?
I know Port Forwarding would isolate On Port to One IP but will conflict with using UPnP mainly for iChat and the larger Port Ranges used by On-line gaming apps for the 360s
Obviously Port Forwarding can not be done to one computer whilst UPnP is done to the rest (Although it would be nice).

Am I missing something ?
Am I over-thinking this ?



10:40 PM Friday; February 13, 2009

Hi Ralph. Wow! You know, I'm not sure what to do for you. My modem/router acts like it is UPnP, because I didn't have to do any port forwarding mumbo-jumbo to get it to work with iChat -- iChat just worked "out of the box" with that modem, just as it did with the one I had before it. And I never found anything on any router configuration pages in either one of those modems to turn on UPnP or turn off UPnP. And I never had to do anything with the Mac's firewall with regards to iChat, and I can port forward ssh into the house, which allows me to securely tunnel my netcams, vnc screen sharing, afp file sharing, even my own 5-account smtp/imap mail server for family members (me, wife, and the three adult children that have gone out on their own over the past several years). So what can I say but maybe God doesn't hate me after all?

But if we know what ports are being used, or could be used for iChat, PlayStation, XBox, etc., couldn't a separate unique port be forwarded to a single computer in the presence of UPnP? I'm thinking that those X Boxes and so forth already have reserved ports on that IANA well-known port list, or be using dynamic ports higher than 49151 (which is the last port number on that list). Might have to tcpdump -i {interface name} host {Xbox/PS's "192.168" IPA} | awk '{print $3 $5}' | sort | uniq for a little while and see what port ranges those X-boxes and Play Stations are actually using.

Or you're saying that when you try to UPnP with port forwarding, that hoses everything up in the router? I always kinda thought that the issue was trying to port forward iChat ports then turn on UPnP then iChat went "tango uniform," not the router, and that that wasn't an issue with port forwarding a non-iChat port to peacefully coexist with UPnP. But I just don't know. All I can say is that hopefully, blufishjd's home network is way less complex than yours is!

I will have to remark WRT bluefishjd, now that I have reread this thread, that it wasn't clear to me whether he had a second ibook on his WLAN to view the webcam locally or not. I would be concerned that if he is just viewing from the evocam application, or is viewing via Safari specifying localhost or 127.0.0.1 as the target URL, that that is not a good test to see whether he does indeed have the evocam webserver part set up correctly, or, more importantly, the hosting computer's sharing preferences set up correctly. I don't really know what happens if you try to view a webserver by connecting to 192.168.x.x (or 10.x.x.x), when that webserver is on the same computer with that 192.168.x.x address (or 10.x.x.x) coz' I don't run a webserver per se, not on a computer anyways. I know that I can't connect via afp or vnc to myself.

My two netcams have the webserver in them themselves. Don't need an evocam. Would have been nice, though, coz' Evocam did provide enhanced capabilities that the netcams otherwise require Windoze ActiveX to set up, but evocam doesn't work with my model number of camera. Works with some TrendNets, but not mine.

I could port forward three ports, one to my ssh/vnc/afp/imap/smtp server, and one each to the cameras. I have done that, but I prefer to just port forward using ssh only to the ssh server computer and tunnel afp, vnc, smtp, and imap to the proper ports on the ssh server's localhost interface, and in the ssh portforward switch commands for the netcams, I deliver them to their "computer name" (that new router of mine has a rudimentary DNS of its own for locally connected stuff). That way, it's only me who has access to the imagery from the outside world.

As a little test for you, why not try to ssh into one of your computers with only UPnP enabled (and remote login on the computer itself, of course) and see if you can login to it from the outside? Are you familiar, at least a little bit, with ssh command line in Terminal.app? Then, if you cannot login via UPnP in the router alone, then try port forwarding ssh (port 22) to that same computer, again with remote login enabled on it, of course, while leaving UPnP enabled. You wouldn't be simultaneously trying to reserve iChat ports via UPnP and port forwarding that way. Then see if you can log in via ssh from the outside, then see if you can do an iChat session with one of your buds. I would find it very interesting to hear about whether that worked for you or not. I can't try it myself, coz' like I said, I never have had to ever deal with that issue in the first place.

So with all that, I think I have just about filled up one of Apple's servers' hard drives....and I'm hijacking the thread, too! Sorry, Apple!

Hi j.v.,

I don't consider it to be a threadjack as such.

The Thread still might be in the "wrong" forum according to the scheme of things but the questions is being answered and I consider my bit a look at the wider issue of what we understand by networking and getting different applications to coincide with the way we want to work.

This Emulator for a Netgear DG834G is what I had before my current modem. The difference is that mine had Port Forwarding and port Triggering as options in the menu as well ( This POrtForward.com Pic shows "Content Filtering" instead)
I presume different models have slightly different Firmware.

As with most domestic routing devices it has to have those ports above the 1024 threshold open anyway by one method or another.
I have found in porting here and getting responses as well as my own experience that port opening or allowing has to be done on the whole.
Having said that Port Forwarding (or Triggering and DMZ) has the routing device as Controller and UPnP allows the apps to specify which ports are opened.
This seems inherently to cause a conflict if you port Forward and do UPnP at the same time.
I presume some Commercial/enterprize devices may allow all ports to be open by default and rely on you closing ports for "Security" and may be different in that sense.

The main reasons for going UPnP is also two-fold.
1) in iChat 4 the Screen Sharing port is undeclared by Apple and seems to be totally Random when checking with Little Snitch.
2) Port Forwarding tables are often limited to the number of settings you can enter (+ not all allow you to enter groups as groups but require one by one entry - leading to 31 entries just for iChat 3)

From the Port Forward info on Ports
X-Box games
Xbox Live 360 requires you to forward the 88,3074 ports.
Rainbow Six 3 Raven Shield requires you to forward the 7777-7787,8777-8787 ports.
Medal of Honor Rising Sun requires you to forward the 443,3658,3659,6000,6001,13505 ports.
Soldier Of Fortune 2 Double Helix requires you to forward the 20100-20112 ports.
Of course there could be dynamic ports not listed and this also is not the complete set of games my son or daughter would be playing

My wife, son and daughter tend to use MSN rather than AIM
MSN Messenger requires you to forward the 1863,5190,6891-6900,6901 ports. (Notice the same use of Port 5190 which could not then be forwarded to 6 of the computers)

I suppose if I were to try this I could use a port below the 1024 threshold and see if UPnP effected ports that low.

This Sagem Fast 2504 is my current device (routing wireless Modem).
It also has UPnP but only Port Forwarding as an alternative.

Currently I would admit to not knowing the finer details of UPnP or in fact greater networking skills.
I answer questions based on what I know works and is the simplest method to get someone working with iChat.

I am always will to learn more.



10:59 AM Saturday; February 14, 2009

Good morning Ralph (well, I guess good afternoon for you...I'm UTC-7).

Your situation is certainly more complex than anything I would ever have to deal with. All I have is 2-3 computers, only one of which has a single high-numbered port forwarded to internal WLAN port 22 on my old Quicksilver "everything server" and all services I provide to Quicksilver and the two TrendNet netcams are tunneled inside an ssh connection to Quicksilver. And apparently my DSL modem/router/WAP is a lot friendlier than yours is, seemingly not having to deal with specifically opening ports for iChat, XBox, PS2, or worry about UPnP or UPnP peacefully coexisting with port forwarding, etc. Your situation, unfortunately, is rapidly getting out of my league -- in fact, it has already gone.

If you haven't already tried something similar, though, I think I would still try doing a ssh login from the outside using UPnP only, and if no workie, try doing a ssh login with both UPnP and a single TCP port forward on port 22 (or some non-standard numbered port -- I thought I saw in that Sagem 2504 modem the ability to cross-strap external port numbers to a different numbered internal port when forwarding -- but I'm too lazy to go back and check) then see if you could ssh, and if so, see whether iChat and a few of those PS2 and XBox apps still played nicely together in a UPnP environment with your port forwarded ssh. Or try similar with afp file sharing on 548 or with /System/Library/CoreServices/Screen Sharing.app on 5900. Short of that, maybe it's time for you to post a cross link to your posts here over in the Leopard networking forum where, as you know, you will find folks more focused on solving networking problems. You certainly put forth a valid issue and it would be nice if someone knew of a solution to put out into the public domain.

Nevertheless, I do hope to hear back from bluefishjd with a success report, because it didn't sound like his home WLAN was as nasty and treacherous as yours! His sounded easy and simple like mine. If he got that working, then we could work on getting him to tunnel his external traffic to the evocam webserver through ssh to encrypt his webcam traffic and better protect his home network from trawlers, too.

Hi,

I have asked the Nots via Report this Post on the original post to have it moved to Networking as both you and I have suggested.



8:01 PM Saturday; February 14, 2009

Hope bluefishjd subscribed to the thread so he can find it again!

Also hope there is still adequate activity in this Panther thread (by Tiger and Leopard networking gurus) to address our ongoing query.

I see the hosts were paying more attention than I was.

The Original Poster says he is at 10.3.x

I suggested (Asked) for it should go here

Thanks Hosts for Spotting that.

My understanding is the Original Poster gets an email about the move in case they did actively choose not to be Subscribed.

Looking at the next thread in the forum it has recent answers by at least 2 other Level 4 posters and the dates of other post do seem somewhat recent if not actually "day old" current



10:40 AM Sunday; February 15, 2009