2012-02-20 MV: SCENARIO:
You have several IP cameras operating in (say) your home LAN, and you wish to have all of them accessible outside your router on the public Internet, and with something like your own “vanity URL”.

Example: You want to be able to browse to Camera01 at http://purplezone.dyndns.ws:8021  
                                                                                 and Camera02 at http://purplezone.dyndns.ws:8022  

In this how-to posting we’ll cover just how to do that.

Materials Needed:
- 2 IP cameras (doesn’t really matter what kind, I used 2 different models from Vivotek; then did it again with DLink cameras);
- an account with a DDNS provider service (expect approx $20/yr for a semi-vanity URL);
- a typical home router, I used Linksys WRTP54G, and repeated it all with a WRT54U;

Theory/Key Conceptual Hurdles:
1. All devices (cameras) inside your LAN will be “seen” as coming from your router’s external (“WAN”) IP address;
2. There will be NO additional proxying or DNS resolution of the internal IP addresses of these cameras;
3. The cameras will each be differentiated ONLY by the port# they are each operating on;
4. These port#’s will end up being a part of the external URL for each camera;
5. The internal (“LAN”) IP addresses of each camera will be set as static;
6. Routers by their very nature have TWO (2) IP addresses – 1 external (“WAN”) and 1 internal (“LAN”); this is how they act like the “bridges” they are, connecting your LAN to the big WAN which is the Internet;
7. Your ISP almost certainly provides a dynamic external (WAN) IP address to your router;
8. Because this IP address can CHANGE, any attempts you make with (say) your favorite Domain Registrar (mine is GoDaddy) to related a domain you’ve registered (say VOGTLAND.WS) to this numeric IP address (e.g. 173.17.254.175) will FAIL, because one day – even several times a day – your ISP can & will CHANGE this IP address right out from under you;
9. DDNS service providers (2 near-monopolies are DynDNS.com and TZO.com)  provide a valuable service by doing 2 things:
     1. They actual participate IN the overall DNS – “Domain Name Service” for key domains (e.g. DYNDNS.WS) they own on the internet, and swiftly updating any changes to any hostname-to-IP records called “A-records”, AND
      2. They accept automated requests to update the A-records they “own” from little software agents called “DDNS clients” buried in nearly every device in your LAN – including your router and your IP cameras;
10. A DDNS client monitors for a change in a hostname’s IP address; when/if the IP address changes, the DDNS client has all the details (e.g. URL, username, password, hostname, new IP address) to auto-connect to the DDNS service provider, log-in, and actually edit the associated A-record for that hostname. The DDNS service then propagates this change across all the DNS servers in its farm, and since that farm IS the “official” owner of those domains in the entire DNS service - meaning every OTHER DNS server relays a request for resolving those domains to THIS farm – no additional propagation is required. �
11. Since in this scenario the IP addresses of each IP camera in the LAN are both internal (LAN) and static, the DDNS client in each camera does NOT need to be configured at all;
12. Since the router is the only device with an external (WAN) IP address which can change, its DDNS client is the ONLY one which need configuring, meaning the “hostname” required during the DDNS client setup represents the ROUTER’s name itself, even if you have to make one up on-the-fly for the first time;
13. DDNS service providers typically charge $20/yr for their service, but they allow you to set up around 30 hostname records which can all be different hostnames (e.g. routers) on any of multiple domains they own. That is, from a single DDNS service provider account you could configure up to 30 routers for 30 home networks for 30 brothers & sisters. I currently have only 2 records in my account - 1 for my brother’s home network in MinneapolisLand, and 1 for my own home network in ChicagoLand. Both of these records use the same DynDNS domain “dyndns.ws”, but it was NOT required. It could just has easily been 2 different domains DynDNS owns, like “dyndns.ws” and “dyn-homeip.org”. DynDNS doesn’t care which of their domains you piggyback off of by adding your own router’s hostname as an A-record to their domain.
14. In fact, for MORE moolah you can update your OWN domain, but since these domains are with a different domain registrar, there is NO guarantee of how long  changes to those records will take to propagate (seconds, minutes, hours or even DAYS), so that’s the value proposition DDNS service providers offer – they can GUARANTEE your hostname records will update in as little as 60 seconds…
15. The router enables the IP cameras’ individual video streams to be accessible through it (the router) via “Port Forwarding”. The very name itself implies that the streams are differentiated by the PORT# each camera operates on – NOT the internal (LAN) IP address of each camera;

This may seem like a lot of conceptual points to grasp, but I’m hoping it clears up a lot of confusion that I suspect many have been experiencing.

So here’s how it all works:
- A camera generates a video stream on (say) port 8001, using HTTP (note how I don’t mention the internal IP address because it doesn’t matter what it is, so long as it has one and it’s static – you don’t need ANOTHER changing IP in this equation);
- The router has a Port Forward rule permitting HTTP (you can use TCP) traffic on port 8001;
- As soon as this camera is running and this router rule is active, you CAN see the video stream from the public internet; you’ll simlpy be accessing it via the external (WAN) IP of the router AND the port# of the stream;
- You get to access this video stream via a “vanity” URL by leveraging your DDSN service provider account; that’s where you create a “hostname record” which maps or “resolves” the vanity domain back to the (invariably-changing) external (WAN) IP address of your router.

Real-World Example:�
CONFIGURE Home-base LAN with ip addresses 192.168.0.xxx through 192.68.0.255  (sound familiar?);
HAVE Router operating with ISP-provided external (WAN) IP 173.17.254.175 and internal (LAN) IP 192.168.0.1;
CONFGURE Router set up with only PART of its range of IP addresses DHCP-generated, meaning the remaining IP addresses can be “statically” set. That is, say DHCP will only cover 192.168.0.100 through 192.168.0.255; this leaves all the other IP addresses from 192.168.0.0 through 192.168.0.99 to be statically assigned to your cameras, your network printers and yes – even your routers themselves. The dynamic IPs can then be assigned to things like laptops & smartphones which don’t actually care about which IP address they get, so long as they get an IP address;
INSTALL Camera Admin Software – IF you have any – onto a computer on your LAN; this will be used to find & configure each camera using the camera’s MAC – permanent hardware-based – address, thereby allowing you to easily set a static IP address for it;
INSTALL Camera01. My own are WiFi cameras, so once on they automatically contact whatever DHCP server serves the LAN (in this case the DHCP server built into the router itself), pick up a dynamic IP address, and happily start operating with their default values;
INSTALL Camera02 on the LAN using the same technique; you now have 2 cameras operating on the LAN, but with dynamic IP addresses you can only get by browsing to the router’s own Admin Panel (http://192.160.0.1 and logging-in) , and then navigating through that Admin Panel to see what’s called the “Current DHCP Client Table”;

You now might have a choice between 2 possible ways to proceed:
1. Use whatever Camera Admin Software to first list and then select and configure a single camera on the LAN; or
2. Browse directly to the individual admin website that each camera runs using its internal LAN IP address;

On my own home installation there was NO Camera Admin Software, so I browsed to the little admin web site on each camera.
On my brother’s home installation there was a Camera Admin Software, so I installed it, launched it, got a list of all cameras on the LAN from it, and then selected each camera and manually configured it;

Let’s say Camera01 is on dynamically-assigned IP address 192.168.0.108
BROWSE to http://192.168.0.108 and
LOG IN to the camera’s admin/control panel.  (your owners manual should have something like a default un/pw of admin/admin for each new camera, and recommend you changing it immediately, which is an excellent idea);
CHANGE the IP address to a static IP address of (say) 192.168.0.21   [best practice - start with a block of IP addresses which are above the routers and printers on the LAN, but which can readily be remembered, like 21-29 for cameras 01 - 09] ;
CHANGE the port the camera streams video out on from the default port of 80 to (best practice) 8021, which matches the IP address you just assigned so it’s all easier (not easy – just easier) to remember; So now Camera 01 is on 192.168.0.21:8021 – not so bad;
SAVE changes on the camera; it will now be happily streaming video on HTTP://192.168.0.21:8021, and you can browse to this URL from your home LAN (NOT the public internet) and immediately start seeing video.

Go try it.

REPEAT for Camera02, but with IP = http://192.168.02.22:8022

BROWSE to the router’s admin panel on (say) http://192.168.0.1 (or whatever it is, mine is http://192.168.15.1 at home and http://192.169.0.01 at my brother’s);
LOG IN
NAVIGATE to the Port Forwarding Section of the admin panel
ADD a Port Forwarding Rule for Camera01 something like this:
- Camera01 | port 8021 – 8021 | 192.168.0.22 | enable
SAVE settings. Your own router may or may not have to reboot (90 seconds) after this;

=> The Camer01 video stream will now be accessible using Port#8021 and your router’s external (WAN) IP address – that is, via http://173.17.254.175:8021    

Go try it.

REPEAT for Camera02, but with Port Forwarding Settings of  “Camera02 | port 8022-8022 | 192.168.0.22 | enable

Go try it.

=> You now have 2 IP cameras externally reachable via a browser on the public internet, but only via the IP address of the router. NEXT you need to get & configure a DDNS service provider account to provide a friendly URL for accessing the 2 cameras, and in particular one whose IP address resolution is automatically updated should the external (WAN) IP address of your router ever be changed by your ISP…

SETTING UP & CONFIGURING A DDNS SERVICE ACCOUNT
BROWSE to http://www.DynDNS.com
CREATE a new account – I chose DynDNS Pro for $19/yr; it gave me something like 30 “hostnames” I could manage.
DETERMINE the external (WAN) IP address of your router. IF you’re working from your home network, simply browse to http://whatismyip.com, and that website will display what your router’s WAN IP. Pretty simple. My brother’s was 173.17.254.175.
CREATE a new hostname for your ROUTER, using one of the domains they provide. This hostname+domain or “fully-qualified-domain-name” (FQDN) will be associated by the DDNS server to the external (WAN) IP address of your router. So, if I picked “PURPLEZONE” for the hostname of my brother’s router, and “DYNDNS.WS” for the domain, then the entire hostname entry I type in looks something like this:
       PURPLEZONE.DYNDNS.WS         173.17.254.175
REMEMBER – all we’ve done so far is create what amounts to an A-record for our host  (router), just like any other domain registrar can do. Next we’ll actually set up the DDNS CLIENT in the ROUTER so that IF the external (WAN) IP address of the router should ever change, the DDNS client in the router will react, contacting the DDNS service provider using credentials we provide it, and merely updating the hostname A-record for “PURPLEZONE.DYNDNS.WS” with the new external (WAN) IP address…

SETTING UP & CONFIGURING THE DDNS CLIENT IN YOUR ROUTER
BROWSE back into the router’s admin panel
NAVIGATE to DDNS
ENABLE DDNS
PROVIDE the details the DDNS client needs to operate:
   DDNS Service = DYNDNS.org (even though it’s actually DYNDNS.com, the 2 domains both resolve to the same location)
   Username = {enter the username you used to create the DDNS service account} The whole idea here is that the DDNS client
                              “impersonates” you, automatically logging-into and updating the host A-record rather than you manually doing it.
   Password = {password you use to log into that DDNS account}
   Hostname = PURPLEZONE.DYNDNS.WS
SAVE settings

Your router’s DDNS service is now configured.

REVIEW:
You now have 2 LAN-based IP cameras, each accessible externally, NOT ONLY via the external (WAN) IP address of the router – together with their own port#s – but ALSO via a friendly URL which is SO smart that should the underlying external (WAN) IP address of the router CHANGE, the relevant DNS server in charge of resolving that domain to an IP address will AUTOMATICALLY update the IP for you…

Camera 01 can be reached on http://173.17.254.175:8021     AND    http://purplezone.dyndns.ws:8021
AND
Camera 02 can be reached on http://173.17.254.175:8022   AND     http://purplezone.dyndns.ws:8022

You now have a pattern, that should you wish to make MORE cameras available, you know exactly what to do.

Hope this was helpful, and that the confusion you may have been experiencing is now gone.

Peace,

-Mark

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>