Many of us have no idea what port forwarding is and why we need it. Port forwarding is the process of redirecting a communication request from one address.
And port number combination to another while it travels across a network or between networks.
When configuring your router, take care of two things: NAT Type and NAT Mapping — make sure these options are enabled. You may also want to check off some other options, but your camera is not required to be accessible over a network.
But what if I told you that there are alternative to port forwarding IP camera that works even without these options?
What is port forwarding?
Port forwarding or port mapping is a station task that allows external access to services on a specific machine (the “forwarding host”) from remote hosts (the “remote users”).
Its purpose is to allow Internet-based applications running on the internal network to act as if they are running directly on the Internet.
It also enables ports at the internal end, typically blocked by a firewall or router policy. The forwarded port can make an internal network resource available for use through the firewall, appearing as if it were accessible via an external link when in reality, it’s not.
This configuration of routers and firewalls allows internal machines to participate in email transactions with the outside world, participate in FTP sessions, and generally use Internet services.
How to set up port forwarding?
The router needs to know where to forward a specific port. It can be done by static mapping or dynamic mapping:
Saving these values in your router is called setting up “port forwarding”. You need to check with your ISP/WLAN provider if they support UPnP (i.e., automatic setting of port forwarding) or if you have to configure it yourself.
For security reasons, it is highly recommended not to enable this feature unless you need it!
Attackers can easily map your external ports and access your internal network. UPnP is supported by most modern routers (with support back to at least the Linksys WRT54G).
Main ways to connect IP camera
IP camera for android is top-rated for their powerful features enabling remote monitoring.
There are three main ways to connect an IP camera to your computer:
- 1. Connect the wifi CCTV camera to your router, then access it via browser from any computer connected to that network.
- 2. Access the video stream over the Internet using port forwarding.
- 3. VPN technology.
The first method is simple, but it only works if the computer you monitor is connected to the local router. It also only works when you are in the range of that router.
The second method is popular because it allows access to your camera from anywhere in the world.
The two downsides are that it usually requires port forwarding rules to be set up on your router, which can be a hassle, and you need to find a public Internet address for your camera.
The third method is a much easier way but may not be available with all cameras.
Some IP cameras come with a built-in UPnP or NAT-PMP router, so you don’t need any port forwarding configuration on the router. These cameras have a public Internet address, and this is an excellent way to connect your camera if it does not support VPN technology.
To connect your IP camera to a computer using VPN technology, you need a third-party client to connect to the camera and create an encrypted tunnel via the Internet.
This client should have both server and client parts installed on it. When you want to access your camera from another location, just launch the client software as if it was any other program, and there should be a list of available cameras.
Just pick one from the list, and all traffic is routed through the encrypted tunnel. If you can’t find your camera in this list, try installing drivers for it before trying again (most likely either an old or non-standard type).
Here is a short comparison of two popular free programs:
Hoxx VPN works with both HTTP and RTSP video streams, and it is much easier to set up than the OpenVPN solution.
OpenVPN is universal but does not support RTSP streaming natively, so you need to use the Hoxx provider’s profile for that, which gives you only basic options.
There are other VPN providers aside from these two; many of them are paid services. Remember that this technology was designed for privacy, not security.
So your traffic will be encrypted, but there are no authentication or authorization mechanisms built into the system.
Do not depend solely on this approach for good reasons! It only makes sense if you already have some sort of physical access control in place, e.g. you are using this IP camera for home security, and your computer is locked with a password.
This setup will only protect your camera feed from being intercepted by unauthorized parties.
IP camera behind a router
When running an IP camera behind a router, A common problem is port forwarding. The camera’s server often uses dynamic ports, so it can be tricky for people to open them in the router.
I’ll present some alternatives here that are less hassle to set up and use. If your router doesn’t support any of these solutions or work for you, port forwarding is your only choice.
Use the following camera as an example:
- 1. UPnP [universal plug and play] [supported by most routers]
It is a popular solution that is to forward ports on routers that support UPnP.
- – In the camera, enable UPnP port mappings.
- – In your router, enable UPnP and port mapping.
Setting this up is a little trickier with routers that have UPnP disabled by default.
You’ve got to enable it in the settings [it’s often under advanced] and then find an option somewhere
To allow unsolicited requests from the Internet [usually under network or firewall settings].
UPnP has been criticized for security holes, so some people choose not to use it. In practice, it seems okay, but your mileage may vary.
- 2. DD-WRT Advanced Port Forwarding block rules [supported by some models of DD-WRT]
DD-WRT is a firmware replacement you can run on certain routers that give them extra features which aren’t ordinarily available. Advance port forward is one of them.
Here’s an example of some rules I used on my network:
- 3. Something else [not supported]
If none of these options works for you, port forwarding is probably your only option, unfortunately.
- – Log into your router and find an option to open ports on incoming requests.
- – This will be under WAN settings for most routers if you’re DHCP but maybe elsewhere depending on your router
- – Open the ports that your camera uses for its services to the public Internet
If the port numbers aren’t apparent from the product documentation, you can usually find them in a configuration file on your laptop/computer.
If you watch CCTV camera, it has a server running, and you can access them using any browser.
It is a valuable option for understanding what port each service used and how they were configured.
Alternative to port forwarding IP camera:
There are several ways of Port Forwarding:
1) Using Port Triggering:
Port Trigger allows protocol and applications on router and firewall through one specific port. It works almost the same as port forwarding, but you don’t need to configure it manually.
You just set up a range of port numbers for triggering, and the router will open only these ports for this application when TCP or UDP traffic hits within the specified difference. However, this feature also has limitations, such as not all devices/systems support it, so it is better to use it on particular devices.
2) Using UPnP (Universal Plug ‘n’ Play):
Most routers support Universal Plug ‘n’ Play (UPnP). If your router supports UPnP, enable it and ensure that the automatic port forwarding option is enabled.
Once the router setup is done, all you need to do is open an application requiring port forwarding on any system/device with an internet connection. They will automatically get redirected without requiring manual configuration.
3) Ask ISP for Static IP Address:
Most ISPs provide dynamic IP addresses, but it can be possible that they allow users to have static IP addresses by paying extra, so this option could also be implemented if the ISP allows or makes an exception for you.
Another benefit of using this approach is that you will have an easy-to-remember address anywhere.
4) Using DDNS (Dynamic Domain Name System):
What if your ISP doesn’t provide static IP addresses or any other method does not work for you? Then the only option left with you is to use the service provider.
Free service on Computer
These services allow users to run their free service on their computer/domain name, so there are two main parts involved here:
Any unique domain name that the user wants to host it on is typically something like rahulcrackertips[dot]com, but any format will work as long as it’s the valid domain name available for registration on DNS providers’ websites, e.g. a low-cost option is wwwizer[dot]com.
It is a helpful solution for those users who have two internet connections from different internet service providers at their home or office premises. Instead of forwarding a specific port to a particular device/application, they want to forward all traffic from one connection to another.
In this case, both the ISP’s will provide a public IP address to your router but connect them with the help of routing.
Then you can send all outbound traffic from one ISP through another without any configuration changes on your router and the servers using that network path.
The only thing required here is a static route configured on either end between routers before interconnection, knowing where to forward traffic.
Forwarding Particular Port for Specific Device/Application:
If you want to forward a specific port when traffic comes, only that application will be able to use this port which means all other devices/applications will not access the internet in the same network path.
So make sure to enable it only for required applications and turn it off when not needed. This method is also recommended in place of Universal Plug ‘n’ Play (UPnP) if your router doesn’t support UPnP or if you don’t want users on the LAN side able to get a list of all open ports on your system by just doing one local scan from their machine.
Using Ad-blocking DNS Server:
Instead of using a third-party service to set up port forwarding, you can also use an ad-blocking DNS server available for free.
For this, create an account on the OpenDNS website to get their IP address and enter it in your router settings.
It will block all ads, but consider using browser extensions like AdBlock Plus for Firefox or Chrome that block ads and malware URLs if you want more control over what content you wish to block.
Use Port Aggregation:
This method is similar to Universal Plug ‘n’ Play (UPnP), except the difference is that multiple devices are configured on the same port range instead of a single device.
So when traffic comes, the router makes sure it gets forwarded to another system/device configured on that same port range. This method is used along with all other methods mentioned above for better usability.
Set up Port Forwarding Automatically:
Some online applications can automatically set up port forwarding by checking your IP address and then setting it accordingly.
The best example of this application is Dynamic Port Forwarder (DPF), but there are other services like which not only set up port forwarding rules but also does the reverse when needed,
So another benefit of using this tool is that you don’t need to manually flush your router’s current configuration if something goes wrong or a rule is misused. So after installation, just enters server IP, required port(s), start/stop button, and you are done.
Disable Firewall Protection:
If you can’t afford to assign a public IP address from an ISP, which is impossible in many cases, turning off firewall protection from your router is another option.
But it’s riskier than forwarding public IP on the local side because by disabling firewall protection, you will allow all applications access to the Internet so other users on your network can also use the modem’s internet connection.
It may lead to data theft by doing man-in-the-middle attacks or bandwidth usage charges which you will have to pay for extra usage under fair usage policy (FUP).
So this approach should only be used if port forwarding of the router doesn’t work correctly or if the user has a VPN service that lets them connect back at home when on the move.
Reset Router to Factory Settings:
If everything else fails, the last option is to reset the router back to its factory settings by pressing a button or inputting a specific command in the console but be mindful when you do this.
You will lose all current configurations, so make sure to save them if something goes wrong during setup.
Always try changing IP addresses in the same network scope before resorting to this approach, thus avoiding IP conflicts with other devices on the LAN side of your network path.
Turn off Windows Firewall/Antivirus Firewall:
Sometimes port forwarding may not work because firewall applications are blocking specific ports which are required for proper connectivity;
Some even automatically get protection updates from the Windows Update service without any notification or warning, which can block specific ports and cause problems connecting to required services and websites.
So it’s always a good idea to turn off these firewalls for testing purposes. If you still face issues, try turning on specific applications firewalls temporarily, restarting them, and then try forwarding the port again after that period.
Remove Antivirus Software:
If your antivirus software goes haywire, it may block certain types of traffic like UDP, ICMP, etc., resulting in specific protocols like FTP not working with IP surveillance cameras even when everything else is properly configured.
Some antivirus comes with their own set of rules that aren’t compatible most of the time with proper system operation, thus making sure your security application isn’t causing any problem after installing it.
If you have more than one antivirus installed on your system, try removing one at a time and check which one is causing the issue by testing them separately.
Change MTU Settings:
At last, if all the other things fizzle, change your Maximum Transmit Unit (MTU) settings from default to something higher like 1400 to ensure they won’t create any issues with IP bundle fracture.