If you missed the prior installment of this project, click here to read about the flash memory upgrade.
This tutorial explains how to configure the Linksys WRT54G router and Mobotix D24M network camera for Internet access in both secure (SSL/https) and non-secure modes (http). This configuration enables secure web browser access to the camera from anywhere in the world while protecting against eavesdropping and password sniffing.
The network configuration with the key IP addresses, TCP/UDP ports, camera URLs and Dynamic DNS (DDNS) host name is given in this diagram:
Refer to the above network diagram to better follow these configuration steps. You should pencil-in your specific network values (if different) to configure your Mobotix camera.
Port forwarding is how the Linksys router associates the camera’s IP address with requests from the Internet. For example, suppose the Linksys router’s public IP address is 22.214.171.124 and you have Port Forwarding configured to map port 5001 to camera’s LAN private IP at 192.168.2.251. The web browser Internet request will be handled as follows:
- Internet user enters http://126.96.36.199:5001 in the web browser.
The Internet user must already know the home network is at 188.8.131.52 and the camera is at port 5001.
- The Linksys router receives the Internet URL and sees port 5001 is requested.
- The Linksys router looks in the Port Forwarding table and finds that port 5001 is mapped to the camera’s private LAN IP address at 192.168.2.251.
- The Linksys router rewrites (NATs) the IP address in the URL and forwards the URL to the camera as so:
Internet User: http://184.108.40.206:5001 → Linksys: http://192.168.2.251:5001 → Mobotix Camera
Dynamic DNS (DDNS)
The challenge is knowing the public IP address of the Linksys router on the home network. A business class user may be given a static IP address that doesn’t change. You can then bookmark the URL for next time.
If you’re a residential- or small business DSL / cable modem subscriber, your Internet Service Provider (ISP) most likely assigns a dynamic IP address that changes fairly often – my DSL provider changes my IP address at least daily. Keeping up with the constantly changing IP address can be challenge, hence Dynamic DNS services that automate this process.
I use DynDNS.com – surf over to their web site and sign up for free to get your own DDNS domain name for your home network.
Once you’ve got your DynDNS account, log into the Linksys router admin page and do the following:
- Click Setup → DDNS
- Select your DDNS Service, e.g. DynDNS.org
- Enter your User Name, Password and Host Name.
- Click Save Settings.
The router will verify DDNS is working properly and update the Status with “DDNS is updated successfully”. In this example screen, Internet requests to myhost.homedns.org will be directed to your home network IP address at 220.127.116.11.
Configure Port Forwarding
The camera’s static LAN IP address was assigned during the Quick Installation process. You’ll also need to decide which ports will be forwarded to the camera. You’ll want to choose an unused port for non-secure http access and in this example I reuse the standard https port 443. The port only has to be “unused” on your network.
Here I’ve mapped port 5001 for http and port 443 for https camera access. I could just as easily have mapped port 5002 for https instead of port 443 if I had other secure access devices on my network to avoid conflicts. Just be sure to update your version of the network diagram shown at the beginning of this article with your actual values to organize your work.
To configure port forwarding, log in to the router as “admin” and:
- Go to Applications & Gaming → Port Range Forward
- Enter the Application Name, Start/End Port, IP Address and check Enable.
- Click Save Settings.
If you’ve been following this project series, the http / 5001 was already created during the Quick Installation process and you only need to enter the https / 443 information.
Close and exit the Linksys router configuration web browser session.
Mobotix D24M Web Browser Configuration
Secure internet access is disabled by default on the Mobotix D24M camera. To enable it and configure the ports,
- Log in as ‘admin’ to the Mobotix camera.
- Click Admin Menu → Web Browser.
Enter the following in the Web Server dialog:
- 5001 (or your own value) for the web server port and verify Enable HTTP is checked. See the green box in the screen grab below.
- Under HTTPS Settings (see the red box):
– Check Enable HTTPS
– Leave the SSL/TLS port for HTTPS blank for the default port 443 or type in 443 if you like to be extra clear. If you choose to use something other than port 443, say for instance, port 5002, then enter it here.
- Click Set and Close.
The network configuration summary and reboot dialog is displayed. Be absolutely certain to print or write down the Web Server and Ethernet settings!
- Click the Reboot Now button.
The camera is accessible via the following URLs as illustrated in the network diagram:
Notice that you must always specify port 5001 in the URL when accessing the camera in non-secure mode, for example:
- LAN access: http://192.168.2.251:5001
- Internet access: http://myhost.homedns.org:5001
Likewise, if you decided to use something other than default https port 443 for secure access, say port 5002, the URLs would be:
- LAN access: https://192.168.2.251:5002
- Internet access: https://myhost.homedns.org:5002
Secure https Access Test
Open a new web browser session and enter https://192.168.2.251 (or your URL if different) to test secure web access to the Mobotix camera. Also test Internet access, e.g. https://myhost.homedns.org.
The web browser will issue a certificate warning error – this is normal for a private security certificate. IE8 will continue to nag you about the certificate error, where FireFox will save the certificate and stop complaining.
Click Continue to this website.
IE8 paints the address bar red because of the untrusted private security certificate. This is normal for IE8.
I describe how to configure the ActiveX control in Microsoft Internet Explorer 8 (IE8) in the next installment of this project.
Copyright © 2017 HandymanHowTo.com Reproduction strictly prohibited.