Router Configuration for Home Security:

apprehensiveheehawΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

91 εμφανίσεις

Router Configuration for Home Security:

Forward your Ports


Presenter: Steve Harris

SCTE Director Advanced Network
Technologies Program Development


© 2011 by the SCTE

2

Router Configuration for Home Security

LINK

Agenda


Describe the relationship of TCP/IP and TCP
and UDP ports


Explain the role and function of a NAT enabled
GWR in the customer premises network


Demonstrate the configuration of an IP
surveillance camera and port forwarding



© 2011 by the SCTE

3

Router Configuration for Home Security

Introduction

21

23

80

Why?

HDTV / 3DTV

STB /

DVR / PVR

eMTA

Wireless

GWR

Printer

Cordless

Analog Phone

Desktop

PC

Smartphone

Laptop

Fax



Internet

remote devices

LAN IP
192.168.1.x/24

WAN IP

98.225.216.185

© 2011 by the SCTE

5

Router Configuration for Home Security

What is TCP/IP?


© 2011 by the SCTE

Router Configuration for Home Security

6

TCP/IP


Ubiquitous
Communication
Protocol


Suite of protocols
(65,535)


Client / Server
model



Internet


Cable

Operator

© 2011 by the SCTE

7

Router Configuration for Home Security

TCP/IP


Internet devices have at least one IP address


e.g., 192.168.1.120


TCP/IP defined 2
16

ports (65,535) per IP
address


Devices send data using port number from
source to destination

© 2011 by the SCTE

8

Router Configuration for Home Security

What is a port (socket)?


TCP/IP uses an abstract destination point called a
protocol port.


Ports are identified by a positive integer value, e.g. 80.


Operating Systems provide some mechanism that
processes use to specify a port.


53

443

DNS port

SSL port

TCP/IP

80

HTTP port

GWR

CM/eMTA

© 2011 by the SCTE

9

Router Configuration for Home Security

Port Numbers

Well
-
known ports 0


1023

HTTP, FTP, SSL, Telnet, SSH, DNS, etc…

Dynamically or Private Ports

49,152 to 65535

http://www.iana.org/assignments/port
-
numbers



Registered ports or

vendor
-
specific applications


1024 to 49,151

0 = no port has
been allocated

© 2011 by the SCTE

10

Router Configuration for Home Security

Port Names

DNS = 53

HTTP = 80

© 2011 by the SCTE

11

Router Configuration for Home Security

What is the OSI model?


© 2011 by the SCTE

Router Configuration for Home Security

12

Network Model

RF

DOCSIS

/ PacketCable


IPv4/6

TCP

UDP

Layers

ICMP




DATA



Port Numbers

Protocol Numbers

© 2011 by the SCTE

13

Router Configuration for Home Security

User Datagram Protocol


Connectionless


Unreliable


Datagram
Delivery


Video traffic



Source Port

Destination Port

Length

Checksum

Data

© 2011 by the SCTE

14

Router Configuration for Home Security

Transmission Control Protocol


Connection
-
oriented


Reliable


Full
-
duplex


Byte
-
Stream


Voice & data
traffic



Destination Port

TCP Options
(if any)

Data

Source Port

Sequence Number

Acknowledgement Number

offset

Reser.

TCP Flags

Window

Checksum

Urgent Pointer

© 2011 by the SCTE

15

Router Configuration for Home Security

UDP

TCP

Common Ports

80

80

22

22

Internet

F
T
P

H
T
T
P

T
e
l
n
e
t

S
S
H

S
M
T
P

D
N
S

S
N
M
P

H
T
T
P
S

21

80

23

22

25

53

161

443

Application

Layer

Transport

Layer

© 2011 by the SCTE

16

Router Configuration for Home Security

http://www.iana.org/assignments/port
-
numbers



N
E
T
B
I
O
S

137
-

139

Network Address Translation

Port Address Translation

21

23

80

What is NAT & PAT?


© 2011 by the SCTE

Router Configuration for Home Security

18

NAT

© 2011 by the SCTE

Router Configuration for Home Security

19

192.168.1.123

iPad2

192.168.1.124

192.168.1.1

192.168.1.125

Inside

Outside

192.168.1.123

68.10.0.171
#29225



Internet

Inside Local IP
Address

192.168.1.123

192.168.1.124

192.168.1.125

Inside Global IP
Address

68.10.0.171#29225

68.10.0.171#29226

68.10.0.171#29227

scte.org

private side

public

Remote PC


CM

NAT

© 2011 by the SCTE

20

Router Configuration for Home Security

Example

21

23

80

Connect Surveillance Camera

© 2011 by the SCTE

Router Configuration for Home Security

22

GWR

eMTA

LAN IP
192.168.1.x/24

1.120

1.121

1.1

Connect Surveillance Camera

© 2011 by the SCTE

Router Configuration for Home Security

23

GWR

eMTA

LAN IP
192.168.1.x/24

1.121

1.1

http://192.168.1.120

Wireless Setup Page

DHCP Client Table

© 2011 by the SCTE

Router Configuration for Home Security

24

Wireless Setup

XXXXXXX

© 2011 by the SCTE

25

Router Configuration for Home Security

Surveillance Camera is Wireless

© 2011 by the SCTE

Router Configuration for Home Security

26

GWR

eMTA

LAN IP
192.168.1.x/24

1.121

1.1

http://192.168.1.120

Wireless Setup Page

DHCP or Static?

© 2011 by the SCTE

Router Configuration for Home Security

27

GWR Config

© 2011 by the SCTE

Router Configuration for Home Security

28

GWR

eMTA

LAN IP
192.168.1.x/24

1.121

1.1

http://192.168.1.1

GWR Config

Port Forwarding

© 2011 by the SCTE

29

Router Configuration for Home Security

Port Range Forwarding

© 2011 by the SCTE

30

Router Configuration for Home Security

Port Triggering

Port triggering

is a configuration option on a
GWR with NAT to allows a host to dynamically
and automatically forward a specific port back
to itself.

© 2011 by the SCTE

31

Router Configuration for Home Security

What the inside global IP
(outside)?

© 2011 by the SCTE

Router Configuration for Home Security

32

http://www.ipchicken.com

HDTV / 3DTV

STB / DVR / PVR

eMTA

Broadband Connection

Wireless

GWR

Printer

Cordless

Analog Phone

Desktop

PC

Smartphone

Laptop

Fax

Let’s test

it!

SMC

© 2011 by the SCTE

Router Configuration for Home Security

34

10.1.10.2 to 10.1.10.9 are static local inside IP address

TCP / UDP

Port 10

NETGEAR

© 2011 by the SCTE

Router Configuration for Home Security

35

You try

© 2011 by the SCTE

Router Configuration for Home Security

36



Internet

192.168.1.1

98.24.56.15

Camera 1

8085

1024

140

.140

.141

.142

Camera 2

8086

1025

141

Camera 3

8087

1026

142

http://98.24.56.15:8085

http://98.24.56.15:8086

http://98.24.56.15:8087

Summary


Described the relationship of TCP/IP and TCP
and UDP ports


Explained the role and function of a NAT
enabled GWR in the customer premises
network


Demonstrated the configuration of an IP
surveillance camera and port forwarding



© 2011 by the SCTE

37

Router Configuration for Home Security