Router Configuration for Home Security:
Forward your Ports
Presenter: Steve Harris
SCTE Director Advanced Network
Technologies Program Development
LINK
© 2011 by the SCTE
Router Configuration for Home Security
2
Agenda
• Describe the relationship of TCP/IP and TCP
and UDP ports
• Explain the role and function of a NAT enabled
GWR in the customer premises network
• Demonstrate the configuration of an IP
surveillance camera and port forwarding
© 2011 by the SCTE
Router Configuration for Home Security
3
Introduction
21
23
80
Why?
WAN IP
98.225.216.185
Internet
Laptop
Smartphone
Fax
HDTV / 3DTV
eMTA
STB /
DVR / PVR
Wireless
GWR
remote devices
Printer
Desktop
PC
Cordless
Analog Phone
LAN IP
192.168.1.x/24
© 2011 by the SCTE
Router Configuration for Home Security
5
What is TCP/IP?
© 2011 by the SCTE
Router Configuration for Home Security
6
TCP/IP
• Ubiquitous
Communication
Protocol
• Suite of protocols
(65,535)
• Client / Server
model
© 2011 by the SCTE
Internet
Cable
Operator
Router Configuration for Home Security
7
TCP/IP
• Internet devices have at least one IP address
– e.g., 192.168.1.120
• TCP/IP defined 216 ports (65,535) per IP
address
• Devices send data using port number from
source to destination
© 2011 by the SCTE
Router Configuration for Home Security
8
What is a port (socket)?
• TCP/IP uses an abstract destination point called a
protocol port.
• Ports are identified by a positive integer value, e.g. 80.
• Operating Systems provide some mechanism that
processes use to specify a port.
TCP/IP
© 2011 by the SCTE
53
DNS port
443
SSL port
80
HTTP port
CM/eMTA
GWR
Router Configuration for Home Security
9
Port Numbers
http://www.iana.org/assignments/port-numbers
0 = no port has
been allocated
Well-known ports 0 – 1023
HTTP, FTP, SSL, Telnet, SSH, DNS, etc…
Registered ports or
vendor-specific applications
1024 to 49,151
Dynamically or Private Ports
49,152 to 65535
© 2011 by the SCTE
Router Configuration for Home Security
10
Port Names
DNS = 53
HTTP = 80
© 2011 by the SCTE
Router Configuration for Home Security
11
What is the OSI model?
© 2011 by the SCTE
Router Configuration for Home Security
12
Network Model
Layers
DATA
TCP
UDP
Port Numbers
IPv4/6
ICMP
Protocol Numbers
DOCSIS/ PacketCable™
RF
© 2011 by the SCTE
Router Configuration for Home Security
13
User Datagram Protocol
• Connectionless
• Unreliable
• Datagram
Delivery
• Video traffic
© 2011 by the SCTE
Source Port
Destination Port
Length
Checksum
Data
Router Configuration for Home Security
14
Transmission Control Protocol
• Connectionoriented
• Reliable
• Full-duplex
• Byte-Stream
• Voice & data
traffic
© 2011 by the SCTE
Source Port
Destination Port
Sequence Number
Acknowledgement Number
offset Reser.
TCP Flags
Window
Checksum
Urgent Pointer
TCP Options (if any)
Data
Router Configuration for Home Security
15
Common Ports
http://www.iana.org/assignments/port-numbers
80
22
Application
Layer
Transport
Layer
© 2011 by the SCTE
80
Internet
22
F
T
P
T
e
l
n
e
t
21
23
S
S
H
S
M
T
P
D
N
S
H
T
T
P
22
25
53
80
TCP
N
E
T
B
I
O
S
S
N
M
P
H
T
T
P
S
137139
161
443
UDP
Router Configuration for Home Security
16
Network Address Translation
Port Address Translation
21
23
80
What is NAT & PAT?
© 2011 by the SCTE
Router Configuration for Home Security
18
NAT
public
private side
192.168.1.123
68.10.0.171#29225
192.168.1.125
Remote PC
CM
Internet
192.168.1.1
192.168.1.123
iPad2
192.168.1.124
scte.org
Inside
© 2011 by the SCTE
Inside Local IP
Address
192.168.1.123
192.168.1.124
192.168.1.125
Inside Global IP
Address
68.10.0.171#29225
68.10.0.171#29226
68.10.0.171#29227
Router Configuration for Home Security
Outside
19
NAT
© 2011 by the SCTE
Router Configuration for Home Security
20
Example
21
23
80
Connect Surveillance Camera
LAN IP
192.168.1.x/24
1.120
1.1
eMTA
GWR
1.121
© 2011 by the SCTE
Router Configuration for Home Security
22
Connect Surveillance Camera
http://192.168.1.120
LAN IP
192.168.1.x/24
1.1
eMTA
Wireless Setup Page
GWR
1.121
© 2011 by the SCTE
Router Configuration for Home Security
23
DHCP Client Table
© 2011 by the SCTE
Router Configuration for Home Security
24
Wireless Setup
XXXXXXX
© 2011 by the SCTE
Router Configuration for Home Security
25
Surveillance Camera is Wireless
http://192.168.1.120
LAN IP
192.168.1.x/24
1.1
eMTA
Wireless Setup Page
GWR
1.121
© 2011 by the SCTE
Router Configuration for Home Security
26
DHCP or Static?
© 2011 by the SCTE
Router Configuration for Home Security
27
GWR Config
http://192.168.1.1
1.1
LAN IP
192.168.1.x/24
eMTA
GWR Config
GWR
1.121
© 2011 by the SCTE
Router Configuration for Home Security
28
Port Forwarding
© 2011 by the SCTE
Router Configuration for Home Security
29
Port Range Forwarding
© 2011 by the SCTE
Router Configuration for Home Security
30
Port Triggering
Port triggering is a configuration option on a
GWR with NAT to allows a host to dynamically
and automatically forward a specific port back
to itself.
© 2011 by the SCTE
Router Configuration for Home Security
31
What the inside global IP
(outside)?
http://www.ipchicken.com
© 2011 by the SCTE
Router Configuration for Home Security
32
Let’s test it!
Laptop
Smartphone
Fax
HDTV / 3DTV
eMTA
Broadband Connection
Wireless
GWR
STB / DVR / PVR
Printer
Cordless
Analog Phone
Desktop
PC
SMC
Port 10
TCP / UDP
10.1.10.2 to 10.1.10.9 are static local inside IP address
© 2011 by the SCTE
Router Configuration for Home Security
34
NETGEAR
© 2011 by the SCTE
Router Configuration for Home Security
35
You try
Camera 1
8085
1024
140
Camera 2
8086
1025
141
Camera 3
8087
1026
142
192.168.1.1
98.24.56.15
.140
.141
Internet
http://98.24.56.15:8085
http://98.24.56.15:8086
.142
© 2011 by the SCTE
http://98.24.56.15:8087
Router Configuration for Home Security
36
Summary
• Described the relationship of TCP/IP and TCP
and UDP ports
• Explained the role and function of a NAT
enabled GWR in the customer premises
network
• Demonstrated the configuration of an IP
surveillance camera and port forwarding
© 2011 by the SCTE
Router Configuration for Home Security
37