Rain Fixed LTE NAT Changes

[YourKaptain]

Good day,

I have a client with a Hikvision NVR, using Rain's Fixed LTE as their internet connection to the NVR.

Now they have been able to successfully access their CCTV System via the internet for more than 8 Months, now since earlier this week, they are no longer able to.

I checked and no settings have been changed on their router on NVR relating to the networking.

I then changed the NAT Type to Auto and it opened up the default external port, 8001.

It worked fine for a few minutes, and then it stopped working.

But then, here comes the strange part... When I try to access their NVR from my internet at home ( Rain Mobile) it works, but as soon as I am trying it over Mobile Data (Vodacom, MTN or Cell C - even TelkomSA, doesn't matter) it just doesn't work and refuses to open the NVR's Login Page.

Am I missing/overlooking something, they are using the normal "internet" APN, with UPnP Enabled and NAT Cone Type Enabled.

Should I maybe try adding the NVR as a Virtual Server/DMZ'ing to regain complete external access?

Any help would be highly appreciated!

Thanks.

 

[carstensdj]

Good day,

I have a client with a Hikvision NVR, using Rain's Fixed LTE as their internet connection to the NVR.

Now they have been able to successfully access their CCTV System via the internet for more than 8 Months, now since earlier this week, they are no longer able to.

I checked and no settings have been changed on their router on NVR relating to the networking.

I then changed the NAT Type to Auto and it opened up the default external port, 8001.

It worked fine for a few minutes, and then it stopped working.

But then, here comes the strange part... When I try to access their NVR from my internet at home ( Rain Mobile) it works, but as soon as I am trying it over Mobile Data (Vodacom, MTN or Cell C - even TelkomSA, doesn't matter) it just doesn't work and refuses to open the NVR's Login Page.

Am I missing/overlooking something, they are using the normal "internet" APN, with UPnP Enabled and NAT Cone Type Enabled.

Should I maybe try adding the NVR as a Virtual Server/DMZ'ing to regain complete external access?

Any help would be highly appreciated!

Thanks.

I've had a similar issue with a client of mine accessing their Sentian security system, just yesterday. It appears that Rain blocks incoming ports by default, so even if you have Port Forwards in place on the router, rain will still block that from their side. I've put the client on our VPN service which has resolved that but in your case, i'd suggest contacting Rain and explaining to them what you need and asking them to open those ports on their end for you.

Lastly, I would NOT suggest pointing a DMZ to your client's NVR. It's a massive compromise to your client's privacy and security.
Also, Hikvision's default port is 8000 and not 8001. Just make sure you have that correctly setup, unless you changed the port to 8001?

 

[YourKaptain]

I've had a similar issue with a client of mine accessing their Sentian security system, just yesterday. It appears that Rain blocks incoming ports by default, so even if you have Port Forwards in place on the router, rain will still block that from their side. I've put the client on our VPN service which has resolved that but in your case, i'd suggest contacting Rain and explaining to them what you need and asking them to open those ports on their end for you.

Lastly, I would NOT suggest pointing a DMZ to your client's NVR. It's a massive compromise to your client's privacy and security.
Also, Hikvision's default port is 8000 and not 8001. Just make sure you have that correctly setup, unless you changed the port to 8001?

Hi,

Thanks for the reply.

I will try contacting Rain and explain this to them - hopefully, they will understand.

Thanks for the info regarding DMZ - took note of it.

And yes, Hikvision's Default Port is 8000, I changed it to test yesterday and when it worked I left it there, now it is not working again (I randomize ports for security reasons - I used 4019 prior to changing it to 8001).

 

[carstensdj]

Hi,

Thanks for the reply.

I will try contacting Rain and explain this to them - hopefully, they will understand.

Thanks for the info regarding DMZ - took note of it.

And yes, Hikvision's Default Port is 8000, I changed it to test yesterday and when it worked I left it there, now it is not working again (I randomize ports for security reasons - I used 4019 prior to changing it to 8001).

Pleasure bud, Always glad to help.
Update the thread once you've spoken to them as I'm interested to hear what happens.

Yea regarding the DMZ, you'd be shocked if you saw how many hackers are snooping CCTV ports and how often it's happening. They have scripts that test thousands of ports across multiple Public IP's in a very short amount of time and they just leave these scripts running until they find easy targets.

Very good practice to randomize the ports or atleast use a very random port number as opposed to the default. We also generate a very random 10 character admin password for our clients comprising of numbers, alphabet, symbols etc and then document all that (ports used, passwords etc) in an Excel spreadsheet for all our clients.