router configuration for home security: forward your ports presenter: steve harris scte director...
TRANSCRIPT
Router Configuration for Home Security:Forward your Ports
Presenter: Steve HarrisSCTE Director Advanced Network
Technologies Program Development
Router Configuration for Home Security 2© 2011 by the SCTE
LINK
Router Configuration for Home Security 3
Agenda
• Describe the relationship of TCP/IP and TCP and UDP ports
• Explain the role and function of a NAT enabled GWR in the customer premises network
• Demonstrate the configuration of an IP surveillance camera and port forwarding
© 2011 by the SCTE
Introduction
21
23
80
Router Configuration for Home Security 5
Why?
HDTV / 3DTV
STB / DVR / PVR
eMTA
WirelessGWR
Printer
CordlessAnalog PhoneDesktop
PC
Smartphone
Laptop
Fax
Internet Internet
remote devices
LAN IP 192.168.1.x/24
WAN IP98.225.216.185
© 2011 by the SCTE
Router Configuration for Home Security 6
What is TCP/IP?
© 2011 by the SCTE
Router Configuration for Home Security 7
TCP/IP
• Ubiquitous Communication Protocol
• Suite of protocols (65,535)
• Client / Server model
Internet Internet
CableOperator
CableOperator
© 2011 by the SCTE
Router Configuration for Home Security 8
TCP/IP
• Internet devices have at least one IP address– e.g., 192.168.1.120
• TCP/IP defined 216 ports (65,535) per IP address
• Devices send data using port number from source to destination
© 2011 by the SCTE
Router Configuration for Home Security 9
What is a port (socket)?• TCP/IP uses an abstract destination point called a
protocol port.• Ports are identified by a positive integer value, e.g. 80.• Operating Systems provide some mechanism that
processes use to specify a port.
53
443
DNS port
SSL port
TCP/IP80 HTTP port GWR
CM/eMTA
© 2011 by the SCTE
Router Configuration for Home Security 10
Port Numbers
Well-known ports 0 – 1023HTTP, FTP, SSL, Telnet, SSH, DNS, etc…
Dynamically or Private Ports49,152 to 65535
http://www.iana.org/assignments/port-numbers
Registered ports or vendor-specific applications
1024 to 49,151
0 = no port has been allocated
© 2011 by the SCTE
Router Configuration for Home Security 11
Port Names
DNS = 53
HTTP = 80
© 2011 by the SCTE
Router Configuration for Home Security 12
What is the OSI model?
© 2011 by the SCTE
Router Configuration for Home Security 13
Network Model
RF
DOCSIS/ PacketCable™
IPv4/6
TCP UDPLaye
rs
ICMP
DATA
Port Numbers
Protocol Numbers
© 2011 by the SCTE
Router Configuration for Home Security 14
User Datagram Protocol
• Connectionless• Unreliable• Datagram
Delivery• Video traffic
Source Port Destination Port
Length Checksum
Data
© 2011 by the SCTE
Router Configuration for Home Security 15
Transmission Control Protocol
• Connection-oriented
• Reliable• Full-duplex• Byte-Stream• Voice & data
traffic
Destination Port
TCP Options (if any)
Data
Source PortSequence Number
Acknowledgement Numberoffset Reser. TCP Flags Window
Checksum Urgent Pointer
© 2011 by the SCTE
Router Configuration for Home Security 16
UDPTCP
Common Ports
8080
22 22Internet
FTP HTTP
Telnet SSH SM
TP DNS SNMP
HTTPS
21 8023 22 25 53 161 443
Application Layer
Transport Layer
© 2011 by the SCTE
http://www.iana.org/assignments/port-numbers
NETBIOS
137-139
Network Address TranslationPort Address Translation
21
23
80
Router Configuration for Home Security 18
What is NAT & PAT?
© 2011 by the SCTE
NAT
© 2011 by the SCTE Router Configuration for Home Security 19
192.168.1.123iPad2
192.168.1.124
192.168.1.1
192.168.1.125
Inside Outside
192.168.1.123 68.10.0.171#29225
Internet Internet
Inside Local IP Address
192.168.1.123192.168.1.124192.168.1.125
Inside Global IP Address
68.10.0.171#2922568.10.0.171#2922668.10.0.171#29227
scte.org
private side public
Remote PC
CM
Router Configuration for Home Security 20
NAT
© 2011 by the SCTE
Example
21
23
80
Connect Surveillance Camera
© 2011 by the SCTE Router Configuration for Home Security 22
GWR
eMTA
LAN IP 192.168.1.x/24
1.120
1.121
1.1
Connect Surveillance Camera
© 2011 by the SCTE Router Configuration for Home Security 23
GWR
eMTA
LAN IP 192.168.1.x/24
1.121
1.1
http://192.168.1.120
Wireless Setup Page
Router Configuration for Home Security 24
DHCP Client Table
© 2011 by the SCTE
Router Configuration for Home Security 25
Wireless Setup
1.2.
XXXXXXX
3.4.
© 2011 by the SCTE
Surveillance Camera is Wireless
© 2011 by the SCTE Router Configuration for Home Security 26
GWR
eMTA
LAN IP 192.168.1.x/24
1.121
1.1
http://192.168.1.120
Wireless Setup Page
Router Configuration for Home Security 27
DHCP or Static?
© 2011 by the SCTE
GWR Config
© 2011 by the SCTE Router Configuration for Home Security 28
GWR
eMTA
LAN IP 192.168.1.x/24
1.121
1.1
http://192.168.1.1
GWR Config
Router Configuration for Home Security 29
Port Forwarding
© 2011 by the SCTE
Router Configuration for Home Security 30
Port Range Forwarding
© 2011 by the SCTE
Router Configuration for Home Security 31
Port Triggering
Port triggering is a configuration option on a GWR with NAT to allows a host to dynamically and automatically forward a specific port back to itself.
© 2011 by the SCTE
Router Configuration for Home Security 32
What the inside global IP (outside)?
© 2011 by the SCTE
http://www.ipchicken.com
HDTV / 3DTV
STB / DVR / PVR
eMTABroadband Connection
WirelessGWR
Printer
CordlessAnalog Phone
DesktopPC
Smartphone
Laptop
Fax
Let’s test it!
Router Configuration for Home Security 34
SMC
© 2011 by the SCTE
10.1.10.2 to 10.1.10.9 are static local inside IP address
TCP / UDPPort 10
Router Configuration for Home Security 35
NETGEAR
© 2011 by the SCTE
Router Configuration for Home Security 36
You try
© 2011 by the SCTE
Internet Internet
192.168.1.1 98.24.56.15
Camera 1 8085 1024 140
.140
.141
.142
Camera 2 8086 1025 141
Camera 3 8087 1026 142
http://98.24.56.15:8085http://98.24.56.15:8086http://98.24.56.15:8087
Router Configuration for Home Security 37
Summary
• Described the relationship of TCP/IP and TCP and UDP ports
• Explained the role and function of a NAT enabled GWR in the customer premises network
• Demonstrated the configuration of an IP surveillance camera and port forwarding
© 2011 by the SCTE