Setting up Remote Viewing Using New Cellular Data ISP
  • Hi. A friend had been using DSL internet service and a Peplink multi-WAN router and remote viewing of SS on his Mac Mini had been working. But the DSL internet was pretty slow and unreliable. He got rid of the DSL service and his new service is from AT&T using an LTE MF279 gateway. He's much happier with the internet connection. Now we're trying to re-establish remote viewing of his SS. We're getting mixed messages from Tech Support about whether port forwarding actually works in the real world using this gateway. If we're unable to get port forwarding working, is it too much threat exposure to set up the Mac Mini running SS as a DMZ Host? This Mac Mini is only used as a SS and home automation server and is not used for any other uses. If we're unable to setup remote access for the Mac Mini, is setting up one outdoor Axis camera as a DMZ Host a reasonable thing to do? From what I've read, it seems DMZ is to be discouraged and is often used only for gaming consoles, as the intrusion risk is limited, etc. I appreciate any feedback.
  • The problem with cellular connections is that typically you are not exposed to the Internet directly, but rather you are behind another layer of NAT at the level of your ISP (effectively like you are behind an additional router that you are not in control of). Because you can't configure this NAT layer, you can't open ports to allow incoming connections from the Internet.

    DMZ just means that all incoming connections from the Internet on any port at aimed at one particular device. As you say, this is generally discouraged as it's a potential security risk, but if you make sure to turn on your Mac's firewall with just the relevant few ports open, then you should be OK. Do you know if you are actually able to do this?
  • Ben is correct about the NAT issues. I too use an AT&T cellular connection at home because I live in a rural area and the speed is fantastic. What I use as a workaround is an app called NGROK for secure http tunneling. It works really well in that you can connect to your cameras remotely and it's free for the most part... if you're willing to deal with dynamic host names.... Shouldn't be an issue if you don't restart your computer often.
  • Hello, Ben, hello, htijerina. Thanks both for the feedback and the introduction to NGROK. Our sole ISP is AT&T cellular (also due to rural setting) and we need to access two web servers on a Mac Mini, one for SS and another for Indigo (home automation software.) htijerina, is your setup similar to this? Does your system work well?

    I'm wondering if you and other visitors here feel that setting up NGROK services is a reasonably secure connection?

    https://ngrok.com/product

    Again, many thanks!
  • I'm only using it to access one server at a time, in this case SS. I think it's pretty secure and if you're really concerned about security go with a paid plan (whitelisting, Encrpyted tunneling etc). If you go with a paid subscription which is relatively cheap I believe you can run more than one tunnel at once which would solve your issues with running 2 web servers at a time.

    As far is it working well, it works really well ALL THE TIME. The only issue I have and I'm 99% sure it's not Ngrok related is that my connection over cellular is choppy. Looks like my cameras are running at 1-5FPS when in reality they are running at 30FPS. Really bugs me and I'm thinking of just going back to running blue iris on a PC (even though I purchased an 8 camera SS license :( ). Blue Iris did an excellent job of detecting your connection type and would lower resolution as need be to make sure you got a nice smooth picture. I'm guessing SS is always displaying Stream 1 which in my case is 2560x1440 at 30fps. That may be a little much even with my 30-50Mbps upload. Could also be the Reolink cameras I use... who knows... I say that because I know these reolinks can be a little finicky with their RTSP streams. Monoclecam (Amazon Alexa Skill) for instance doesn't work with my cameras without setting up a proxy server (LAME).

  • I install cellular connected systems for law enforcement. Here is the best answer: Static IP. Verizon will charge $500 up front for a static. (free for LE agencies) However, AT&T only charges an extra $3 per month for a static address. This is the only way I have found to make it work constantly and reliably for mission critical applications.
  • Thanks again, htijerina, and hello TSI. Appreciate your suggestion about a static IP and while that makes sense– and this friend still has an active DYN.com account, which had worked with his earlier DSL internet service– we’re still stuck at port forwarding.

    Here’s an update. Our internet service is coming from an AT&T MF279 gateway. The AT&T documentation specifically states that port forwarding is supported. I followed the instructions to forward a port to a specific IP address on the LAN, where we have a Mac Mini running SS on an IP with a DHCP reservation. We were not successful in viewing SS from a remote WAN connection.

    An additional complication is double NAT. It seems the MF279 gateway cannot be set in bridge mode. So the gateway is handing out IP addresses to his (heavily configured, pre-existing) Peplink router which is also managing LAN IP addresses. This Peplink has the same port forwarded to the Mac Mini (and this had been working flawlessly with his earlier DSL service.) Other than the ways double NAT could be affecting our remote viewing, it has not been an apparent problem as every single internet service is working much better by LTE than his earlier DSL service ever did.

    Out of curiosity I brought one of my Canary video surveillance cameras over to his house, and it seemed to work well.

    Any other feedback for me? I would like to confirm correct network setup first before exploring NGROK, etc. Thanks!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!