Setting up Remote Viewing Using New Cellular Data ISP
  • Hi. A friend had been using DSL internet service and a Peplink multi-WAN router and remote viewing of SS on his Mac Mini had been working. But the DSL internet was pretty slow and unreliable. He got rid of the DSL service and his new service is from AT&T using an LTE MF279 gateway. He's much happier with the internet connection. Now we're trying to re-establish remote viewing of his SS. We're getting mixed messages from Tech Support about whether port forwarding actually works in the real world using this gateway. If we're unable to get port forwarding working, is it too much threat exposure to set up the Mac Mini running SS as a DMZ Host? This Mac Mini is only used as a SS and home automation server and is not used for any other uses. If we're unable to setup remote access for the Mac Mini, is setting up one outdoor Axis camera as a DMZ Host a reasonable thing to do? From what I've read, it seems DMZ is to be discouraged and is often used only for gaming consoles, as the intrusion risk is limited, etc. I appreciate any feedback.
  • The problem with cellular connections is that typically you are not exposed to the Internet directly, but rather you are behind another layer of NAT at the level of your ISP (effectively like you are behind an additional router that you are not in control of). Because you can't configure this NAT layer, you can't open ports to allow incoming connections from the Internet.

    DMZ just means that all incoming connections from the Internet on any port at aimed at one particular device. As you say, this is generally discouraged as it's a potential security risk, but if you make sure to turn on your Mac's firewall with just the relevant few ports open, then you should be OK. Do you know if you are actually able to do this?
  • Ben is correct about the NAT issues. I too use an AT&T cellular connection at home because I live in a rural area and the speed is fantastic. What I use as a workaround is an app called NGROK for secure http tunneling. It works really well in that you can connect to your cameras remotely and it's free for the most part... if you're willing to deal with dynamic host names.... Shouldn't be an issue if you don't restart your computer often.
  • Hello, Ben, hello, htijerina. Thanks both for the feedback and the introduction to NGROK. Our sole ISP is AT&T cellular (also due to rural setting) and we need to access two web servers on a Mac Mini, one for SS and another for Indigo (home automation software.) htijerina, is your setup similar to this? Does your system work well?

    I'm wondering if you and other visitors here feel that setting up NGROK services is a reasonably secure connection?

    https://ngrok.com/product

    Again, many thanks!
  • I'm only using it to access one server at a time, in this case SS. I think it's pretty secure and if you're really concerned about security go with a paid plan (whitelisting, Encrpyted tunneling etc). If you go with a paid subscription which is relatively cheap I believe you can run more than one tunnel at once which would solve your issues with running 2 web servers at a time.

    As far is it working well, it works really well ALL THE TIME. The only issue I have and I'm 99% sure it's not Ngrok related is that my connection over cellular is choppy. Looks like my cameras are running at 1-5FPS when in reality they are running at 30FPS. Really bugs me and I'm thinking of just going back to running blue iris on a PC (even though I purchased an 8 camera SS license :( ). Blue Iris did an excellent job of detecting your connection type and would lower resolution as need be to make sure you got a nice smooth picture. I'm guessing SS is always displaying Stream 1 which in my case is 2560x1440 at 30fps. That may be a little much even with my 30-50Mbps upload. Could also be the Reolink cameras I use... who knows... I say that because I know these reolinks can be a little finicky with their RTSP streams. Monoclecam (Amazon Alexa Skill) for instance doesn't work with my cameras without setting up a proxy server (LAME).

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!