Using UPnP clients to allow outside access to SecuritySpy
  • By policy, one of the remote ISPs I use doesn't allow any sort of access to the CPE/wireless routers they provide. It's a huge hassle to get the right people to set up port forwarding on routers (Comtrend CT-5374) for things like external access to security systems. (I think I can replace their gear with my own, but for now I'll play ball and use theirs.)

    In the spirit of avoiding all contact with the ISP and poking around on my own, I discovered the CPE supported UPnP. Bittorrent Sync had successfully created its own port forwarding from the router's external address and this is what tipped me off that UPNP supported ways to do NAT/PAT transversal. I had never had the need to mess with UPNP so I didn't really realize this was possible. Note: not all routers support UPNP and/or allowing your own port forwarding.

    This means with the right UPNP software, I could configure my own port forwarding on the ADSL/wireless router to allow outside (e.g. with Remote Patrol) access to SecuritySpy and other things. Way easier than opening a ticket with somebody to do it or even logging into a home router.

    In my 45 second rage-google search for decent Mac UPNP software, I found two that are simple and work well so far: Port Map (Mac GUI) and miniupnp/upnpc (cli).

    PortMap ( is a quick and simple GUI that lets you see current UPNP port forwarding ("redirections"), and add new ones. You'd run this on the same Mac as SecuritySpy, tell it to map the local port 8000 to 8000 on the external interface. (Can't recall if you need to leave the app open)

    MiniUPnP / upnpc ( is a UPnP implementation for linux, ported to MacOS X, and it runs on the command line. The quick way to get started is to download the MacPorts installer (there's a .pkg installer available), then use ports to install upnpc (something like "sudo ports install miniupnpc", then ignore xcode errors). Running /opt/local/bin/upnpc will give you command options, including how to list/add/delete port mappings. A handy feature of upnpc is that you can make port mappings on behalf of other computers, whereas with PortMap you can just do the local machine). One can even go as far as to write a script run via cron to occasionally check the mapping and add it.

    After using one of these, the port forwarding was configured in seconds and I could now reach my SecuritySpy from the outside world.

    * If you have problems using either one (e.g. "can't find any IGD devices"), it's likely your Mac firewall blocking the return responses to IGD probes. With the firewall on, OS X should ask you if you want to allow incoming connections. You'll want to answer yes to this, and this should take care of opening the Mac firewall for the ports you've forwarded. Likewise using upnpc should prompt the firewall dialog box upon making changes, but if you have your head down in a terminal you may not notice the popup. Either way, configure the firewall to allow connections to either app. (You love your computer and are running the firewall, right?)

  • Thanks for the great post! This is very useful information for anyone who needs to set up port forwarding on a router that they don't have access to. Many thanks.
  • I think this is just what I need, but not sure. I have WildBlue satellite internet at home. While at home I can view my camera on th elocal network, but when in the outside world nothing lets me in to see what is hapening at home. I believe this to be settings in the WildBlue modem all of which are not user configurable.

    Please excuse my lack of technical vocabulary.

    When I get home today I wil attempt the PortMap solution you have provided. Assuming I get that up and running, what else in SecuritySpy will I need to configure, and what will I type in to the address bar on a web browser when not at home?

    I also see there are at least 2 iOS apps available to view your cameras when not at home. Do you have any experiance or advise on these?

    Thank you.

  • Hi Mark,

    In SecuritySpy you need to set up a dynamic DNS name in the Web Server Settings window in SecuritySpy. So for example if your DDNS name is "mark" and the port forwarding rule is using port 8000, then you would access SecuritySpy from the internet using the address

    Your computer also needs a static IP address on your home network, as per our instructions.

    One the above two things are configured, then all is left is the port forwarding. Before you spend time on this it might be worth first contacting your ISP to ask them if setting up port forwarding is possible with the connection and router they provide.
  • Ben, I followed all instructions and all appears to be working great. I could not get in from the outside world using Remote Patrol or the web interface with out the port forwarding, but it is working with PortMap set up and running in back ground.

    As I am on WildBlue and do pay for internet usage over 10G I must monitor my traffic, let me know if I have this figured out correctly. Security Spy is saving all video on the computer, local, no WAN traffic. PortMap is running local, somehow monitors my IP address and updates Googles free DNS with any changes, minimal WAN traffic. So the only major hit to my WAN limit is if I watch using Remote Patrol from outside, and any notifications going out that may be set up.

    How does Remote Patrol know there was activity to send me the push notification?

    Is Remote Patrol constantly monitoring my security spy, using up bandwidth?

    Thanks for all of the help and an amazing application.

  • Hi Mark,

    Great to hear that! To answer your questions:

    You will only use significant internet bandwidth when you are actually viewing video over the internet via a web browser or Remote Patrol. SecuritySpy handles all the push notifications: it does the motion detection locally and when there is motion it sends out a tiny amount of data to Apple's notification server, which then sends it to your iOS device to cause the notification to appear. Remote Patrol is not constantly monitoring SecuritySpy - it is dormant until you actually open it and view video.

    Hope this helps!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!