Firewall Issue? My V2 Hub does not see Iris Servers. V1 Just Fine.
0

34 posts in this topic

Firewall Issue?  My V2 Hub does not see Iris Servers. V1 works Just Fine.

 

Well, Iris V2 strikes again.

 

Just thought I would get a little ahead of the game and get the new hub firmware updated before attempting a migration.

 

Downloaded the V2 app, registered, plugged in the V2 hub, added the batteries... and vola... flashing red and green lights.  Support says this means the hub cannot see the Iris servers...  Of course, V1 works just fine thru the same modem and firewall.  

 

Support says port forward ports 443 and 80.  Ok, did that.  Same flashing lights.  Reset the hub...  same.

 

Anyone have any ideas on this?

 

Waiting for 2nd level support to call back...  but if this does not work, looks like I have no choice but complete return of the system.

 

Anyone have any ideas re this?

 

DSL service provider is Century Link, modem is a Actiontek PK5000.

 

Any suggestions (that wind up working) welcome.

Share this post


Link to post
Share on other sites

Check your allowable address range....I had a similar issue and realized I set up the router to only allow X number of IP's. What is really odd was the default setting somewhere in the Century Link router didn't release IP's even if the device was no longer connected, so I filled my list. So once I changed the range to X+20 it immediately connected.

Share this post


Link to post
Share on other sites

Check your allowable address range....I had a similar issue and realized I set up the router to only allow X number of IP's. What is really odd was the default setting somewhere in the Century Link router didn't release IP's even if the device was no longer connected, so I filled my list. So once I changed the range to X+20 it immediately connected.

As far as I can tell, this router allows multiple internal ip addresses, and of course, an infinite number of external ip addresses.  Also removing a device eventually drops it from the device table.

 

Further update:

 

Lowes support tells me tonight that for V2 you must open port 443 and turn off your firewall.

 

I am not going to turn off my firewall for any vendor, so, I guess this stuff is going back.

Share this post


Link to post
Share on other sites

Can you turn it off just to test and see if that's the issue?  Then allow specifically the iris traffic that's being denied?  They probably generically say to disable because most folks wouldn't know how to write exceptions. 

Share this post


Link to post
Share on other sites

Can you turn it off just to test and see if that's the issue?  Then allow specifically the iris traffic that's being denied?  They probably generically say to disable because most folks wouldn't know how to write exceptions. 

 

Good suggestion.  I did turn it off, and got a green light.

 

I do not know how to determine the specific iris traffic that is being denied, or write an exception.

 

This modem does allow port forwarding, and I have forwarded port 80 and port 443 per Iris tech support, however, I do not know how to take it beyond that.

 

Any suggestions welcome.

Share this post


Link to post
Share on other sites

Good suggestion.  I did turn it off, and got a green light.

 

I do not know how to determine the specific iris traffic that is being denied, or write an exception.

 

This modem does allow port forwarding, and I have forwarded port 80 and port 443 per Iris tech support, however, I do not know how to take it beyond that.

 

Any suggestions welcome.

 

This is now in the hands of level 2 support.  So far it has been determined that the router/modem firewall is blocking Iris V2 even with ports 443, 80, and 8080 forwarded.

 

Level 2 is writing (they apparently can not call them) to the developers to find out what other ports need to be forwarded... meantime the attempts at migrating disconnected all my V1 devices and turned the light on the V1 hub red...  resetting the V1 hub fixed that.

Share this post


Link to post
Share on other sites

 

 

So far it has been determined that the router/modem firewall is blocking Iris V2 even with ports 443, 80, and 8080 forwarded.

 

Are you talking about opening inbound connections or outbound? To me, forwarding a port means you're allowing inbound connections on that port.    

Share this post


Link to post
Share on other sites
Iris Login

ip = 104.210.2.205

port = 443

 

Camera Connectivity

ip = 104.209.177.250

port = 443,

 

Hub Connectivity

ip = 104.210.15.54

port = 443

 

 

 

Here is a list of the iris servers and the ports they use. I would first try setting your hub to DMZ on your router and then test it. If DMZ does work then go for the ports. 

 

 

Also if your router modem combo or modem then router.

Share this post


Link to post
Share on other sites

 

Iris Login
ip = 104.210.2.205
port = 443
 
Camera Connectivity
ip = 104.209.177.250
port = 443,
 
Hub Connectivity
ip = 104.210.15.54
port = 443
 
 
 
Here is a list of the iris servers and the ports they use. I would first try setting your hub to DMZ on your router and then test it. If DMZ does work then go for the ports. 
 
 
Also if your router modem combo or modem then router.

 

 

Thanks very much for your input on this.

 

My router/modem will only allow one rule per port... so I have port 443 opened to the internal IP of the V2 hub, but I do not specify the external IP, allowing all iris servers access (and anyone else) to the V2 hub.

 

I am only allowed one DMZ device, which is currently being used by my Ooma IP telephony device...  so the DMZ is in use.

 

I have discovered:

 

1. If i turn off the firewall in the modem/router the V2 hub goes green (unacceptable solution).

 

2. Open all ports on my modem outgoing also gets a green V2 hub (unacceptable solution).

 

Unfortunately, with this modem/router (an Actiontek PK5000), there is a firewall table, which only allows the ports listed there to be opened.  If not listed there, you can open all others outgoing with a check mark.  This is Century Links (and before them, Quests) connectivity device.

 

I can port forward any port, but there is only one rule allowed per port.

 

I have port forwarded 80, 8080, 8082, and 443.  So far, this is the extent of the suggestions by Iris 2nd level support.

 

I have also opened an issue with Lowes Executive Customer service, they are not technical, but appear to have an interest in successful problem resolution.

 

Again, thanks for your suggestions.

Share this post


Link to post
Share on other sites

 

Iris Login
ip = 104.210.2.205
port = 443
 
Camera Connectivity
ip = 104.209.177.250
port = 443,
 
Hub Connectivity
ip = 104.210.15.54
port = 443
 
 
 
Here is a list of the iris servers and the ports they use. I would first try setting your hub to DMZ on your router and then test it. If DMZ does work then go for the ports. 
 
 
Also if your router modem combo or modem then router.

 

 

 

My other thought for a solution is to place a 2nd router with decent configurable firewall behind the router modem, and open the firewall on the router/modem, relying on the firewall of the 2nd router.

 

I do not know which router to purchase for this purpose (I need one with a very configurable firewall), or if this idea would work.

Share this post


Link to post
Share on other sites

My other thought for a solution is to place a 2nd router with decent configurable firewall behind the router modem, and open the firewall on the router/modem, relying on the firewall of the 2nd router.

 

I do not know which router to purchase for this purpose (I need one with a very configurable firewall), or if this idea would work.

 

You really shouldn't need to do any of this.  I don't know of anyone that has had the need to configure ports for Iris.  Putting your hubs ip address in the DMZ is the best answer for a work around.  Also make sure you have plug and play enabled on your router.

Share this post


Link to post
Share on other sites

You really shouldn't need to do any of this.  I don't know of anyone that has had the need to configure ports for Iris.  Putting your hubs ip address in the DMZ is the best answer for a work around.  Also make sure you have plug and play enabled on your router.

 

Otto, thank you for your suggestions.

 

I think the DMZ solution would work if my modem/router allowed more than one device in the DMZ.  My DMZ is occupied by my Ooma IP telephony device, and the modem/router only allows one device in the DMZ.

Share this post


Link to post
Share on other sites

Could you get a cheap router, set the IP address of new router to a static address, set that static address into your internet modem/router as the DMZ IP address, then have the Iris Hub and your Ooma IP phone work from that router?   

Share this post


Link to post
Share on other sites

Could you get a cheap router, set the IP address of new router to a static address, set that static address into your internet modem/router as the DMZ IP address, then have the Iris Hub and your Ooma IP phone work from that router?   

 

Dan, that might be a workable solution, and if I had received your message a bit earlier, may have tried it out... however, as of a couple hours ago, all the Iris V1 gear I have accumulated has been returned to my local Lowes, for a complete refund.

 

I had spoken to one of the local managers a month ago a1nd reviewed the status of Iris V1 and V2 with him, and at that time he indicated that if I could not make V2 work satisfactorily, he would accept the return.  The return was easy, with Lowes store personnel very cooperative.

 

I had a great experience with V1, most everything worked, and what did not, was returned (swapped out) and the swapped out material worked.

 

I can not say that for V2.  As outlined above, V2 could not make it through my router/modem, regardless of any settings prescribed by Iris Support Level1, Iris support Level2, or Lowes Executive Support.  As far as I know, I still have an open incident with Level 2, and Lowes Executive Support.  Neither Level2 or the developers, or Lowes Executive support could provide a resolution...  Although V1 continued to work fine.

 

Even with the June 30th clock ticking, there just did not seem to be any urgency among those support folks.  No one would take ownership and solve the issue.  I even suggested that they buy me a cheap router to place behind my router/modem (if it would work) which would ultimately be less expensive for Lowes than buying back all my V1 gear (which they would then have to toss) ...  but apparently, no one has the freedom to think out of the box.  Corporation too big I guess... and everyone doing just their little job.

 

Anyway, I am now looking for a replacement system.  I did keep one of the Lowes cameras and am using it (along with my other cameras) with third party software.

 

Appreciate the suggestions from everyone here on this forum...  I will place a copy of this in the general thread.

Share this post


Link to post
Share on other sites

My other thought for a solution is to place a 2nd router with decent configurable firewall behind the router modem, and open the firewall on the router/modem, relying on the firewall of the 2nd router.

 

I do not know which router to purchase for this purpose (I need one with a very configurable firewall), or if this idea would work.

 

I would get a wireless router (anything but linksys or low end Belkin) then put your modem in bridge mode (may need ISP to do this for you) This will let the router control all firewalls and port forwarding. I would say out of the box a new router will work great.

Share this post


Link to post
Share on other sites

I would get a wireless router (anything but linksys or low end Belkin) then put your modem in bridge mode (may need ISP to do this for you) This will let the router control all firewalls and port forwarding. I would say out of the box a new router will work great.

 

Update on this:

 

Between Lowes Executive Support and 2nd level Iris support, it looks like we may have a handle on this issue.  It appears my modem/router is not compatible with Iris V2... the answer appears to be -- buy an additional router to place behind the router/modem supplied by the phone company, open the firewall on the original modem/router, and rely on the new router's firewall for protection.  Meantime, the hub can go on any ip plug on the original router, with its firewall turned off.

 

Now, I may be picky (yes) or cheap (yes) or just retired IT on a limited income (yes) but I did not feel that I should pay for a new router when everything else here works fine (including Iris V1) with the current router.  2nd level support scrounged around and found an old Lowes Gift Card for $50 left over from some other promotion and sent it to help defer the cost of the new router.  At the time, Lowes cheapest router was $82.  I found it for $52 on line from a compeditor, and lowes.com price matched.  So, essentially 2nd level agreed to pay for my additional router purchase required by V2.

 

Do I think this is a good thing?  Yes.

 

So... in the mean time, as previously reported, all my V1 stuff was returned...  so now I am going to buy some V2 stuff, (once the router arrives and the solution is found to work) in small quantities, and test it thoroughly as to reliability, false alarms, stability, etc.

 

Stay tuned.

 

Also, many thanks to Lowes Executive support (not technically knowledgable, but genuinely want to help and solve problems) and 2nd level Iris, who I think want to make V2 a better product.

Share this post


Link to post
Share on other sites

baa,

 

What is the name and model number of the "incompatible" router?  Perhaps this could explain other folks issues as well?

 

The problem modem/router is an Actiontec PK5000 supplied by Quest, now Century Link.

Share this post


Link to post
Share on other sites

Were you ever able to get any "technical talk" from Lowe's as to why it was not compatible?  I certainly do not know what to do with the information but there are some real experts on this board.

Share this post


Link to post
Share on other sites

Were you ever able to get any "technical talk" from Lowe's as to why it was not compatible?  I certainly do not know what to do with the information but there are some real experts on this board.

 

No, they provided some ports to open, which did not solve the issue.  Turning off the firewall in the router/modem solved the issue, but not exactly a secure solution.

Share this post


Link to post
Share on other sites

Well, we tried the idea of setting up a new router behind the existing router/modem.

 

Noticed the following:

 

The new router set up its own subnet, so all my fixed ip cameras and two brands of NVR software would have to be reconfigured, and the new router has an internet throughput of approximately 1/4 the speed of a direct connection through the router modem.  Not a satisfactory result...  so off to return.

 

I expect unless Lowes comes out with a way to make this work through my existing router/modem I will be forced to leave the product.

Share this post


Link to post
Share on other sites

I am no networking guru but cannot you control the subnet?

 

I am not a networking guru either... but I do not want to migrate my working cameras or nvr software to the new subnet, or use a router that accesses the web at 1/4 the speed of my existing router through my existing router.  I do not have to do this except to accommodate Iris V2 (V1 worked fine).   Anyway, at this point, I will live without it.  I do have the V2 hub, and IF someone can figure how to get a solid green light with my setup here, I will buy a few Iris V2 test devices... otherwise, I have been refunded and made whole, except for the time spent on this.

Share this post


Link to post
Share on other sites

I am not a networking guru either... but I do not want to migrate my working cameras or nvr software to the new subnet, or use a router that accesses the web at 1/4 the speed of my existing router through my existing router.  I do not have to do this except to accommodate Iris V2 (V1 worked fine).   Anyway, at this point, I will live without it.  I do have the V2 hub, and IF someone can figure how to get a solid green light with my setup here, I will buy a few Iris V2 test devices... otherwise, I have been refunded and made whole, except for the time spent on this.

 

Let me rephrase that:  I don't want to re assign the static ip addresses of 6 ip cameras to a new subnet, or re configure the existing nvr software to accommodate Iris V2, or put up with the network speed degradation that seems to accompany this setup, and router.

Share this post


Link to post
Share on other sites

Let me rephrase that:  I don't want to re assign the static ip addresses of 6 ip cameras to a new subnet, or re configure the existing nvr software to accommodate Iris V2, or put up with the network speed degradation that seems to accompany this setup, and router.

I have the same modem/router.  I set the modem to "passthrough mode" and use my dual band Asus router to authenticate and connect to the internet.  This is a huge upgrade in both speed and functionality.  I can set the subnet up to whatever I want it to be.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
0