View Full Version : HG659

10-02-2018, 06:21 PM
I've just switched to Skinny unlimited broadband, dropped my landline and saved some bucks every month in the process. Landline wasn't getting used much so it's a goner.

I've got everything working re the new HG659 except for DDNS. I run a security camera setup accessible from my Samsung J5 smartphone, previously via Sparks' HG630b. I set up other routers successfully prior to that.

I've managed to get DDNS synchronized on the Dynamic DNS tab using no-ip.com. I can open a browser, enter the the ddns address and it stops at the router log in page. I think this means the DDNS side of it is working and I'm getting loopback?
My Samsung J5 doesn't find a page using mobile data and eventually times out.
Canyouseeme.org reports my port 80 as as closed. I cleared all the history, cache etc on the Samsung j5

H246 DVR older Chinese 8channel DVR.
No-ip com free account.
Windows 10 64bit.
Ports as reported by DVR of which I have forwarded in router:
Web :80
Media :9000
CMD :8000
DMZ is enabled for DVR mac address. (is this needed??, wasn't in other routers that I recall)
Bound to be other things you'll need to know..

Battling. Lost a day on it so far.. I eventually got the other routers going after a tuscle and a crash course.

Thanks for any help. Please comment. What am I missing?

10-02-2018, 09:04 PM
More observations..

The routers SNTP synchronization is reported as failed. It lists the date as 2010. The system log also has this date. Is it critical?

I disabled the router firewall but no difference.

DMZ study pulled up interesting snippet:
DMZ is a open all ports rule. And on most routers it over rides the port forwarding rules. So if you have DMZ enabled and it isn't pointing to the machine you need the ports open on, then this will create problems. So if your setting up port forwarding rules, make sure DMZ is disabled.
Attachment shows mac address of DVR. The router populated the dropdown menu with this entry. Currently it is disabled.

When attempting to run DDNS from my PC chrome browser, it will halt with a invalid certificate error. Clicking proceed then brings up the router login. It will accept the password but it just allows access to router config and not DVR/cameras.

As will previous routers, I've struggled early on to get them working, then I made a point of screen-capturing all the settings. Reviewing these doesn't help as the new router configuration is quite different.

OK, so more study with opening the port. Perhaps there's other factors that can obstruct a routers port config? Some of the jargon used in the router is causing more than a bit of confusion. I learning heaps though!

10-02-2018, 11:14 PM
Mr.Google pointed out some interesting bits of info.

According to this post on Voda (http://community.vodafone.co.nz/t5/Broadband-services/HG659-port-80-permanently-blocked/td-p/210410) port 80 is permanently blocked on HG659. I suppose that's routers supplied by Voda.?

Is it possible to use another port that satisfies all the parties? Changing the forwarded port in the router is do-able. The DVR has the web port editable. The other question is does the DDNS provider need any settings configured?

Hey, well here's a thought. Can't I reinstall my old Spark router??

I can ping my DDNS address OK.
Also I downloaded NMAP and did a port scan. It says port 80 is open on tcp and gave a short list of things it was in use for including HG659.. Not that I understood much of it.

10-02-2018, 11:52 PM
Get a proper router, not an ISP supplied one. ;)

11-02-2018, 12:30 AM
I tried my old HG630 but it won't connect. There was a couple of errors though all the appropriate led's were lit.

What router will work without issue?

Alex B
11-02-2018, 10:11 AM
Opening port 80 to the internet (as in unencrypted HTTP) is asking for trouble. You will also run in to issues as Skinny use CG-NAT which will not work correctly with DDNS.

11-02-2018, 11:35 AM
CG-NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT) That's looking like the problem!!

What's the workaround? VPN?

11-02-2018, 03:25 PM
Camcloud looked promising till I discovered they require, yep you guessed it, port forwarding. Have messaged then to ask of any known solution.

I'll message Skinny soon and get their point of view.

12-02-2018, 04:55 PM
Basically you don't wank Skinny. There is a reason they are as cheap as they are - nothing at all wrong with their service, but they have to cut cost somewhere - they do that by using CGNAT instead of providing everyone with a public IP.

You really want a public IP for what you're doing - BigPipe (also owned by Spark) also use CGNAT but have a very reasonable one off cost for a Static IP - Voyager are also another cheaper option, they do not use CGNAT, so you would have a 'normal' dynamic public IP, like you would with Spark for example, or they also have a cheap one off cost for a Static.

Skinny say on their site that they do not support port forwarding - this is why.

Not an issue for most people, who wouldn't know port forwarding from parcel forwarding.

12-02-2018, 10:20 PM
Searched and found the Skinny mention of port forwarding (https://www.broadbandunlimited.nz/support-centre/about-skinny-unlimited-broadband/does-skinny-unlimited-offer-static-or-public-ips) ... was on the broadbandunlimited site. I missed that.

OK, so I'm past the date at which I can cancel and there's $249 penalty if I cancel anyway. Looks like I'm stuck with finding a workaround.

It's been pointed out that VPN is significantly more secure that forwarding ports. If I'm understanding correctly I'll need a VPS as well. Can anyone point me in the right direction or recommendation?

To be clear, my smartphone only updates remote view every 6 seconds. So it's a series of still pictures rather than live video as such. I'll be updating to an IP camera set up at some stage though.