How To Set Up a Webcam Server Behind a Proxy / Firewall / NAT/ Dymanic IP

My lastest addition to Jason’s Fishcam turned into quite a networking challenge. I needed to stream video from a server behind a proxy server and a firewall. Oh, and the webcam server had a dymanic IP.
My first attempt was to transfer still webcam images via FTP (passive mode, of course) to an outside server. To help speed things up, I saved the incoming images to a RAM Drive configured on the FTP server. Although this method worked it still wasn’t fast enough for my liking (about 1 frame every 2 seconds). My other cams are streaming video and I didn’t want this one to be anything less. My second attempt, using a “tunneling” proxy server, yielded a much better result at over five frames per second. If you’re interesting in setting up something like this for yourself, the following explainantion may help.
In order for this to work, you’re going to need a few things first. So besides your helpless server that is insolated from the rest of the internet, you’re going to need access to another server running on the outside and some tunneling software. In my situation, I already had a server on the outside streaming video from my other webcams. (And when I say server, I mean a crappy little PC running some webcam software… nothing special.) The tunneling application will connect the two servers in a “port forwarding” arrangement. Let me explain…
From behind a firewall, a computer can still transmit data to the outside world. The only catch is that it has to initiate the connection. Unfortunately, that doesn’t work very well when the computer behind the firewall is a server. The whole point of a server is to sit there and wait from connection requests. A server insolated from the internet by a firewall isn’t going to hear any requests. The tunneling proxy server approach overcomes this problem by having a little application (app) that runs on both the server behind the firewall and the server on the outside. The app on the outside server constantly listens for a connection originating from the app on the inside server. Once the two are connected, the server behind the firewall can accept outside requests. In practice, someone one wanting to connected to the inside server will actually type in the host name of the outside server. The request will transmitted from one server to the other via the tunneling app. Generally the entire process is transparent to the end user.
I’m sure there are better application to use for this but I’m going to talk about a little gem called Java Proxy. Go here to read what the developer has to say about it. He has a few diagrams that might make this easier to understand. You can download it there too, but good luck finding the well hidden link. Java Proxy is written in JAVA (big surprise) and you’ll need at least J2SE 1.4 installed to use it. You can use it as is by typing “java -jar jp3.jar” at the command line. Running it this way is great for setting it up, but unfortunately, it leaves a big ugly window in the middle of the screen that can’t be minimized. I’ve taken the liberty of making a custom wrapper that will allow Java Proxy to be run from a standard exe that can be hidden.
Java Proxy is quite a powerful little program and although it can do a lot of cool stuff, I’m only going to explain how to use it in one configuration: forwarding mode. This will allow a specific port on the outside server to pass along requests to the firewalled server.
First set up Java Proxy on the server behind the firewall… From this server, run Java Proxy and choose “Redirector client” from the first screen. Now under “Connection options” type in the location (Hostname or IP) of the outside server and choose a port. For this example lets say we’re going to use port 202. Now click Next and Start. Also, go to the File menu and pick “save config as…” Save the configuration as “settings.xml” (this is important if you want to use the hidden mode version). Now load up your webcam server software. Ok, that’s it for this server now it’s off to set up the outside server.
Load up Java Proxy on the outside server. This time choose “Connector server” and click next. On the next screen, type in the same server port we used on the other server, port 202 in our example. Now click the “Forwarding…” option. In the “Forwarding configuraion” window, check the use forwarding option. Type “localhost” in the remote host field. This basically tells the other Java Proxy that it is on the same machine as the webcam server we want to contact. Set the remote port to the port used by the webcam server software on the inside server. (hopefully something other than 202). For simplicity we’ll set the local port to the same number but it can be different if you want. Click Add and OK. Click Next and Start. Again save the configuration as “settings.xml”.
Now, hopefully within a minute or two, you’ll see the “connected” indicator turn yellow on the window that pops up. If not, check that Windows Firewall (or what firewall software you have) isn’t blocking the Java Proxy port. In our example that would be port 202.
At this point you should be able to see your webcam. To access it, use the address of the outside server with the local port number you used in the “Forwarding configuration” window. Something like… http://www.outsideserver.cat:8080
If you get it working and you’d like Java Proxy to run hidden in the background, then use the jp3_silent.exe from the ZIP package. It’s important to point out that you’ll need to have a “settings.xml” file in the same folder. By placing a shortcut to jp3_silent.exe in the Start Menu, under Startup it will run hidden at startup.
This write-up concentrates on webcam servers but really you could use Java Proxy for almost any kind of TCP/IP connection FTP, HTTP, VNC, etc.

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to How To Set Up a Webcam Server Behind a Proxy / Firewall / NAT/ Dymanic IP

  1. Anonymous says:

    What about authentication/authorization? Or is it open to anyone? Or is that the point?

    If the use is supposed to be restricted and the server on the outside is Linux you can “bridge” a TCP port between the 2 servers very easily using SSH port forwarding.