Viewing from the Internet on a multiple network

[J. Gabriel Sabina Ramos]

I have an intranet with the following structure:

The BHS-RTA router connects to the internet, serves Wi-Fi with the gateway 192.168.1.1 with the network name MovistarXXXX and serves the Linksys WRT54GL whose IP address is 192.168.1.34, which in turn serves Wi-Fi with the gateway 192.168.2.1 with the network name RSXXXX and provides service to Wireless-N which is connected with cable reception and repeats the WRT54GL wifi, that is, the same gateway 192.168.2.1 and with the same RSXXXX network name, In turn, the HGS56A is connected by Wi-Fi with Wireless-N and serves Wi-Fi with the gateway 192.168.3.1 with the network name WRTXXX.

The Raspberry Pi 2 B v1 connects to HGS56A via wifi and corresponds to the address 192.168.3.167 and incorporates a 12M Megapixel webcam.

The Raspberry Pi B + v1 connects to HGS56A by wifi and corresponds to the address 192.168.3.223 and incorporates a 12M Megapixel webcam.

The Raspberry Pi Zero W connects to BHS-RTA by wifi and corresponds to the address 192.168.1.35 and collects the two cameras of the Raspberry 2B and B + in Simple MPEG Camera mode.

All Raspberries have MotionEyeOS as OS and stream_localhost off has been set.

On the BHS-RTA router, port 80 has been redirected to IP 192.168.1.35 so that only the Raspberry Pi Zero W is accessible from the Internet.

From the intranet (Options Op2 and Op3) each and every Raspberry is correctly accessed and the cameras are displayed without problem.

From the internet (Op1) you can access the Raspberry Pi Zero W and the interface is displayed, you can interact with it and you can even access the configuration functions in administrator mode, but I CANNOT SEE THE IMAGES.

MotionEyeOS is based on Motion, so it is understandable that Motion controls access to images from the Internet through the stream_localhost command, but it has been set to off on all Raspberries and continues without allowing it. On the other hand, the image served as Simple PMEG and collected by the Raspberry Pi Zero W is already out of the control of the other Raspberry, so if Zero in turn serves the image to the Internet the other Raspberry should no longer have control ( It is how I understand it).

To allow stream_localhost off I do it from ./data/etc/motion.conf, I don't know if there is any other configuration that overwrites this (Is there any other that I should modify?).

These are the current Raspberry configurations:

Raspberry Pi Zero W v1: ./data/etc/motion.conf:

webcontrol_interface 1

setup_mode off

webcontrol_parms 2

webcontrol_localhost on

webcontrol_port 7999

stream_localhost off

Raspberry Pi 2B v1 y B+ v1: ./data/etc/motion.conf:

webcontrol_interface 1

setup_mode off

camera camera-1.conf

webcontrol_parms 2

webcontrol_localhost on

webcontrol_port 7999

stream_localhost off

Raspberry Pi Zero W v1, 2B v1 and B+ v1: ./data/etc/motion.conf:

conf_path /data/etc

run_path /tmp

log_path /var/log

media_path /data/output

motion_binary /usr/bin/motion

log_level info

listen 0.0.0.0

port 80

mount_check_interval 300

motion_check_interval 10

cleanup_interval 3600

remote_request_timeout 10

mjpg_client_timeout 10

mjpg_client_idle_timeout 10

smb_shares true

smb_mount_root /data/media

wpa_supplicant_conf /data/etc/wpa_supplicant.conf

local_time_file /data/etc/localtime

enable_reboot true

enable_update true

smtp_timeout 60

zip_timeout 500

add_remove_cameras true

password_hook /usr/libexec/meyepasswd

Where is the goblin? Why can't I see the images from the internet if I access the interface without any problem? Am I not configuring correctly? What do I need to configure?

[Dewey]

Sorry I can't answer your question, but your setup looks extremely over complicated.  A single camera-less RaspberryPi that has all the other RaspberryPi cameras added to it is all that needed.  You come in from the internet into the single cameraless Pi, which shows all the other cameras since they are added to it.  As a plus, you can actually manage each camera from the single camera-less Pi.

Dewey

[J. Gabriel Sabina Ramos]

Yes, this is exactly how I have it configured, a Raspberry Pi without a camera (let's call it main) that has the cameras of the other Raspberry Pi, and the Raspberry Pi Main I can enter from the Internet and I can modify the configuration from the Internet without problem, but not I see the images. However if I access from the internal network I can still modify the configuration and in this case I can see the images.

The strange thing is that you can access the Raspberry Pi Principal from the internet but you cannot see the images because it is not that the images are served by a different port.

The handicap of the extensive and / or complicated network should not be inconvenient, in fact from any point of the network I can access any Raspberry Pi simply calling it by its IP. All the subnets are different but they all come from the same and I do not have network isolation configured so that any computer within the network can see any other. At this point you might ask yourself why different names and addresses if at the end they all see each other ... simply, each of the additional routers also serves an isolated and differentiated network to serve customers, and As each one has a certain scope, each one supports a different sector of clients, but for common services there is the main network and the reason that the different IPs are assigned is basically to be able to more easily locate and identify the connected equipment at that moment.

[J. Gabriel Sabina Ramos]

Well,

I answer myself. As I finished writing the previous comment I saw the light, saying that it was not served by different ports.

Well, with the Chrome analysis tool I see that the Raspberry Pi Principal does not import the image of the other Raspberry and then serves it, but simply links it, so, if the Raspberry Pi Principal is accessed from the Internet at Through port 80 open in the router for this purpose, since the content served by the Raspberry Pi Principal is accessed, but of course, the images are still behind the firewall since it is simply a link, this means that I must open port 8081 in the main router and direct it to the IP of the second router, also open port 8081 on the second router and direct it to the IP of the third and logically on the third open this same port and direct it to the IP of the Raspberry Pi that serves image. All this implies that in the other Raspberry Pi that serves the other image I have to change the default port 8081 for another, for example 8082 and do the entire process above for this Raspberry Pi as well.

Buff, yes you're going to be right, the network is extremely complicated ... Jejj

Well, it's time to try to see if it's true ...