How to get your iCatcher online (advanced)

Introduction

This HowTo documents the process of getting your iCatcher software online, that is, getting your camera feeds visible from the internet. The process can appear complex, in that iCatcher Console and Sentry/Wildlife have slightly different implementations, and then there is hardware and software such as firewalls, NAT (Network Address Translation), routers, etc.

Your internet connection

One of the most common causes of failing to get any web service online is a misconfiguration of the internet connection. One of the most common features in use on the internet today, particularly in home installations where more than one computer shares the internet connection, is Network Address Translation (NAT), commonly known as IP Masquerading. This facility allows multiple computers to get online through a single connection, by having the computer connected to the internet translate the IP addresses of the network computers into the single internet IP. In this case, the internal computers pretend or "Masquerade" as the external computer. While solving the problem of getting more computers online, it leaves the problem of getting connections from the internet to internal computers. In order to do this, you need to use "port forwarding". Port forwarding is a process whereby the computer connected to the internet receives the connection, and forwards it to the internal machine. If you are using any form of NAT (IP Masquerading, Multiple NAT, Internet Connection Sharing, etc) and your iCatcher machine is not the computer connected directly to the internet, then you will need port forwarding.

Another thing that affects Getting iCatcher Online, is firewalls. Firewalls are pieces of software (or more frequently, hardware) that block unwanted connections from potential attackers. The common configuration for a firewall is to block any service that isn't necessary to be accessible from the internet. Unfortunately this usually includes the iCatcher software as well. In particular, Windows XP and newer have a built-in firewall, which is set to be paranoid by default, often resulting in confused users wondering why their feeds aren't accessible.

With all this in mind, our first step in Getting iCatcher Online, is to choose the port we are going to use, and make sure that port can get through to the iCatcher computer.

Choosing a port

We have noticed that while most people are able to find their way around iCatcher and its features, some people are less knowledgeable when it comes to networking. In this section, we will briefly discuss networking so that these users can better understand what ports are and why one needs to be chosen carefully.

Computers on modern networks communicate using a protocol known as Transmission Control Protocol/Internet Protocol (TCP/IP). The full specifics of this are beyond the scope of this document, but there are a few basics that are good know. Each computer on the network has an IP address. This address is formed of 4 numbers (between 0 and 255 inclusive) separated by a dot, for example, 192.168.0.1. This system allows up to 4 billion (approximately) systems on the internet simultaneously. No two computers on the internet have the same IP address (note: NAT, as described above, does not use "duplicate" IP addresses, and so should not be seen as an exception to this rule).

In order for computers to transfer data between each other reliably, a connection must be made. A computer that waits for a connection request from other computers is a "server", and is said to "listen" for connections. In order that a computer knows what service/program should deal with an incoming connection, a system of "ports" is used. A port basically identifies (at the server end) what service you are trying to access. Just as there are no two computers on the internet with the same IP Address, no IP address has more than one service listening on a given port.

When a computer begins listening on a particular port, it is said to "bind" to that port. The binding process can also be specific about IP Addresses (more on that below). There are up to 65,535 ports on an IP address, numbered from 1, but not all are available, particularly if your internet connection exposes additional services. When choosing a port, keep in mind that ports 21 (FTP), 22 (Secure Login), 23 (Telnet), 25 (Email), 80 (Website), 110 (Mailbox), and 443 (Secure website) are all commonly used by server systems, particularly those offering network services, such as on a company network.

Generally, anything above 1024 is safe to use as an iCatcher HTTP Server port, although you are free to use any available port in your iCatcher system. Once you have chosen the port to use, you will (if applicable) need to configure your network hardware to allow that port from the internet to your iCatcher system. This includes unblocking the port from firewalls, and forwarding the port on NAT systems. Since network hardware varies from manufacturers, it is impossible to give a full description of how to do this here. We would ask you to consult your network hardware documentation on how to carry out these tasks.

Get iCatcher going

At this point it is assumed that your network is set up in preparation for iCatcher, and that you have successfully configured at least one feed in iCatcher Console/Sentry/Wildlife.

While the procedure for enabling the web server is similar between Sentry/Wildlife and Console, there are slight differences. Both will be covered here. There is a separate section below dealing with i-Catcher Video Server, as this is a special case.

For i-Catcher Sentry/Wildlife, the dialog to control the HTTP Server (which provides the online component of iCatcher) can be accessed by clicking on "Settings" in the main window, and then "HTTP Server" in the dialog that appears.

For iCatcher Console, the dialog can be accessed from the "Settings" button in the main window, and then clicking on the "HTTP Server" tab.

The dialog presented contains the same set of options between both iCatcher applications. You will need to ensure "Enabled HTTP Server" is checked (the remaining options are not greyed out). You are presented with a box to enter and IP Address, and the port that you have chosen to use. Also in this dialog is a setting to restrict iCatcher to only serving content to those persons who know the username and password (as set on this dialog).

A little more on IP Addresses

The "IP Address to listen on" field confuses a number of people when they first see it. The reasons for this seemingly confusing field is that TCP/IP is very flexible regarding listening connections, and also supports something called "Virtual Hosting". This is where a single system can be pretend to be many systems at the same time. Each one of these "Virtual Hosts" has its own IP Address. Where it may be desirable to limit a listening service to be listening only on one of those virtual hosts. In this field, you can limit iCatcher to listen only on the IP Address entered, that is, connections to the iCatcher machine that are NOT specifically to the IP address specified will fail.

The IP Address field has additional flexibility too. TCP/IP has provision for "special" IP Addresses. There are two that are of particular interest to us. 127.0.0.1 is the "loopback" address. It is called this because any traffic to/from this address literally "loops back" to the same machine, that is, wherever you are, and no matter what computer you are on, 127.0.0.1 is always the address of "yourself". This is useful for testing an iCatcher web server from the same machine that iCatcher is running on.

Another special IP address is 0.0.0.0. This address means "everything", that is, it does not cause iCatcher to restricted to one IP address, but instead that iCatcher will deal with connections that are directed at ANY IP address the system has, including 127.0.0.1.

Most people will want to leave this address field as 0.0.0.0. The only time it should need to be changed is if the iCatcher computer is on a virtual host machine as described above (most computers aren't).

Testing the HTTP Server

Now that you have set your networking settings, you should be able to click on "OK" (and "OK" on any remaining dialogs), and your iCatcher software will begin listening for connections on the port you specified.

In order to test the HTTP Server, you will need to point a web browser at iCatcher. For internal testing, you can use the address "localhost" (which the name equivalent to 127.0.0.1 - see above) as a website address. Website addresses have a standard format which can be summarised as http://[<username>[:<password>]@]<hostname or IP Address>[:<port>]/. This line may look gangly, but is actually simple to understand. Items in <>'s are items you should replace with actual data, for example, <username> means put in the required username. Do not include the <>'s. The square brackets []'s indicate optional parts, that is, you can specify them if you wish, but they are not necessary.

While it is permissible to use :80 on the end of a web address, it is not required, as web browsers use port 80 as the default when accessing web sites. You need only specify the port if your iCatcher is listening on a port OTHER than 80.

To clarify the web address syntax further, a few examples of valid addresses are:

http://icatcher@icatcher.corporation.net/

http://cctv.company.com:82/

http://viewer:nopeeking@cameras.plc.co.uk/

and so on.

As mentioned above, you can test iCatcher locally by using the hostname "localhost". i-Catcher Sentry/Wildlife will show you the latest image captured, where as iCatcher Console will show the full Console site page, allowing you to browse all available feeds, and access numerous other features. For i-Catcher Sentry/Wildlife, a page showing a continually updated image can be accessed by adding "live.htm" to the end of the web address. The full list of pages available in iCatcher is beyond the scope of this document, and you are advised to consult the relevant help files for more information.

Finishing off

If all has gone well, and your network is configured correctly, then your iCatcher installation should be visible on the internet (while you are connected). The same process used to access the HTTP Servers locally can be used from the internet as well, and also from any point on your network (if you have one). Keep in mind however, that as you move around, the hostname/IP Address you need to use may change. If you are browsing from the same computer as iCatcher is running on, then you are safe with "localhost". If you are on a local network, then from elsewhere on that network, you will need to enter the hostname/IP address of the iCatcher computer on the network. If you are browsing from the internet, then you will need to enter the IP address that the iCatcher computer is connected through. Some networks (particularly compnay networks) have a fixed IP address and hostname of their internet connection, in which case you can use that.

Problems beyond your control

Unfortunately, in the modern world of the internet, with the upsurge in Denial-of-Service attacks, Unsolicited Commercial Email (Spam), and use of unauthorised or maliciously used servers, you may find that despite all your efforts, your iCatcher system is still not available online. Many Internet Service Providers are imposing strict firewalls, and awkward proxy systems to circumvent misuse of the internet by blocking customers from running any kind of server. One particular ISP in the UK is FreeServe, who's firewall/proxy setup is so complex and restrictive, that a lot innocent client connections are blocked, including those that may be standard service connections.

If you are in such a situation, there isn't much you can do to resolve the problem. You can try to contact your ISP and ask them to lift the restrictions, however since most ISPs use a dynamic connection system, they will most likely tell you that it would be near impossible to make an exception for you, and that to remove the restriction outright would impose a security risk.

Some ISPs with slightly less restrictions may allow you to get around their firewall/proxy by using a port normally reserved for a system service. In particular, port 113 (username identify) is allowed by some ISPs as it used by numerous chat room systems to identify you, be aware however that using standard service ports to run iCatcher servers could well cause more problems than it solves.

i-Catcher Video Server - A special case

i-Catcher Video Server is a special case for the iCatcher Software. i-Catcher Video Server is intended as a simple Video-to-HTTP converter of sorts, and as such doesn't have any of the advanced features of the the HTTP Server in Console for example, such as remote administration, etc. The HTTP Server in i-Catcher Video Server is configurable directly from the main window of the application, and has the same format as that of iCatcher Console and Sentry/Wildlife. The network configuration for i-Catcher Video Server includes an additional settings, "Maximum Connections". This field specifies how many connections to limit to. Since i-Catcher Video Server is a smaller module, it is not intended to be accessed by a web browser, and thus there is no need to support large numbers of connections simultaneously.

The intention with i-Catcher Video Server is to provide a source of network feeds for iCatcher Console or Sentry/Wildlife. The same syntax used above for accessing the HTTP Server can be used to form an address to use as a network feed address. i-Catcher Video Server does have web pages that can be viewed with a web browser for convenience, but it is not intended that i-Catcher Video Server should be online. i-Catcher Video Server feed pages however, do allow you to monitor the application's activity, and also show you a sample feed address which you can copy and paste into iCatcher. This address is a "best guess", based on i-Catcher Video Server's ability to determine your system's hostname.

Network Camera Addresses

iCatcher is a kind of network appliance, that is, it can be put on a network and provide services. The procedures and principals outlined above can be easily applied to any kind of network appliance, including the Axis Network Cameras. These cameras can be used as a network feed like any other network device capable of outputting an image via an HTTP server. The same web address syntax applies, and you need only to consult your camera's documentation to discover the full path to the network feed.

At time of writing, there is a Network Feed helper component being added to iCatcher. This component will list common sources of network feeds, including Axis Network Cameras and Video Servers, as well as other common network video appliances, and of course i-Catcher Video Server. The helper will be able to determine the correct feed address from the information you supply, simplifying this whole process greatly.

Conclusion

Hopefully this HowTo has provided sufficient information to help you get iCatcher online and sharing your video feeds with the world, in a vareity of common networking situations in use today. If you feel there is something we have missed, or you require further assistance, our technical support is always available to help you.

If you are interested in developing your iCatcher web interface further, you may be interested in reading on setting up templates. Templates allow you to customise the website offered by iCatcher, and allow you to insert dynamic data sourced from iCatcher making your site even more versatile.