Difference between revisions of "Multi Port"

From ZoneMinder Wiki
Jump to navigationJump to search
m
m
 
(2 intermediate revisions by the same user not shown)
Line 102: Line 102:
If you are unable or prefer not to modify your webserver configuration, you can also use Linux firewall functionality to redirect a range of incoming high ports to the configured webserver listening port.  This will work with both Apache and Nginx based Zoneminder installs.
If you are unable or prefer not to modify your webserver configuration, you can also use Linux firewall functionality to redirect a range of incoming high ports to the configured webserver listening port.  This will work with both Apache and Nginx based Zoneminder installs.


The following rules are are for iptables firewalls and are working on my RHEL based server.  If you use another firewall such as nftables, firewalld, ufw, etc., you will have to translate them accordingly.  AI is very helpful for tasks such as this.
The following rules are are for iptables firewalls and are working on my RHEL based server.  If you use another firewall or frontend such as nftables, firewalld, ufw, etc., you will have to translate them accordingly.  AI is very helpful for tasks such as this.


<pre>iptables -t nat -A PREROUTING -p tcp -m multiport --dports 30000:30100 -j REDIRECT --to-ports 443</pre>
<pre>iptables -t nat -A PREROUTING -p tcp -m multiport --dports 30000:30100 -j REDIRECT --to-ports 443</pre>


If you are running a headless Zoneminder install this one rule is all you will need.  Replace 30000:30100 with the range of ports you want to redirect.  Of course this has to match the multiport starting port in Zoneminder's network settings.  You can also use port 80 as destination if you don't use https, or whatever other port your webserver listens on.
If you are running a headless Zoneminder install the above rule is all you will need.  Replace 30000:30100 with the range of ports you want to redirect.  Of course this has to match the multiport starting port in Zoneminder's network settings.  You can also use port 80 as destination if you don't use https, or whatever other port your webserver listens on.  You can quickly check it is working by browsing to http(s)://yourzomeminderserver:30099 (or some other redirected port).


If your ZM server has a graphical Linux install and a directly connected display, you will also need some additional configuration to make this work on the local desktop as internal traffic does not use the same prerouting rules.  First you need to enable routing on the localnet network.  Only do this if you trust the other devices on your local LAN, don't do this if you connect directly to the internet.  Add the following line to /etc/sysctl.conf (or the appropriate location for your distribution).  
If your ZM server has a graphical Linux install and a directly connected display, you will also need some additional configuration to make this work as localhost traffic does not use the same prerouting rules.  First you need to enable routing on the localnet network.  Only do this if you trust the other devices on your local LAN, don't do this if you connect directly to the internet.  Add the following line to /etc/sysctl.conf (or the appropriate location for your distribution).  


<pre>net.ipv4.conf.all.route_localnet = 1</pre>
<pre>net.ipv4.conf.all.route_localnet = 1</pre>
Line 116: Line 116:
<pre>iptables -t nat -I OUTPUT -p tcp -o lo --dport 30000:30100 -j REDIRECT --to-ports 443</pre>
<pre>iptables -t nat -I OUTPUT -p tcp -o lo --dport 30000:30100 -j REDIRECT --to-ports 443</pre>


That's it! Be sure to make any rules you add persistent across reboots with whatever firewall management method you are using.
That's it. Be sure to make any rules you add persistent across reboots with whatever firewall management method you are using.

Latest revision as of 12:29, 14 January 2026

All browsers currently have a limitation where there can only be 6 connections to a server. This can be gotten around by using multi port, or by adjusting a Firefox about:config setting.

Apache Settings for Multi Port

This is the optimal approach as it will work on any browser. If you are in a commercial setting, or have other users besides yourself, it is almost required to setup Multi Port through Apache. If on the other hand you are on your own, you may consider simply using Firefox. Multi port, does just what it says: It will redirect multiple server connections through different ports, which is a workaround for the browser security limitation.

Here are some quick configs for 50 cameras. Note: The below config has been confirmed to work with only HTTP. HTTPS may need additional configuration. If you get an error about missing a > bracket on the 000-default.conf, make it so all these _default_:#### are on one line. Then it will work. It's not easy to read it in that format, so it has been justified for viewing here.

/etc/apache2/sites-available/000-default.conf:

<VirtualHost _default_:80 _default_:30000
        _default_:30001 _default_:30002 _default_:30003 _default_:30004
        _default_:30005 _default_:30006 _default_:30007 _default_:30008 _default_:30009 _default_:30010
_default_:30011 _default_:30012 _default_:30013 _default_:30014
_default_:30015 _default_:30016 _default_:30017 _default_:30018
_default_:30019 _default_:30020 _default_:30021 _default_:30022
_default_:30023 _default_:30024 _default_:30025 _default_:30026
_default_:30027 _default_:30028 _default_:30029 _default_:30030
_default_:30031 _default_:30032 _default_:30033 _default_:30034
_default_:30035 _default_:30036 _default_:30037 _default_:30038
_default_:30039 _default_:30040 _default_:30041 _default_:30042
_default_:30043 _default_:30044 _default_:30045 _default_:30046
_default_:30047 _default_:30048 _default_:30049 _default_:30050>

/etc/apache2/ports.conf:

Note:this doesn't include everything in the file. Make sure to insert into the existing ports file where changes are appropriate and not simply clobber the original file with below. 

        Listen 80
        Listen 30000
        Listen 30001
        Listen 30002
        Listen 30003
        Listen 30004
        Listen 30005
        Listen 30006
        Listen 30007
        Listen 30008
        Listen 30009
        Listen 30010
        Listen 30011
        Listen 30012
        Listen 30013
        Listen 30014
        Listen 30015
        Listen 30016
        Listen 30017
        Listen 30018
        Listen 30019
        Listen 30020
        Listen 30021
        Listen 30022
        Listen 30023
        Listen 30024
        Listen 30025
        Listen 30026
        Listen 30027
        Listen 30028
        Listen 30029
        Listen 30030
        Listen 30031
        Listen 30032
        Listen 30033
        Listen 30034
        Listen 30035
        Listen 30036
        Listen 30037
        Listen 30038
        Listen 30039
        Listen 30040
        Listen 30041
        Listen 30042
        Listen 30043
        Listen 30044
        Listen 30045
        Listen 30046
        Listen 30047
        Listen 30048
        Listen 30049
        Listen 30050

You will also need to enable multi port in Zoneminder options. Please read the medium guide below for more information.

Resources

Firefox About:Config

In Firefox you can make a change to the configuration to get cameras to display. First go to about:config . And search for, then adjust Network.http.max-persistent-connections-per-server. The max persistent connections per server must be > 6 in order to see > 6 camera streams. It can be set to any number, so perhaps you might set it to 100 or 150.


Firefox About Config Edit.png

Resources

The forum will have a number of posts regarding this change. It has been discussed extensively. Such as:

Alternative firewall based method

If you are unable or prefer not to modify your webserver configuration, you can also use Linux firewall functionality to redirect a range of incoming high ports to the configured webserver listening port. This will work with both Apache and Nginx based Zoneminder installs.

The following rules are are for iptables firewalls and are working on my RHEL based server. If you use another firewall or frontend such as nftables, firewalld, ufw, etc., you will have to translate them accordingly. AI is very helpful for tasks such as this. 

iptables -t nat -A PREROUTING -p tcp -m multiport --dports 30000:30100 -j REDIRECT --to-ports 443

If you are running a headless Zoneminder install the above rule is all you will need. Replace 30000:30100 with the range of ports you want to redirect. Of course this has to match the multiport starting port in Zoneminder's network settings. You can also use port 80 as destination if you don't use https, or whatever other port your webserver listens on. You can quickly check it is working by browsing to http(s)://yourzomeminderserver:30099 (or some other redirected port).

If your ZM server has a graphical Linux install and a directly connected display, you will also need some additional configuration to make this work as localhost traffic does not use the same prerouting rules. First you need to enable routing on the localnet network. Only do this if you trust the other devices on your local LAN, don't do this if you connect directly to the internet. Add the following line to /etc/sysctl.conf (or the appropriate location for your distribution). 

net.ipv4.conf.all.route_localnet = 1

You can apply it immediately with sysctl -p. Then you need to add a second firewall rule to redirect the loopback address ports. Use the same port range and destination port as the previous rule. 

iptables -t nat -I OUTPUT -p tcp -o lo --dport 30000:30100 -j REDIRECT --to-ports 443

That's it. Be sure to make any rules you add persistent across reboots with whatever firewall management method you are using.

Retrieved from "http://wiki.staging.zoneminder.com/index.php?title=Multi_Port&oldid=17878"