Reefcam
-
How are you trying to connect to it? Via some app?
What do the camera instructions tell you to do?
If you don't add a port forward you would need to connect via a cloud server of some sort.
Steve
-
@stephenw10 said in Reefcam:
How are you trying to connect to it? Via some app?
What do the camera instructions tell you to do?
If you don't add a port forward you would need to connect via a cloud server of some sort.
Steve
Hi Steve,
Thanks very much for the reply.
It's via the reef-cam app (iphone).
I've followed camera instructions etc. Gotten to the end of that.Basically it has a UID which connects to a cloud service (I think). As in the videos, you connect to your internet connection (wired/wireless) and the red light should go green (on the reef-cam box, which is connected to camera via USB). Mine stays red when connected.
The basic idea is, you can setup your reef-cam on internet access, it connects to cloud service and then your friends can use the reefcam by just scanning the barcode using their phone (or typing in the UID code) and set it up remotely with just UID, Camera name and password.I can connect to the camera over local wifi (IE, my phone/camera on same wireless subnet) but over 4G etc it's not reachable. I can login via web browser from my laptop directly to the IP to see more options etc also.
Hope that helps?
Thanks
-
@redhammer999 said in Reefcam:
21:58:10.979557 IP 10.10.11.5.35120 > 239.255.255.250.1900: UDP, length 372
21:58:11.005125 IP 10.10.11.5.35120 > 239.255.255.250.1900: UDP, length 444The cam is at 10.10.11.5?
That looks like UPnP traffic. UPnP is disabled by default in pfSense because of the security implications. The reefcam might require UPnP to open a port forward in the firewall for external access. You might also be able to add a forward manually.
https://docs.netgate.com/pfsense/en/latest/services/upnp.htmlIf you need to enable UPnP you should add restrictions so that only the reefcam can open ports.
You have a link to the cam instructions?
Steve
-
@stephenw10 said in Reefcam:
@redhammer999 said in Reefcam:
21:58:10.979557 IP 10.10.11.5.35120 > 239.255.255.250.1900: UDP, length 372
21:58:11.005125 IP 10.10.11.5.35120 > 239.255.255.250.1900: UDP, length 444The cam is at 10.10.11.5?
That looks like UPnP traffic. UPnP is disabled by default in pfSense because of the security implications. The reefcam might require UPnP to open a port forward in the firewall for external access. You might also be able to add a forward manually.
https://docs.netgate.com/pfsense/en/latest/services/upnp.htmlIf you need to enable UPnP you should add restrictions so that only the reefcam can open ports.
You have a link to the cam instructions?
Thanks again for the reply.
10.10.11.5 is the camera - correct.
Looking over your link there, I understand fair enough the UPNP. So I can essentially open it up but Solely to that IP address is basically an option? What is the port forward etc I may need to setup though, any idea?Manual can be found here:
https://www.manualslib.com/products/Tmc-Aquarium-Reef-Cam-10923373.htmlThanks
Red -
Mmm, nothing useful in that manual at all!
Manufacturers of IoT devices like this seems to prefer giving the user little to no info or options for some reason.....
But given they seem to be expecting it to 'just work' it's either streaming all video via some external cloud server or using UPnP. Streaming via cloud server is waaaay more expensive for them so assume UPnP!
First just try enabling UPnP without restrictions as a test. Check the Status > UPnP page to make sire the camera (and only the camera) is opening a port as expected. Once you've tested it's working you can add restrictions.
A device like that I would definitely want to have on a separate firewalled subnet if you can.
Steve
-
@stephenw10 said in Reefcam:
Mmm, nothing useful in that manual at all!
Manufacturers of IoT devices like this seems to prefer giving the user little to no info or options for some reason.....
But given they seem to be expecting it to 'just work' it's either streaming all video via some external cloud server or using UPnP. Streaming via cloud server is waaaay more expensive for them so assume UPnP!
First just try enabling UPnP without restrictions as a test. Check the Status > UPnP page to make sire the camera (and only the camera) is opening a port as expected. Once you've tested it's working you can add restrictions.
A device like that I would definitely want to have on a separate firewalled subnet if you can.
Steve
Hi Steve,
Yeah, IOT devices give as little as possible info...
Ok so I enabled UPNP (including LAN of camera). Everything is open on it, go to status and see nothing still :( I've given it maybe 10 minutes now and rebooted the camera.
I've put it on the guest VLAN which has no access to my cctv subnet, server or my others. Though it does allow access to other devices on that subnet (generic phones, laptops etc).
Any further thoughts perhaps?
-
Hmm, you enabled both UPnP and NAT-PMP?
-
@redhammer999 said in Reefcam:
Some basic info below about cam:
Manufacturer WAVEREEF
Camera model SBT-IPC-01
Camera version IPC-01Are you sure that's correct? I can find nothing about that device. The manual you linked if for the TMC Reef-cam, is that the same thing?
There do seem to be quite a few reports of people hitting similar problems with that device.
Steve
-
@stephenw10 said in Reefcam:
Hmm, you enabled both UPnP and NAT-PMP?
Yes, both enabled.
IE:
Enable UPnP & NAT-PMP - ticked
Allow UPnP Port Mapping - ticked
Allow NAT-PMP Port Mapping - tickedOnly other settings were to change the internal interface (left external at WAN)
Log packets handled by UPnP & NAT-PMP rules - Ticked -
Are you behind double NAT? Does pfSense have a public IP on it's WAN? That will prevent UPnP working.
Steve
-
@stephenw10 said in Reefcam:
Are you behind double NAT? Does pfSense have a public IP on it's WAN? That will prevent UPnP working.
Steve
Hi Steve,
There's a modem (draytek Vigor 130 ADSL) in front of the PFSENSE box. It has a static WAN IP address.
WAN on PFSENSE is a PPPoE interface.
Has:
Block private networks and loopback addresses - Ticked
Block bogon networks - TickedEdit:
UPNP is on the device for sure (found it in a submenu). In PFSENSE in UPNP access control lists - do I have to explicitly allow using an ACL (even though at the moment "Default Deny" is not ticked?). -
@stephenw10 said in Reefcam:
@redhammer999 said in Reefcam:
Some basic info below about cam:
Manufacturer WAVEREEF
Camera model SBT-IPC-01
Camera version IPC-01Are you sure that's correct? I can find nothing about that device. The manual you linked if for the TMC Reef-cam, is that the same thing?
There do seem to be quite a few reports of people hitting similar problems with that device.
Steve
Hi Steve, This is correct for sure... so that manual is the correct one and the above info is a copy/paste from devices webpage (10.10.11.5 in my case).
Question also: should I be port forwarding at all?
UDP port 1900 is used for UPNP I believe? -
@redhammer999 said in Reefcam:
draytek Vigor 130 ADSL
That is a
"VDSL2/ADSL2+ Modem/ Firewall Router"If your behind a double nat UPnP isn't going to work..
-
@redhammer999 said in Reefcam:
draytek Vigor 130 ADSL
That is a
"VDSL2/ADSL2+ Modem/ Firewall Router"If your behind a double nat UPnP isn't going to work..
Hi @johnpoz
Thanks for clarifying, think I'm just a bit of a lost sole at this point...
So other options I have since I've found this menu:
UPNP - not an option
PPPoE setting, Needs, account, password and IP address
DDNS - Allows you to use a no-ip DDNS account (needs to use either eth0 OR PPPoE, but currently I'm using wireless?) + Account, password and hostnameWould I be able to use any of these or should I be using a direct port forward to achieve it connecting in? I guess the problem for me is, I don't know what port to use?
-
@redhammer999 problem with UPnP behind a double nat..
Your devices says hey router Im behind forward port xyz to me on your wan.. Problem is that router pfsense wan is rfc1918 (its behind another nat).
Now port xyz is never seen by pfsense wan.. If you want any hope for that to work you would need to put pfsense wan IP in the upstream routers what is common called dmz host.. So that all traffic is forwarded to pfsense wan IP. This way it if it sees traffic to port xyz, its says oh send that to device IP 123 via the request it did via UPnP
-
The Draytek V130 is, technically, a router but it's usually supplied and used in modem only mode.
If pfSense has it's WAN set as PPPoE it is in modem mode and you will have a public IP directly.
Are you in the UK? Using VDSL?
Steve
-
@stephenw10 said in Reefcam:
The Draytek V130 is, technically, a router but it's usually supplied and used in modem only mode.
If pfSense has it's WAN set as PPPoE it is in modem mode and you will have a public IP directly.
Are you in the UK? Using VDSL?
Steve
Hi Steve,
That's all correct. Scotland, UK but it's actually ADSL I think (standard broadband, not fibre 40mb/s down and around 12 up).
-
That's FTTC which is still VDSL. ADSL2+ is only good for 24Mbps. In the UK at least.
But that's good, you will have a public IP on WAN so UPnP should work if it's supposed to.
When googling this I saw a load of misinformation about this on a few fish keeping forums. I'm sure those guys know a lot more than me about marine aquariums but some of the stuff reported about pings not working over BTs network made me cringe!
However looking at your pcap there some of the things reported are also present. You can see the reefcam is pinging a few IPs but it sees no responses.
It does raise the possibility that whatever server it's trying to connect to so others can 'see' it as available is simply not there for some reason. Have you ever been able to connect externally to it at any other location? Behind a different router perhaps?Steve
-
@stephenw10 said in Reefcam:
whatever server it's trying to connect to so others can 'see' it as available is simply not there for some reason.
I few sites when looking for this device showed it discontinued - so yeah its quite possible the infrastructure that was in place for this to work, might just be gone.
Couldn't you just put a current webcam on the outside of the tank?
-
@stephenw10 said in Reefcam:
That's FTTC which is still VDSL. ADSL2+ is only good for 24Mbps. In the UK at least.
But that's good, you will have a public IP on WAN so UPnP should work if it's supposed to.
When googling this I saw a load of misinformation about this on a few fish keeping forums. I'm sure those guys know a lot more than me about marine aquariums but some of the stuff reported about pings not working over BTs network made me cringe!
However looking at your pcap there some of the things reported are also present. You can see the reefcam is pinging a few IPs but it sees no responses.
It does raise the possibility that whatever server it's trying to connect to so others can 'see' it as available is simply not there for some reason. Have you ever been able to connect externally to it at any other location? Behind a different router perhaps?Steve
Hi both,
So I've not tried another location (due to covid, pretty much keeping myself to myself).
What I'll do though is take it to my folks house, they have a standard (I think) talk talk router.Any suggestions for IF it does work there?
Hopefully the infra for it hasn't gone completely, that'd suck to be honest but hey ho. is the No-IP solution a possiblity do you think?
