How to access 8 IP cam on lan from wan
-
hi and thanks
i am looking now at the ip cam site http://www.networkipcamera.com/faq_009-java.php
trying to understand it. -
Their cameras really seem to use multiple ports: http://www.networkipcamera.com/faq_004_soho.php
So you have to modify all of those ports on each cam so that each cam has unique ports and add a bunch of portforwards/firewallrules for each. Btw, you can make this much easier by adding portaliases for the cams and reduce the number of portforwards/firewallrules this way ;)
-
thanks again and again, ill go to site tomorrow and work on that
hadi57
-
hi
i went today and changed the video and web ports for all cams as well so my nat and fw looks like this but still cant access the cams i don't know what i did wrong:
-
Just a quick observation:
If you NAT 15973 UDP you should firewall this as 15973 UDP as well. Not TCP… -
How do you check that you cannot reach the cams from WAN?
If you're sitting behind a consumer router, usually doing just NAT, this is doable.
Since you are using pfSense in this install, chances are, you are behind a pfSense at home/in your office as well.
If you only opened http(s) ports for surfing there, you'll never get to school-ip:810. Then the problem is on the other side of the connection. -
hi
the port 15973 tcp is now udp
i am checking from home:
1- with pfbox connected.
2- without pfbox connected directly to dsl routeri try changing the 1st line https:443 to allow any so every thing is wide open like before, but still couldn't to connect to the school ip cams. i still don't know where is the problem, is it ok i give you the access to the server for a check? it will be really appreciable.
thank you again.
-
I'm on holidays starting tomorrow.
-
How about an entirely different approach? ZoneMinder!
Setup a Linux host on your private network running ZoneMinder to create a single centralized point to access all cams.
Then you only have a single host to worry about when it comes to providing public access via your pfSense firewall. :)
Oh, and you want per-parent user access control, I would go a step further and setup OpenVPN connectivity - I always perfer VPN to poking holes in a firewall when it comes to providing access to hosts on my private network. If you are going to control user access instead of just have open public access, you should always implement VPN rather than poke holes in my opinion.
You could then create your time-of-day requirements on pfSense (rule only allows the OpenVPN connections during certain time frame) and manage your user access accounts on the ZM box.
-
thanks a lot for the advice, i download zm long ago, but never tried it, so i ll follow your advice and try it and post here what happens.
thanks again
-
i was trying today to log in to one ip cam, it started to log but it took very long almost 10 minutes, i see the image frame but not the image itself, i mean white image.
-
hi
it is working i changed the IP cam model # and working perfectly.
thanks a lot for all the help
-
hi again
now i requested to make schedule rule for each cam to be available at a certain time of the day to be accessible publicaly, so i went to firewall > schedules to create a time rule for one of the cameras, i saw schedule name and description, how do i make this related to camera a or b or c etc…
thanks in advance for the help
-
You need to create a rule for each cam and assign the schedule to it.
Beware that schedules work a bit differently from the rest of the rules. It's mentioned when creating them, IIRC.
-
hi
i saw the schedule, but time is quarterly based is there any other option like 5 minutes base. one more thing caw we add yearly based rule too.
thank you
haddi57 -
No and No. Actually these rules are on a per year basis iirc. So if you block let's say on January the 1st it will block on that day every year (2008, 2009, 2010,…). Why is a 15 minute slice not enough? A Cronjob will run every 15 minutes to see if the ruleset has to be changed and recreate and reload the filter if needed. Making smaller slices will put additional load on the firewall as it would have to check for changes more often. We thought 15 minutes intervals should be enough usually.
