Some basic and advanced questions..
-
well for 1) I dont know,
but 2) definetly does not work.
the mac address of your iphone does not get broadcastet over the complete internet, it just gets broadcastet to the next router which is your UTMS provider or smth like that.
simple put up an authentication page infront of your webcam and use a good password :)
-
I forgot to mention that I tried the dns forwarder option.. but this only works with domain names. I want to be able to use http://webserver01 instead of http://webserver.home.local (the last option does work with the dns forwarder btw)
-
I can't modify the webpage software on this ip cam device.. so not much I can do :(
-
-
well for 2nd,
if you have your webserver running all the time, you can setup a proxy-host in apache with an authentication page, which after successfull auth on the apache redirects you to your web-camcheck mod_proxy
-
well for 1) I dont know,
but 2) definetly does not work.
the mac address of your iphone does not get broadcastet over the complete internet, it just gets broadcastet to the next router which is your UTMS provider or smth like that.
simple put up an authentication page infront of your webcam and use a good password :)
-
I forgot to mention that I tried the dns forwarder option.. but this only works with domain names. I want to be able to use http://webserver01 instead of http://webserver.home.local (the last option does work with the dns forwarder btw)
-
I can't modify the webpage software on this ip cam device.. so not much I can do :(
- DNS forwarder is sufficient for this. I use https://fw/ without a problem to connect to firewall and http://srv/ to my webserver.
-
-
Windows machines work because of netbios broadcasting/spamming the network looking for a response.
Under your DHCP settings on pfsense, make sure it is issuing itself as the DNS server to clients. Check your windows/apache boxes to make sure the DNS listed is the pfsense IP address. I use the DHCP forwarding service and I have no problems with using hostname alone.
Alternatively, you can also set static DNS entries under the DNS forwarder options. (Also required your computers are set to use the pfsense as the DNS server)
MACs can be spoofed just as easily. Like a previous posted mentioned you can put some sort of authentication on the apache server. If you're accessing it from your iphone or other wireless device, maybe just allow a speific subnet. (4.5.0.0/24 or w/e the CIDR range is for something like that, I never got that down pat) How many AT&T iphones are port-scanning and hacking lol? This will at least reduce the odds considerably.
-
- DNS forwarder is sufficient for this. I use https://fw/ without a problem to connect to firewall and http://srv/ to my webserver.
I tried setting this up but it requires me to enter a domain name. In my case this is home.local. (pfsense is fw01.home.local)
I tried adding a static entry with webserver01.home.local but I can only access it with the domain name and not with http://webserver01.
Not sure why it's not working :(
@heavy1metal:
Windows machines work because of netbios broadcasting/spamming the network looking for a response.
Under your DHCP settings on pfsense, make sure it is issuing itself as the DNS server to clients. Check your windows/apache boxes to make sure the DNS listed is the pfsense IP address. I use the DHCP forwarding service and I have no problems with using hostname alone.
Alternatively, you can also set static DNS entries under the DNS forwarder options. (Also required your computers are set to use the pfsense as the DNS server)
MACs can be spoofed just as easily. Like a previous posted mentioned you can put some sort of authentication on the apache server. If you're accessing it from your iphone or other wireless device, maybe just allow a speific subnet. (4.5.0.0/24 or w/e the CIDR range is for something like that, I never got that down pat) How many AT&T iphones are port-scanning and hacking lol? This will at least reduce the odds considerably.
Yeah I figured it was netbios spamming. Dhcp –> the dns ip are blank so it will use it's default pfsense gateway ip.
Authentication on another server is pretty pointless I think because I would have to make a nat entry to the apache server and then forward them to the webcam:ip page. If people were to guess the ip:port combo they could skip the apache page :P. I might aswel leave the apache nat entry out of the picture and just use the ip:port combo and hope they don't scan it ;)
-
1. The DNS forwarder works for me. I have pfSense set to send itself as the DNS entry in DHCP, and then it relays the DNS query out to whatever DNS provider I choose. You can leave it set to your ISPs server or use OpenDNS, as I do. Make sure you check the box that adds your DHCP leases to the DNS server. I forget whether it's in the DHCP or DNS screen.
2. Why not set up a VPN? Then you don't need to enable any outside access, and you can do a lot of other neat things with it as well.
-
-
I have the DHCP register in DNS checked, DNS forwarder enabled, made a static entry and still no go. On my own pc I have even set the dns server manualy in the adapter settings window.
-
VPN is not really an option when you want to quickly check the camera, or the webmail when on a different network, internet cafe, hotel etc. In my opinion VPN is more of a risk because you physicaly connect both networks.. I rather have one NAT entry mapped and the rest closed.
-
-
Applications nslookup and dig are useful for debugging name service problems. They both report the name server used and various levels of information returned by name servers.
Here are a couple of entries from the DNS forwarder on my system:
Host Domain IP Description
pf-wan example.org 192.168.37.36 WAN interface of pfSense box
zyxel example.org 192.168.37.21 Zyxel ADSL modempfSense domain is example.org and on the PCs on my network a DNS lookup of zyxel or zyxel.example.org both return 192.168.37.21
-
maybe DHCP is not setting the correct search domain, you should have "home.local"
on linux its in /etc/resolv.conf file
search home.local
nameserver ip-hereunder windows its called dns-suffix-search-list
ipconfig /all
will list that.
-
To get that working, you have to enable the dns-forwarder and have both options "Register DHCP…" enabled. The dns-forwarder acts as a small dns-server, which will fullfile all requests inside your homenet.
Now you get your webserver via http://webserver01.local at your net. If you now enter at the DHCP-settings-page under "Search domain list" "local" (without the ""), then you will find your webserver via http://webserver01.
Hope that will answer your questions. No host-file-hacking necessary.
Good luck!