PORT FORWARD TO CCTV DVR

sriraminfotec

OK now I am able access my pfSense WEB GUI from my mobile (using a different internet connection and mydvr.dyndns.org at the address bar). I set a firewall (NAT) rule as follows
Interface  WAN
Protocol TCP
Destination Any
Destination Port https
redirect target ip ipAddress of the pfSense
redirect target port   https

I did not make any changes to source using the advanced button. it is at any

Can you please help me to forward this to my dvr (device) from this point onward.\
thanks a lot

Metu69salemi

redirect access to your cctv device if you want to redirect traffic there. you almost got it.

sriraminfotec

Hi Metu69Salemi,
Thanks ! But your reply is quite in broad aspect. I did try that by trying to redirect to the dvr. Yet I am not able to access the dvr.

sriraminfotec

I checked the logs. I saw an entry showing the ip address of the external internet connection against the incoming internet with port (8900 of the CCTV) under the normal view firewall entry. I added this under easy rule add. With this i am getting the pfsense web gui as against the cctv.

Metu69salemi

reply with your wan and portforward rules. and there the knowledge of what ports this dvr listens for webui and what ports you want to use externally.

sriraminfotec

Hi
I think we are in different time zones. Anyway I have uploaded the pdf file with nat rules and portforwarding here http://min.us/mtNrSJ9DL

Hope you can access it.
The DVR has ip address 192.168.1.150 and listens on port 8000. The http port of DVR is 80.
The pfSense is configured for secure access. it listens on port 443. As of now even that is blocked. But when I do the easy firewall rule add, i can get teh webgui of pfsense. (All this from different net connection).
I have checked the disable webconfigurator redirect rule.
So what is going wrong
Thanks for your responses.

Metu69salemi

This works like a buick. I haven't had not a single problem with portforwarding.

Start all over. I think that you're over complicating things.
1) remove portforwards
2) remove belogning wan rule.
3) Start creating new portforward ( Firewall:NAT:Port Forward)
	Disabled:	unchecked
	No RDR:		unchecked
	Interface:	WAN
	Protocol:	TCP
	Source:		1.38.175.63 ( I would leave any, but this was IP you provided)
	Source port:	any
	Destination:	Wan address
	Dest. Port:	80
	Redirect ..:	192.168.1.150
	Redirect port:	80 or 8000 which one is wanted webui
	Description:	DVR
	No XMLRPC S..:	unchecked
	NAT reflec:	use system default
	Filter rule as:	Add associated filter rule
4) Apply changes
5) Check your firewall rule
	Action:		Pass
	Disabled:	unchecked
	Interface:	leave as is
	Protocol:	leave as is
	Source:		leave as is
	Destination:	leave as is
	Dest.port:	leave as is
	Log:		up to you
	Description:	leave as is

6) Test it. Should work like a buick

My home address resides in western Europe

sriraminfotec

Hi
Thanks for your response.
I did this same setting at the very first instance. Failing which I tried the other options. Anyway, I will start from the scratch again and update you.

sriraminfotec

Hi
I am going crazy. feeling throwing out the box and going for other fw or hardware.
The same problem persists.

sriraminfotec

Hi
At last got it. This is wat i did.  http://blog.linuxniche.net/2009/09/need-a-firewall-part-2/ The aliasing for ports did the trick.

I need to use both 80 and 8000 port of the DVR. so with this i could get it going. But now the final catch. When I enable captive portal I am not able to connect over dyndns.
is there a solution for this.

Metu69salemi

Dont know, i'm not using CP at this point anywhere. Maybe someone more experienced pfsense user will be able to help you

sriraminfotec

Hi
Thanks for your replies. I could get it up and running.  Of course, I did a factory reset also. I just added an alias for the ports needed by the dvr. When to NAT port settings and did the rest as per Metu69 advise. Only I used the alias for the ports. The Source was any.
It started working like a charm.
Now I wanted to have captive portal so that any one accessing the DVR from the remote using the dynamic dns address should be presented with a login screen for access to the dvr. But I think this is not possible. Somewhere else I read that this is called reverse captive portal. I am not sure so I request others not to take this as the last word on CP.
Please suggest how security can be achieved if not using CP.
Thanks