PORT FORWARD TO CCTV DVR
-
OK now I am able access my pfSense WEB GUI from my mobile (using a different internet connection and mydvr.dyndns.org at the address bar). I set a firewall (NAT) rule as follows
Interface WAN
Protocol TCP
Destination Any
Destination Port https
redirect target ip ipAddress of the pfSense
redirect target port httpsI did not make any changes to source using the advanced button. it is at any
Can you please help me to forward this to my dvr (device) from this point onward.\
thanks a lot -
redirect access to your cctv device if you want to redirect traffic there. you almost got it.
-
Hi Metu69Salemi,
Thanks ! But your reply is quite in broad aspect. I did try that by trying to redirect to the dvr. Yet I am not able to access the dvr. -
I checked the logs. I saw an entry showing the ip address of the external internet connection against the incoming internet with port (8900 of the CCTV) under the normal view firewall entry. I added this under easy rule add. With this i am getting the pfsense web gui as against the cctv.
-
reply with your wan and portforward rules. and there the knowledge of what ports this dvr listens for webui and what ports you want to use externally.
-
Hi
I think we are in different time zones. Anyway I have uploaded the pdf file with nat rules and portforwarding here http://min.us/mtNrSJ9DLHope you can access it.
The DVR has ip address 192.168.1.150 and listens on port 8000. The http port of DVR is 80.
The pfSense is configured for secure access. it listens on port 443. As of now even that is blocked. But when I do the easy firewall rule add, i can get teh webgui of pfsense. (All this from different net connection).
I have checked the disable webconfigurator redirect rule.
So what is going wrong
Thanks for your responses. -
This works like a buick. I haven't had not a single problem with portforwarding.
Start all over. I think that you're over complicating things. 1) remove portforwards 2) remove belogning wan rule. 3) Start creating new portforward ( Firewall:NAT:Port Forward) Disabled: unchecked No RDR: unchecked Interface: WAN Protocol: TCP Source: 1.38.175.63 ( I would leave any, but this was IP you provided) Source port: any Destination: Wan address Dest. Port: 80 Redirect ..: 192.168.1.150 Redirect port: 80 or 8000 which one is wanted webui Description: DVR No XMLRPC S..: unchecked NAT reflec: use system default Filter rule as: Add associated filter rule 4) Apply changes 5) Check your firewall rule Action: Pass Disabled: unchecked Interface: leave as is Protocol: leave as is Source: leave as is Destination: leave as is Dest.port: leave as is Log: up to you Description: leave as is 6) Test it. Should work like a buick
My home address resides in western Europe
-
Hi
Thanks for your response.
I did this same setting at the very first instance. Failing which I tried the other options. Anyway, I will start from the scratch again and update you. -
Hi
I am going crazy. feeling throwing out the box and going for other fw or hardware.
The same problem persists. -
Hi
At last got it. This is wat i did. http://blog.linuxniche.net/2009/09/need-a-firewall-part-2/ The aliasing for ports did the trick.I need to use both 80 and 8000 port of the DVR. so with this i could get it going. But now the final catch. When I enable captive portal I am not able to connect over dyndns.
is there a solution for this. -
Dont know, i'm not using CP at this point anywhere. Maybe someone more experienced pfsense user will be able to help you
-
Hi
Thanks for your replies. I could get it up and running. Of course, I did a factory reset also. I just added an alias for the ports needed by the dvr. When to NAT port settings and did the rest as per Metu69 advise. Only I used the alias for the ports. The Source was any.
It started working like a charm.
Now I wanted to have captive portal so that any one accessing the DVR from the remote using the dynamic dns address should be presented with a login screen for access to the dvr. But I think this is not possible. Somewhere else I read that this is called reverse captive portal. I am not sure so I request others not to take this as the last word on CP.
Please suggest how security can be achieved if not using CP.
Thanks