How to block my calling home foscam ip camera.
-
I see blank/nothing for this:
-
I see there a picture.
The cameras alias has of course the ipcam ip in it
i set cameras alias as source and block to all *
Then you see on the pic the dynamic view of the firewall log were we see still those incoming udp connections.Wen i power off the camera then those udp connections stop.
How can the cam connect out to the internet wen i block everything coming in from the cam?
It still somehow triggers those incoming connections. -
BTW i just reset states few minutes ago after your tip and it did not change anything.
-
can you not just attach the picture to post - I don't see anything.. work firewall blocking access to image hosting sites most likely.
As to how it can get there is because your not blocking it.. Rules are evaluated top down, first rule wins.. So if you have a rule above that says any any and then a rule that says block the block rule is never hit would be my guess.
-
Check if there are floating rules?
-
So just looked via none work proxy and yeah that rule should block - other than your alias is not working.. What is in your cameras alias?
What are you trying to show your firewall log shows a bunch of blocked UDP traffic to your wan.. How is that your cameras???
-
It is just that what was the problem.
Just before i read the last posts here i exchanged the alias for the plain IP address and voila problem solved pfffff unrealThe alias looks like this:
I also added the pic as attachment.
-
What are you trying to show your firewall log shows a bunch of blocked UDP traffic to your wan.. How is that your cameras???
I my earlier posts i wrote that those wan udp connections get triggered by the cam. everytime the cam is powered on those udp connectoins start going up. so the cam is triggering that even wen i thought i have blocked the camera. Wen i power off the camera those udp connections on the wan stop.
But i/we now know wat the problem was. Probably some bug in the alias system. I don't know i'm happy i finally blocked the cam "calling home".
-
You can always check what is in your alias via the diag, tables section. See there is a alias I use to list the IPs of my AP.
-
Great tips Johnpoz did not know this one either.
I checked the CAMERAS alias in the diag / tables and it shows the right IP. Still i think there is something wrong with the aliases system since the IP is the right one.
With the alias set it did not work with the IP address in place of the alias it does work. -
I am not having any problems - if I did then none of my eap-tls wifi clients could connect because that alias allows my AP to talk to the radius server..
Use lots of aliases - if they were not working I would have lots of stuff broken
-
I know i use many aliases they work also but this one did not.
I have no idea why.I'm happy the problem is solved but it is still strange.
I would like to use the alias. I try again later with a new created alias if it is still a problem then.Same here with my AP's i use also aliases and also wpa2-eap with dynamic vlans but that another story.
If all aliases would not work i would have a big problem too of course :) -
For another time I would be curious to swap war stories with you on how your doing dynamic vlans on your wifi, what AP you using? Unifi? You running freerad on pfsense?
-
yep yep Ubiquiti unifi uap pro gen 1
Yes I use freeradius package in pfsense and a mysql backend in a openvz virtual container (local openvz server).
Because I have everything in a DB I can use a webbased gui.It works very well
I have several groups and every group has its users and every group has a vlan id set (see the pic below).
wen a user is in group A it replies vlan id from group A to the AP's.This is a pic from the beginning i still use it the exact same way just more and other named groups.
-
It looks like the 3 ip's are in the same network that is not so they are:
10.10.10.0/26
10.10.10.64/26
10.10.10.128/26
10.10.10.192/26Because I liked to play with cidr few years ago :)
