Help needed with Firewall rule for...
-
New to firewalls, 1st post here. First use of pfSense. Lots of firsts. Which is prob why i don't know what to call this post.
Here is the issue, its a bit long so please work with me here...
I have a milestone xprotect cctv server setup on a desktop computer. Its been working for about 1.5 years now. no issues.
To make this as short as possible...
I setup this server on a netgear router but recently switched to an esxi server with pfsense as my router. Everything seems to be working fine. LAN, WAN, internet access, etc. all working fine.
The cell phone app Milestone needs to have a certificate (only the phone) to access the server, so no port forwarding the server ip address through the firewall, putting the ip address to the server in the app and connecting.
You need to have a certificate connected to a CA (self singed no good either) so to do that I did what they said and signed up with a certain website and did the whole thing and got my cert and loaded it onto the server.
Then I put the DYNDNS domain provided to me in the phone app and set the ports all was good. lets say its: xxxx.camera.org
Then I switched to pfSense and the app stopped working. So yeah, of course port the internal IP through the firewall. done... and that worked partially.
Funny thing is... and here is the issue.
I can connect to my cctv server through the app on my phones when I'm on cellular data but cannot connect to it when I'm on my WiFi.
So i have to go from inside (internal LAN) to outside (xxxx.camera.org) back to the inside Milestone CCTV server).
I can connect when I'm outside coming in but cannot connect when im inside going out then back in.
I'm too new to this to figure out what I need to do, thus my ridiculously long post.
Any help would be great.
Thank you for taking the time to read this...EDIT: It looks like I may need to do this but the directions vary from my interface, must be from a previous version. Can anyone translate?
HTTPS : //pfsense-docs.readthedocs.io/en/latest/nat/accessing-port-forwards-from-local-networks.html -
@zaileion Anyone have any ideas? I've been working on it pretty much the entire time and no luck...
-
@zaileion
Yeah, pfSense does not all the crappy things by default which most consumer routers do.@zaileion said in Help needed with Firewall rule for...:
EDIT: It looks like I may need to do this but the directions vary from my interface, must be from a previous version. Can anyone translate?
HTTPS : //pfsense-docs.readthedocs.io/en/latest/nat/accessing-port-forwards-from-local-networks.htmlSeems you're on the correct path.
If you use pfSense for DSN resolution, what is the common setup, you can go with DNS host override, described in the Split DNS section. This method is more reliable.
You may use the DNS Resolver. So go into the settings: Services > DNS Resolver. Go down to Host Overrides and add an override for your DynDNS name xxxx.camera.org.
Put "xxxx" into the Host field and "camera.org" into Domain. At IP address enter the internal IP of the cctv server. -
ABSOLUTELY FANTASTIC!
Thank you so much for the help! It worked!!
I have been trying and trying but was not successful even with the split DNS prob cause i didn't set it up right but the DNS resolver option worked flawlessly and was easy.
Thank you again!
Also, I know pfSense doesn't allow all the crappy stuff home routers do and is the primary reason for switching to a pfSense router VM. My network is faster and my internet seems faster also most likely due to the additional resources allocated to the pfSense VM or its just an illusion created by my feeling success in setting everything up.
Either way this is done and working and I thank you for the support!