Remote IP camera access dies after upgrade to 2.3.2

OldOneEye

I have version 2.2.4 installed protecting my home network it has the Snort package. I use a IP Video camera recording system that connects/records IP cameras, two of them are watching the doors at my house (local IPs) and two of them are watching the doors at my parents house (remote IP over internet, using two different ports)  they are accessed via IP port xxxx to the remote IP address of my parents house.

When I upgrade to 2.3.2 the remote camera stop showing up in my system.

I am lucky that I run my pfSense in VmWare and created a snap shot before the upgrade. that I have reverted back to 2.2.4.

Any Ideas as to what is being filtered and what setting to try

jahonix

Nope.

With the infos provided no help is possible. And my crystal ball is broken, sorry.
We don't even know how you access the remote cameras (IPSec, OpenVPN, …), if you can watch them from a browser locally or remote, nothing.

Your infos are similar to:
My car is broken and I need your help to fix it!
I drive to work every morning and back home in the evenings. It's parked in a garage.
After refueling yesterday it doesn't work anymore.
Any ideas what's wrong with it?

muswellhillbilly

If you know the port number your remote cameras are listening on, why don't you consult your firewall logs and filter them using that port number? You can then verify if the firewall is actually blocking the port or whether there is something else wrong.

How are you performing this upgrade? Are you removing packages and then doing an in-place upgrade, or are you taking a backup of your config, installing a fresh version and then restoring your backup to your system?

KOM

Any Ideas as to what is being filtered and what setting to try

No idea without more information, as others have already said.  Provide details of your NATs, port forwards, firewall rules on LAN and how you used to access the thingy and what happens now when you access the thingy, complete with any error messages.

Gertjan

I had some spare time yesterday, so I decide to repair my crystal ball.
Your question was just great to test it afterwards.

This is what I saw :
The issue is what your cameras is "seeing".
Snort is a "packet inspection system" and the new version that came with 2.3.2 doesn't like what your camera 'sees'. Snort kicks in and filters it out.
So : tell snort that your camera is trusted.

Can you confirm that my crystal ball is repaired ?

OldOneEye

There is no VPN. There is no NAT setup. it like accessing a web stream. there is no error it just stops reading the ip cams after the update.
I can use VNC to view the live stream of the cameras. I did not have to do anything to pfsense to get it working.

The software I use is "sighthound video" it records the "stream" coming from the ip cam at the other house.

I am a noob. so I don't know how to "look at firewall logs and filter them using that port number"

How do I tell snort my camera is trusted?

I will uninstall Snort tomorrow and try an upgrade. Via the in place web interface. I think I will also try a "fresh install" with my backed up settings file resorted if the prior does not work.

muswellhillbilly

Something tells me you need to do a bit of reading before you go any further. Noob or not, you should familiarise yourself with the system you're using before going live with it. https://doc.pfsense.org/index.php/Firewall_Logs

OldOneEye

@Gertjan:

I had some spare time yesterday, so I decide to repair my crystal ball.
Your question was just great to test it afterwards.

This is what I saw :
The issue is what your cameras is "seeing".
Snort is a "packet inspection system" and the new version that came with 2.3.2 doesn't like what your camera 'sees'. Snort kicks in and filters it out.
So : tell snort that your camera is trusted.

Can you confirm that my crystal ball is repaired ?

Thanks for fixing and dusting off your crystal ball.
Yes it seems to be related to SNORT, if its uninstalled prior to upgrade the remote camera continues to stream to my local recorder.

I did add a alias of the remote internet IP number and then I added it to snorts "pass list" prior to removal.

I did a little "light" reading (too alleviate my noobness) on how to filter logs.  ::) but my "remote" ip never shows up in logs.

I reinstalled SNORT and my setting reappeared and my cameras are working still, post upgrade/package reinstall . puzzling.

Another way I think of this is, that I am doing a download of a file from a internet server at 2.5mbps all day long to a local computer.

If things change I will update. But look like its working.