How to block my calling home foscam ip camera.

  • For almost a year i''m trying to block my foscam ip camera from "calling home". I found here on pfsense forum en else on the internet several tips for this problem but for some reason its not working for me.

    The foscam camera is on my LAN network. I made a alias with a list of ip´s the camera is calling out to on the internet. Then I made a lan block rule to block this alias. This does not work. Wen I block all outgoing traffic from the camera then I still see connections coming in on the wan, coming from the ip´s I put in that alias with ip´s from foscam.

    I can´t figure this out. Wen I block the camera completely wen i even can´t connect to anymore then still i see incoming connections from those ip's.

    The strange thing is wen i power off the cam all this weird traffic and connections stop right away. So somehow the camera still triggers those incoming wan connections but i can´t figure out how.

    Wen i do a packet capture on the lan interface i see incoming and outgoing connections from and too the camera from internet ??? How is this possible wen i block the cam its still talking to those ip's ???

    I tried many many configurations. for example I made a floating rule to block those ips on the wan and lan interface but still wen i power on the camera the incoming wan connections start again so the camera still knows how to trigger this.

    I'm very curious what i'm doing wrong. Or what might going on.

  • Banned

    The destination sure like hell should NOT be "LAN net".

  • I choose a wrong pic. I tried so many things below is another pic. I was so fed up with it so i thought i post it here on the forum. Because I don't know what to try next.

  • BTW that "lan net" idea i got from:

  • LAYER 8 Global Moderator

    If you don't want your foscam to go to the internet, then use its IP as the source IP and block it from going anywhere.

  • I know and i did.
    But even then wen I power up the camera i see those WAN connections again.
    Also wen i do a packet capture i see there is still a lot of traffic going in and out between those ip's you see on the wan pic.
    Its crazy i can't figure it out. It feels like i mis something simple but what?

  • LAYER 8 Global Moderator

    well post up the rules that you put in place to block it?  You do understand that you would have to kill any existing states when you create new rules.

  • Hmm that sounds like you might found the stupid thing i might have not done because didn't know that  :o
    But then again i don't think this was the problem a year long wen i did several reboots and upgrades etc. I gues existing states would then be lost right?

    I have now this:

  • LAYER 8 Global Moderator

    I see blank/nothing for this:

  • I see there a picture.

    The cameras alias has of course the ipcam ip in it
    i set cameras alias as source and block to all *
    Then you see on the pic the dynamic view of the firewall log were we see still those incoming udp connections.

    Wen i power off the camera then those udp connections stop.

    How can the cam connect out to the internet wen i block everything coming in from the cam?
    It still somehow triggers those incoming connections.

  • BTW i just reset states few minutes ago after your tip and it did not change anything.

  • LAYER 8 Global Moderator

    can you not just attach the picture to post - I don't see anything.. work firewall blocking access to image hosting sites most likely.

    As to how it can get there is because your not blocking it.. Rules are evaluated top down, first rule wins.. So if you have a rule above that says any any and then a rule that says block the block rule is never hit would be my guess.

  • Check if there are floating rules?

  • LAYER 8 Global Moderator

    So just looked via none work proxy and yeah that rule should block - other than your alias is not working..  What is in your cameras alias?

    What are you trying to show your firewall log shows a bunch of blocked UDP traffic to your wan..  How is that your cameras???

  • It is just that what was the problem.
    Just before i read the last posts here i exchanged the alias for the plain IP address and voila problem solved pfffff unreal

    The alias looks like this:

    I also added the pic as attachment.

  • @johnpoz:

    What are you trying to show your firewall log shows a bunch of blocked UDP traffic to your wan..  How is that your cameras???

    I my earlier posts i wrote that those wan udp connections get triggered by the cam. everytime the cam is powered on those udp connectoins start going up. so the cam is triggering that even wen i thought i have blocked the camera. Wen i power off the camera those udp connections on the wan stop.

    But i/we now know wat the problem was. Probably some bug in the alias system. I don't know i'm happy i finally blocked the cam "calling home".

  • LAYER 8 Global Moderator

    You can always check what is in your alias via the diag, tables section.  See there is a alias I use to list the IPs of my AP.

  • Great tips Johnpoz did not know this one either.
    I checked the CAMERAS alias in the diag / tables and it shows the right IP. Still i think there is something wrong with the aliases system since the IP is the right one.
    With the alias set it did not work with the IP address in place of the alias it does work.

  • LAYER 8 Global Moderator

    I am not having any problems - if I did then none of my eap-tls wifi clients could connect because that alias allows my AP to talk to the radius server..

    Use lots of aliases - if they were not working I would have lots of stuff broken

  • I know i use many aliases they work also but this one did not.
    I have no idea why.

    I'm happy the problem is solved but it is still strange.
    I would like to use the alias. I try again later with a new created alias if it is still a problem then.

    Same here with my AP's i use also aliases and also wpa2-eap with dynamic vlans but that another story.
    If all aliases would not work i would have a big problem too of course :)

  • LAYER 8 Global Moderator

    For another time I would be curious to swap war stories with you on how your doing dynamic vlans on your wifi, what AP you using?  Unifi?  You running freerad on pfsense?

  • yep yep  Ubiquiti unifi uap pro gen 1

    Yes I use freeradius package in pfsense and a mysql backend in a openvz virtual container (local openvz server).
    Because I have everything in a DB I can use a webbased gui.

    It works very well

    I have several groups and every group has its users and every group has a vlan id set (see the pic below).
    wen a user is in group A it replies vlan id from group A to the AP's.

    This is a pic from the beginning i still use it the exact same way just more and other named groups.

  • It looks like the 3 ip's are in the same network that is not so they are:

    Because I liked to play with cidr few years ago :)

Log in to reply