Newbie on Pfsense. Need remote viewing of CCTV-HDR. Trusted IPs.

johy

Hello everyone,

I am new to pfsense and have recently set up pfsense on a low-powered PC (192.168.2.1) for my small office with 10 PCs. The pfsense replaces an older Asus Router running Tomato firmware.

I am using DHCP. However, each PC/device uses a static IP address.

Additionally there is a NAS, network printer, and a CCTV-HDR device (Hikvision) (IP 192.168.2.50) on the network.

I have loaded the following packages on pfsense:

1. Squid Proxy
2. Squid Webfilter
3. Snort

Now I used to be able to view the CCTV cameras at the office from another location via a remote client software supplied by HikVision.

However, now I am unable to view the camera. Can you kind folks kindly guide me how to allow remote viewing of this HDR-CCTV on 192.168.2.50 ?

Also, can you please guide me how to set up trusted IPs on the network (whom I do not need to block websites using Squid webfilter).

Thanks in advance. Moderators, please move the topic if needed.

Gertjan

Accessing a device present on your LAN from WAN (somewhere on the net) ?
Look here  pfsense NAT web cam

Of course, I don't know what "CCTV-HDR device (Hikvision" is, but the procedure is always the same (as it is for every router/firewall on this planet).

About

1. Squid Proxy
2. Squid Webfilter
3. Snort
   Never used them … Never found a reason to do so.

edit : Btw : seeing your first question, I advise you to stay away from Squid/Snort ;)

johy

Thanks a lot Gerjan. The camera thing is similar to a webcam, except it is a stand-alone device. I will look up the link.

I am running Squid as I need to run a webfilter for the office. Can you suggest an alternative?

I can, however, turn off Snort. Again, is there an alternative,  or should I stay off any similar package?

JKnott

Of course, I don't know what "CCTV-HDR device (Hikvision" is, but the procedure is always the same (as it is for every router/firewall on this planet).

Hikvision is a maker of security cameras.  Modern security cameras use IP to connect to a recorder.  Both the cameras and recorder can be accessed over the network.

asecurityadmin

I use a Hikvision HD-NVR myself, really an LTS "Platinum" series, but it's a Hikvision…

Default ports you'll need for NVMS7000 client are:

HTTP Port = 80
Server Port = 8000
RTSP Port = 554
HTTPS Port = 443

I've moved some of my ports as I need those elsewhere, but the idea is the same.  You're just forwarding those ports from the outside in to your DMZ (or LAN) NAT address of the DVR.

(I kill HTTP however.  All web traffic to it should be forced to https in my world, so 8000, 561, and 446 respectively.  446 collides with registered port ddm_rdb - but that's not a database server I'd be using.  561 collides with registered port monitor - I don't need it)

Hikvision advises both tcp and udp, but https should only be tcp.  rtsp could carry command channel over udp, but it doesn't in this case, so only TCP is required.  8k is both.