[Solved] Blocking IP camera to get online
-
I have installed squid and see that my camera is often sending request like this:
10.04.2018 22:09:55 192.168.103.32 TCP_MISS/200 http://hzweb2.s1.seetong.com/dev/devreg.php - 121.40.148.79
10.04.2018 22:09:53 192.168.103.32 TCP_MISS/200 http://hzweb2.s1.seetong.com/comm/getrand.php - 121.40.148.7910.04.2018 22:07:05 192.168.103.31 TCP_MISS/200 http://bjweb1.s1.seetong.com/dev/devregv2.php - 182.92.160.245
10.04.2018 22:07:03 192.168.103.31 TCP_MISS/200 http://bjweb1.s1.seetong.com/comm/getrand.php - 182.92.160.245I have tried blocking from LAN with these IMG: LAN_RULES.png
Why is this block not working ? or do I have to reset squid to "empty cache" first ?
-
Fist of all because "WAN net" is not the internet but the transit network between you and your provider.
If your cameras don't need to go anywhere (which they usually don't) you can just use "*" as destination.
Create an alias for all cameras and use that one as source. Saves you two rules. -
Thank you,
I have created alias. IMG: Alias.pngAha, the camera needs to access LAN and store files on the NAS drives (Synology).
But they dont need to access the internet.(I have tried searching forum I see a lot of people want their camera to go online, but not able to be able to access the the local network)
-
As by your rules, the cameras are on Lan already. Every traffic on lan is handled by your switch and never reaches pfSense.
If your NAS is on your Lan (where it usually is…) everything is fine with blocking destination "*" for your cameras. -
Super! ;D - now the blocking works :-)