Port forwarding



  • I am attempting to get my security cameras accessible from an app.
    On my old firewall it worked fine. Now I can't get them working.
    I did the same port forwarding rules as the old firewall, but no joy.
    Does there need to be another rule after the forward to let the destination computer back out through the firewall?


  • LAYER 8

    rules are automatically generated when you configure a port forward. if you make a screenshot of what you have done so far we can see if there is something wrong



  • 97e03e1c-c569-4809-a714-bff5c06e4cfb-image.png

    Dest is actually set to WAN not LAN



  • You might need UDP instead of TCP on one or two of those rules.. Depends on the camera.



  • I got lazy and use an old screenshot, here is what it looks like right now.

    15f2b413-dd92-4769-82d5-a00a3c7fbac2-image.png



  • So what do your actual firewall rules look like?

    Your NAT rules there actually overlap on the LAN side.. I don't believe Ive ever had the opportunity to try that..



  • WAN

    7e51d6ab-a776-4a01-b588-38de3b75f7b1-image.png

    LAN

    7e00bd33-13ab-4e2b-9aed-a714dd0f5ffd-image.png



  • Flip your two WAN rules around so the last one is above the other.. See if that makes a difference..



  • I worked directly with the server software (UniSight) company and the guys that wrote the mobile app for the better part of a day, we couldn't figure it out.



  • @chpalmer Well, that got me closer. I can actually get to the server from the app. But when I try to open one of the cameras to view it, I get an error that says channel unregistered, but now that is on the server software company.
    I can't believe just fliping the rule was all it was. Thanks a million!!!!!



  • Rules are always parsed first from top down. I only use 1:1 NAT in my use cases around here so don't get to play with single/multiple port forwarding to often. But my belief is that having the first rule with your multiple ports on top was causing the box to somehow take control of port 8554 for its use and blocking the redirect rule.

    Another way would be to make three port forwards and corresponding rules. 8000-8553 554/8554 8555-9000.

    Im betting you actually do not need all those ports forwarded but until you get everything working you probably wont be able to trim them down to what is needed. Unless you can see it in the various cameras.. if more than one. My guess is one port per camera?



  • Are you testing from INSIDE the same network where the cameras are running?

    If so, enable the NAT-reflection option that does NAT + PROXY.

    I explained NAT-reflection in a different context here:

    https://forum.netgate.com/topic/139457/transparently-intercept-and-redirect-dns-traffic-to-an-internal-dns/14

    Cu


Log in to reply