Rules to make sure camera is connecting properly
Not sure this is the correct sub forum. I'm fairly new to pfSense and thought I had everything set up properly on my SG-5100 but a recent issue with my Honeywell IPCAM-WOC1 wifi connected cameras has me completely thrown off and I am out of ideas. Im trying to figure out a way to make sure the cameras have unrestricted access to the internet so I can get them working and to diagnose the issue. Honewell Total Connect 2.0 says they use port 80 and 443.
Bit of background, about 2 weeks ago Resideo/Honewell updated their servers for their security cams. Prior to this I had no issues with the cameras for the 4-5 months Ive had the SG-5100. During Resideo's update things stopped working for the cameras and they were all reporting offline. It was fixed but my cameras never came back online. They would show up on my network but would not communicate with the cloud servers. Installer came out tried but no luck getting them to reconnect. We then attempted to use my phone as a hotspot to get around my network and the cameras were able to be added and worked. No issues. The cameras connection is encrypted to and from the cloud servers and should flow through my network with out port forwarding and such. If the network SSID is changed then it needs to be deleted and re-added with the new wifi SSID. So we set the hotspot to utilize the same SSID as my network. As soon as they connected to my network they went offline. The Tech says it must be my firewall but everything I am seeing it should be working. My Pi Hole has not blocked anything from the cameras.
I see them get assigned a static DHCP lease. I see them connected to my network but they no longer seem to connect with Resideos servers. I see them send requests to the servers but it seems something is blocking them at the pfSense. Although I am not seeing this. My current rules include a default allow any rule on LAN IPv4 and another for IPv6. On the WAN side I have the default Block private networks and Block Bogon networks. I am completely stumped on how to solve and troubleshoot this as it appears everything is working. Nothing else on the network has issues. I tried to disable all packet filtering under System/Advanced/Firewall & NAT but the entire network loses access. Is there a way to make sure the IPs for the cameras are having unfiltered access at least temporarily? or stop the firewall filtering temporarily so I can see if they connect?
You said that these cameras connect thru wifi, but gave very little detail on how you have that setup. Can you explain that part of your network?
@akuma1x My network is pretty basic. Plain cable modem with no routing or wifi
connected to the SG-5100
The SG5100 LAN port to a Unifi 8 port Switch
Connected to the switch are two APs (one Unifi UAP-AC-PRO and a Netgear R7800 running in AP mode), a raspberry pi running pi hole, and a desktop PC.
The Cameras connect to the network via my wifi
I have two Netgear wifi extenders as well. I am not running VLANs all devices are on the same LAN.
Gertjan last edited by
Your 5100 is using default settings ? beca&use, if it is, it's acting like all/any router on planet earth : traffic from passes. period.
You already mentioned "My Pi Hole ...." so something was changed - something that can break DNS ...
Honewell Total Connect 2.0 says they use port 80 and 443.
So any device on your LAN should be able to connect to any device on the internet using these two ports ?
( like usual browser to web server connections ^^ )
I see them get assigned a static DHCP lease
The web cams have a static lease ?
So they did receive an IP that lies into your LAN.
The network mask is also ok ?
The DNS it received ? and Ok ?
The gateway ? (should be pfSense LAN's IP)
Are the webcams using IPv6 ??
Prior to this I had no issues with the cameras for the 4-5 months Ive had the SG-5100. During Resideo's update things stopped working for the cameras and they were all reporting offline.
So, everything was fine.
You upgraded the webcam.
The webcam's upgrade release note doesn't mention anything special ?
The cameras connection is encrypted to and from the cloud servers and should flow through my network with out port forwarding and such
The web cams are reaching out to the "home" cloud servers. No need to port forward, which implies that the cloud servers should/would connect to your webcams.
@Gertjan Thank you for your feedback. Not sure what the issue may have been but over night the cameras started working again. No settings changed on pfsense. It must have been something with Honeywell servers (which I originally thought) but because they connected to my phone hotspot and worked I assumed it must have been my network.