Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lorex NVR Rule

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Technolust
      last edited by

      I have a Lorex NVR which only works if I create a rule to allow 10.69.0.135 (NVR IP) on any port and any destination. When I go to Lorex site they say only requires 80, 443, 123, 35000, 35001. When I create the alias for those ports no traffic flows.

      When I view the System logs under firewall I see a ton of ports open by what looks to be Amazon IP addresses (whois lookup). Any one have any experience with allowing only specific ports and ips to the NVR or do I just need to allow everything to the one NVR IP address?

      Picture attached for examples.

      Lorex_Ports.jpg

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600 @Technolust
        last edited by bingo600

        @technolust
        Seems like you can register (your box) at lorexddns.net , and even change to 8080.
        https://help.lorextechnology.com/link/portal/57356/57366/Article/1356/Port-Forwarding-Port-80-blocked-by-ISP

        For example, if your DDNS was firstname.lastname.lorexddns.net and you changed your port to 8080, your new DDNS would be firstname.lastname.lorexddns.net:8080.

        That lorexddns.net seems to have something to do w. google. could even be running at AWS.

        whois lorexddns.net
   Domain Name: LOREXDDNS.NET
   Registry Domain ID: 1340028436_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.google.com
   Registrar URL: http://domains.google.com
   Updated Date: 2021-11-24T05:04:28Z
   Creation Date: 2007-11-23T20:40:49Z
   Registry Expiry Date: 2022-11-23T20:40:49Z
   Registrar: Google LLC
   Registrar IANA ID: 895
   Registrar Abuse Contact Email: registrar-abuse@google.com

        Did you set that ddns stuff up ??
        Do you need it, in order to access the NVR from Inet ?

        Describe what you whish/want, a bit more ...

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        T 1 Reply Last reply Reply Quote 1
        • T
          Technolust @bingo600
          last edited by

          @bingo600 Thanks for the response! Man everything and everyone seems to be in bed with Google and Amazon these days... Either way I will try to setup the lorex with their ddns. Just frustrating when I don't want to open all ports to Amazon let alone Google...

          Did you set that ddns stuff up ?? I did not set this up, before I installed the pfsense firewall it worked fine. However, that was using a Netgear R9000 for firewall and gateway....

          Do you need it, in order to access the NVR from Inet ? Yes, I'm not able to access the NVR from the app on my phone.

          1 Reply Last reply Reply Quote 0
          • A
            alexmay
            last edited by

            Hey @Technolust and @Andersen,

            I've dabbled in the intriguing realm of Lorex NVR configurations before, and I totally get the frustration when things don't align as they should. Your quest to streamline the NVR access is commendable, and I might have a few thoughts to help you in this conundrum.

            The Lorex site's recommended port settings are indeed a good starting point, but sometimes these devices can be a bit temperamental. You've already tried creating an alias for the ports without success, which is puzzling.

            Considering the swarm of Amazon IP addresses in your firewall logs, it's possible that the NVR might be utilizing additional ports dynamically, especially if it's connecting to cloud-based services like AWS. Instead of locking down specific ports, you might want to consider a more permissive approach.

            One idea is to set up a rule to allow traffic from your NVR's IP address on all ports but restrict the destination to your local network only. This way, you maintain some control while still accommodating potential dynamic port usage.

            Additionally, your mention of lorexddns.net is interesting. Registering your box there and experimenting with port 8080 could yield positive results, especially if it has ties to Google or AWS, as you hinted. It might be worth exploring further.

            T 1 Reply Last reply Reply Quote 1
            • T
              Technolust @alexmay
              last edited by

              @alexmay we certainly appreciate your thoughts and insight on this for sure! What I ended up doing because of the sheer capitulation from port mappingsā€¦ I created an Alias for the NVR and Doorbell (Lorex Devices) allowed all ports to those two devices only. As much as I loath AWS and Google, the dynamic source port mappings far exceeds my capacity to continue allow/deny round robin port maps.

              Maybe I could try allowing ports 5088, 5070, 8080 from the source to those ios but Iā€™m not 100% confident on my ability to get this rule correctly on the LAN sideā€¦

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.