[SOLVED] Port Forwarding IP Camera
I am quite new with pfsense. Your help is really appreciated. before I created this topic, I have look through the pfsense book and gone through some post in the forum.
Before I switch to Pfsense, it has been working. I just can't figure out how to make this thing work.
I have an IP camera here with the local ip of 192.168.1.100
In order for me to connect to this IP camera from the outside network, I need to port forward two differents port to the camera. In this case, the ports are 9002 and 9082. I use NAT to forward the all the incoming traffic to the interface public IP address with port 9082 and 9002 to 192.168.1.100:9082 and 192.168.1.100:9002 respectively.
Under NAT: Port Forward.
Inter Protocal Port Nat IP
WAN TCP/UDP 9002 192.168.1.100 (ext.: 209.50.x.x) 9002 IP Cam
WAN TCP/UDP 9082 192.168.1.100 (ext.: 209.50.x.x) 9082 IP Cam HTTP
I also set the firewall rules:
TCP/UDP * * 192.168.1.100 9082 *
TCP/UDP * * 192.168.1.100 9002 *
What am I doing wrong?
well, that looks correct. can you be more specific as far as 'it doesn't work'? i assume you can't connect at all? are you sure the camera has a default gateway pointing at the camera?
Right now, this is what happened.
If I were to use the external IP to connect to the device, the internet explorer will show an error message.
"Oops! Internet Explorer could not connect to 209.50.x.x:9082"
If I was to connect the device with the local ip address, such as 192.168.1.100:9082, the internet explorer can view the device. It just works.
I double checked the gateway and IP configure for the camera.
Static IP, Gateway, and Ports are correct. And, they match the setting in the pfsense router.
I am sure there is one thing that is missing in the puzzle. Your expertise is greatly appreciated.
When you say "If I were to use the external IP to connect to the device, the internet explorer will show an error message.", do you mean from inside the LAN or outside? If the latter, what happens if you say 'telnet PUBLIC_IP 9082' instead of using browser?
I tried both inside the network and outside the network. Eitherway, I got the same error result.
When I try to telnet the public ip, it won't connect.
I went to Status -> System Log -> Firewall. Interestingly, it did not show me the source ip and port that I used to connect to ther camera. Does that meant we would assume that the connection was not block?
Sorry if I was unclear. What I was trying to find out was: if you try from outside using telnet, do you get any error or just times out? Also, connecting to public IP from inside will not work unless you enable NAT reflection. What happens if you run packet capture on WAN interface and try to connect from outside?
I have 5 static ip here. What I did was to use a different public ip to test the connection to the ip camera.
With the telnet, I got these two errors with the external ip.
HTTP/1.1 501 Not Implemented. Connection: Close
HTTP/1.1 400 Bad Request. Conection: Close
When I tried to telnet inside the network, I got this error.
Could not open connection to the host, on port 9082: Connection failed
when you say "connection failed", is that instantly? or after a timeout? also, the other HTTP errors are odd. are you saying that if you telnet to the internal IP on port 9082 it works, but if you telnet to the external one on port 9082 you get the HTTP errors?
After I entered the telnet command, there was a blank screen. As soon as I hit the enter key, the error came up pretty much instantly.
When I use the computer outside of the network, I got an error when I tried to telnet to the camera with the public IP.
When I use the computer inside the network, I got a connection error (Time Out) when I tried to telnet to the camera with the public IP.
Since the LAN IP works, I did not try to telnet the IP camera with the LAN IP.
well, if you get a connection HTTP or whatever error, you are getting to the camera. the failure to connect at all via the public IP from inside is presumably because you have nat reflection disabled. this is weird then, it is almost like the camera is disallowing connections from IPs other than inside the LAN.
Thank You for trying to help.
I think the connection was established. But, the camera can't sent any information out.
So, Set the Outbound then reset the router.
The problem has been resolved.
What does 'set the outbound' mean?
- Manual Outbound NAT rule generation
This is weird. Doesn't the NAT (Port Forward) automatic address the outbound and inbound issue?
No, port forwarding only deals with inbound. Also, you shouldn't have need to manually set outbound NAT unless you were doing something non-standard. If you set manual NAT (AON) but didn't actually change anything, that was most likely a red herring, and the router reboot is what "fixed" this.
I did add a rule in the outbound of creating a static port 9082.
This is interesting. I would changed that back and find out.
where did you get that port number from?
That's the http port that the IP camera uses.
But that is for inbound (port forwarding.) That has nothing to do with the port numbers in the outbound NAT settings. What specifically did you set for the outbound NAT entry?
Interface Source S. Port Static Port
WAN 192.168.1.0/24 9082 * * * * Yes
WAN 192.168.1.0/24 9002 * * * * Yes
WAN 192.168.1.0/24 * * * * * No
Outbound NAT should only be for new connections initiated from inside. Have you tried deleting them and rebooting pfsense?
Just disabled the whole Outbound NAT.
You are right. A simple Firewall State Reset was all it is needed.