• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] Port Forwarding IP Camera

Scheduled Pinned Locked Moved NAT
21 Posts 2 Posters 21.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bczeon27
    last edited by Jul 13, 2010, 3:11 PM Jul 12, 2010, 6:10 PM

    I am quite new with pfsense.  Your help is really appreciated.  before I created this topic, I have look through the pfsense book and gone through some post in the forum.

    Before I switch to Pfsense, it has been working.  I just can't figure out how to make this thing work.

    I have an IP camera here with the local ip of 192.168.1.100
    In order for me to connect to this IP camera from the outside network, I need to port forward two differents port to the camera.  In this case, the ports are 9002 and 9082.  I use NAT to forward the all the incoming traffic to the interface public IP address with port 9082 and 9002 to 192.168.1.100:9082 and 192.168.1.100:9002 respectively.

    Under NAT: Port Forward.
    Inter  Protocal  Port    Nat IP
    WAN  TCP/UDP  9002  192.168.1.100 (ext.: 209.50.x.x)  9002  IP Cam   
    WAN  TCP/UDP  9082  192.168.1.100 (ext.: 209.50.x.x)  9082  IP Cam HTTP

    I also set the firewall rules:
    WAN
    TCP/UDP  *  *  192.168.1.100  9082  *           
    TCP/UDP  *  *  192.168.1.100  9002  *

    What am I doing wrong?

    1 Reply Last reply Reply Quote 0
    • D
      danswartz
      last edited by Jul 12, 2010, 7:25 PM

      well, that looks correct.  can you be more specific as far as 'it doesn't work'?  i assume you can't connect at all?  are you sure the camera has a default gateway pointing at the camera?

      1 Reply Last reply Reply Quote 0
      • B
        bczeon27
        last edited by Jul 12, 2010, 8:27 PM

        Right now, this is what happened.

        If I were to use the external IP to connect to the device, the internet explorer will show an error message.
        "Oops! Internet Explorer could not connect to 209.50.x.x:9082"

        If I was to connect the device with the local ip address, such as 192.168.1.100:9082, the internet explorer can view the device.  It just works.

        I double checked the gateway and IP configure for the camera.
        Static IP, Gateway, and Ports are correct.  And, they match the setting in the pfsense router.

        I am sure there is one thing that is missing in the puzzle.  Your expertise is greatly appreciated.

        1 Reply Last reply Reply Quote 0
        • D
          danswartz
          last edited by Jul 12, 2010, 8:29 PM

          When you say "If I were to use the external IP to connect to the device, the internet explorer will show an error message.", do you mean from inside the LAN or outside?  If the latter, what happens if you say 'telnet PUBLIC_IP 9082' instead of using browser?

          1 Reply Last reply Reply Quote 0
          • B
            bczeon27
            last edited by Jul 12, 2010, 8:40 PM

            I tried both inside the network and outside the network.  Eitherway, I got the same error result.

            When I try to telnet the public ip, it won't connect.

            I went to Status -> System Log -> Firewall.  Interestingly, it did not show me the source ip and port that I used to connect to ther camera.  Does that meant we would assume that the connection was not block?

            1 Reply Last reply Reply Quote 0
            • D
              danswartz
              last edited by Jul 12, 2010, 8:42 PM

              Sorry if I was unclear.  What I was trying to find out was: if you try from outside using telnet, do you get any error or just times out?  Also, connecting to public IP from inside will not work unless you enable NAT reflection.  What happens if you run packet capture on WAN interface and try to connect from outside?

              1 Reply Last reply Reply Quote 0
              • B
                bczeon27
                last edited by Jul 12, 2010, 9:56 PM

                I have 5 static ip here.  What I did was to use a different public ip to test the connection to the ip camera.

                With the telnet, I got these two errors with the external ip.

                HTTP/1.1 501 Not Implemented. Connection: Close
                HTTP/1.1 400 Bad Request. Conection: Close

                When I tried to telnet inside the network, I got this error.

                Could not open connection to the host, on port 9082: Connection failed

                1 Reply Last reply Reply Quote 0
                • D
                  danswartz
                  last edited by Jul 12, 2010, 11:23 PM

                  when you say "connection failed", is that instantly?  or after a timeout?  also, the other HTTP errors are odd.  are you saying that if you telnet to the internal IP on port 9082 it works, but if you telnet to the external one on port 9082 you get the HTTP errors?

                  1 Reply Last reply Reply Quote 0
                  • B
                    bczeon27
                    last edited by Jul 13, 2010, 4:29 AM

                    After I entered the telnet command, there was a blank screen.  As soon as I hit the enter key, the error came up pretty much instantly.

                    When I use the computer outside of the network, I got an error when I tried to telnet to the camera with the public IP.
                    When I use the computer inside the network, I got a connection error (Time Out) when I tried to telnet to the camera with the public IP.

                    Since the LAN IP works, I did not try to telnet the IP camera with the LAN IP.

                    1 Reply Last reply Reply Quote 0
                    • D
                      danswartz
                      last edited by Jul 13, 2010, 11:46 AM

                      well, if you get a connection HTTP or whatever error, you are getting to the camera.  the failure to connect at all via the public IP from inside is presumably because you have nat reflection disabled.  this is weird then, it is almost like the camera is disallowing connections from IPs other than inside the LAN.

                      1 Reply Last reply Reply Quote 0
                      • B
                        bczeon27
                        last edited by Jul 13, 2010, 3:08 PM Jul 13, 2010, 3:04 PM

                        Thank You for trying to help.

                        I think the connection was established.  But, the camera can't sent any information out.

                        So, Set the Outbound then reset the router.

                        The problem has been resolved.

                        1 Reply Last reply Reply Quote 0
                        • D
                          danswartz
                          last edited by Jul 13, 2010, 3:06 PM

                          What does 'set the outbound' mean?

                          1 Reply Last reply Reply Quote 0
                          • B
                            bczeon27
                            last edited by Jul 13, 2010, 3:08 PM

                            NAT:Outbound

                            • Manual Outbound NAT rule generation

                            This is weird.  Doesn't the NAT (Port Forward) automatic address the outbound and inbound issue?

                            1 Reply Last reply Reply Quote 0
                            • D
                              danswartz
                              last edited by Jul 13, 2010, 3:11 PM

                              No, port forwarding only deals with inbound.  Also, you shouldn't have need to manually set outbound NAT unless you were doing something non-standard.  If you set manual NAT (AON) but didn't actually change anything, that was most likely a red herring, and the router reboot is what "fixed" this.

                              1 Reply Last reply Reply Quote 0
                              • B
                                bczeon27
                                last edited by Jul 13, 2010, 3:20 PM Jul 13, 2010, 3:14 PM

                                I did add a rule in the outbound of creating a static port 9082.

                                This is interesting.  I would changed that back and find out.

                                1 Reply Last reply Reply Quote 0
                                • D
                                  danswartz
                                  last edited by Jul 13, 2010, 3:16 PM

                                  where did you get that port number from?

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    bczeon27
                                    last edited by Jul 13, 2010, 3:17 PM

                                    That's the http port that the IP camera uses.

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      danswartz
                                      last edited by Jul 13, 2010, 3:24 PM

                                      But that is for inbound (port forwarding.)  That has nothing to do with the port numbers in the outbound NAT settings.  What specifically did you set for the outbound NAT entry?

                                      1 Reply Last reply Reply Quote 0
                                      • B
                                        bczeon27
                                        last edited by Jul 13, 2010, 3:44 PM

                                        Interface      Source        S. Port                            Static Port
                                        WAN    192.168.1.0/24    9082    *    *    *    *    Yes
                                        WAN    192.168.1.0/24    9002    *    *    *    *    Yes
                                        WAN    192.168.1.0/24      *        *    *    *    *    No

                                        1 Reply Last reply Reply Quote 0
                                        • D
                                          danswartz
                                          last edited by Jul 13, 2010, 3:52 PM

                                          Outbound NAT should only be for new connections initiated from inside.  Have you tried deleting them and rebooting pfsense?

                                          1 Reply Last reply Reply Quote 0
                                          20 out of 21
                                          • First post
                                            20/21
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received