[SOLVED] Port Forwarding IP Camera

bczeon27

I am quite new with pfsense.  Your help is really appreciated.  before I created this topic, I have look through the pfsense book and gone through some post in the forum.

Before I switch to Pfsense, it has been working.  I just can't figure out how to make this thing work.

I have an IP camera here with the local ip of 192.168.1.100
In order for me to connect to this IP camera from the outside network, I need to port forward two differents port to the camera.  In this case, the ports are 9002 and 9082.  I use NAT to forward the all the incoming traffic to the interface public IP address with port 9082 and 9002 to 192.168.1.100:9082 and 192.168.1.100:9002 respectively.

Under NAT: Port Forward.
Inter  Protocal  Port    Nat IP
WAN  TCP/UDP  9002  192.168.1.100 (ext.: 209.50.x.x)  9002  IP Cam   
WAN  TCP/UDP  9082  192.168.1.100 (ext.: 209.50.x.x)  9082  IP Cam HTTP

I also set the firewall rules:
WAN
TCP/UDP  *  *  192.168.1.100  9082  *           
TCP/UDP  *  *  192.168.1.100  9002  *

What am I doing wrong?

danswartz

well, that looks correct.  can you be more specific as far as 'it doesn't work'?  i assume you can't connect at all?  are you sure the camera has a default gateway pointing at the camera?

bczeon27

Right now, this is what happened.

If I were to use the external IP to connect to the device, the internet explorer will show an error message.
"Oops! Internet Explorer could not connect to 209.50.x.x:9082"

If I was to connect the device with the local ip address, such as 192.168.1.100:9082, the internet explorer can view the device.  It just works.

I double checked the gateway and IP configure for the camera.
Static IP, Gateway, and Ports are correct.  And, they match the setting in the pfsense router.

I am sure there is one thing that is missing in the puzzle.  Your expertise is greatly appreciated.

danswartz

When you say "If I were to use the external IP to connect to the device, the internet explorer will show an error message.", do you mean from inside the LAN or outside?  If the latter, what happens if you say 'telnet PUBLIC_IP 9082' instead of using browser?

bczeon27

I tried both inside the network and outside the network.  Eitherway, I got the same error result.

When I try to telnet the public ip, it won't connect.

I went to Status -> System Log -> Firewall.  Interestingly, it did not show me the source ip and port that I used to connect to ther camera.  Does that meant we would assume that the connection was not block?

danswartz

Sorry if I was unclear.  What I was trying to find out was: if you try from outside using telnet, do you get any error or just times out?  Also, connecting to public IP from inside will not work unless you enable NAT reflection.  What happens if you run packet capture on WAN interface and try to connect from outside?

bczeon27

I have 5 static ip here.  What I did was to use a different public ip to test the connection to the ip camera.

With the telnet, I got these two errors with the external ip.

HTTP/1.1 501 Not Implemented. Connection: Close
HTTP/1.1 400 Bad Request. Conection: Close

When I tried to telnet inside the network, I got this error.

Could not open connection to the host, on port 9082: Connection failed

danswartz

when you say "connection failed", is that instantly?  or after a timeout?  also, the other HTTP errors are odd.  are you saying that if you telnet to the internal IP on port 9082 it works, but if you telnet to the external one on port 9082 you get the HTTP errors?

bczeon27

After I entered the telnet command, there was a blank screen.  As soon as I hit the enter key, the error came up pretty much instantly.

When I use the computer outside of the network, I got an error when I tried to telnet to the camera with the public IP.
When I use the computer inside the network, I got a connection error (Time Out) when I tried to telnet to the camera with the public IP.

Since the LAN IP works, I did not try to telnet the IP camera with the LAN IP.

danswartz

well, if you get a connection HTTP or whatever error, you are getting to the camera.  the failure to connect at all via the public IP from inside is presumably because you have nat reflection disabled.  this is weird then, it is almost like the camera is disallowing connections from IPs other than inside the LAN.

bczeon27

Thank You for trying to help.

I think the connection was established.  But, the camera can't sent any information out.

So, Set the Outbound then reset the router.

The problem has been resolved.

danswartz

What does 'set the outbound' mean?

bczeon27

NAT:Outbound

• Manual Outbound NAT rule generation

This is weird.  Doesn't the NAT (Port Forward) automatic address the outbound and inbound issue?

danswartz

No, port forwarding only deals with inbound.  Also, you shouldn't have need to manually set outbound NAT unless you were doing something non-standard.  If you set manual NAT (AON) but didn't actually change anything, that was most likely a red herring, and the router reboot is what "fixed" this.

bczeon27

I did add a rule in the outbound of creating a static port 9082.

This is interesting.  I would changed that back and find out.

danswartz

where did you get that port number from?

bczeon27

That's the http port that the IP camera uses.

danswartz

But that is for inbound (port forwarding.)  That has nothing to do with the port numbers in the outbound NAT settings.  What specifically did you set for the outbound NAT entry?

bczeon27

Interface      Source        S. Port                            Static Port
WAN    192.168.1.0/24    9082    *    *    *    *    Yes
WAN    192.168.1.0/24    9002    *    *    *    *    Yes
WAN    192.168.1.0/24      *        *    *    *    *    No

danswartz

Outbound NAT should only be for new connections initiated from inside.  Have you tried deleting them and rebooting pfsense?