Nat works on one port, and not on another port, completely baffled :-/
-
I have a survaillance system set up based on QNAP.
It has the central unit set up on 1 IP running on port 80, this is mapped port 10000
Each camera has seperate IP's with a stream host working on port 80, they are mapped to 10000+camnumber, ie. cam1: 10001, cam2: 10002 etc.I can reach the central unit without any problems on port 10000.
I can not reach any of the camera's.I've set it up with aliases, but in desperation I've also tried just using straight IP's, no change.
Each camera has a NAT rule, that translates from the standard WAN IP port 1000x to the internal IP port 80.
pfSense is 1.2.3 release built sun dec 6 23:21:36
-
Do the cameras have a proper subnet mask and default gateway set?
-
Just made absolutely sure, yes they have the default gateway and dns and mask correctly.
I would like to send it out via a virtual ip, but for now I'm setting it up to use the default one. -
You'll probably have to do some packet captures on WAN and LAN to see what is happening to the traffic.
-
Just set up a new NAT to access a VMWare virtual host via SSH, it also fails, so something is definetely screwy with the NAT implementation, my guess is a combination of Alias' and NAT.
I'll see if I can find the time to do a packet capture session before the end of the week. -
He, just got a SSH tunnel set up (a NAT that actually works!), so I could do it from work ย :o
The trace didn't give me much:
Packet capture WAN, filtered on outside senders IP (I manually removed the traffic stemming from the SSH tunnel).683 00:02:cf:d6:84:9c > 00:50:04:3d:68:84, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 119, id 63055, offset 0, flags [DF], proto TCP (6), length 48) 193.219.30.10.13232 > 217.157.8.114.10001: S, cksum 0x52eb (correct), 27596448:27596448(0) win 64512 <mss 1260,nop,nop,sackok="">11:05:11.791211 00:02:cf:d6:84:9c > 00:50:04:3d:68:84, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 119, id 63075, offset 0, flags [DF], proto TCP (6), length 48) 193.219.30.10.13232 > 217.157.8.114.10001: S, cksum 0x52eb (correct), 27596448:27596448(0) win 64512 <mss 1260,nop,nop,sackok="">11:05:13.321855 00:02:cf:d6:84:9c > 00:50:04:3d:68:84, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 119, id 63109, offset 0, flags [DF], proto TCP (6), length 48) 193.219.30.10.13232 > 217.157.8.114.10001: S, cksum 0x52eb (correct), 27596448:27596448(0) win 64512 <mss 1260,nop,nop,sackok="">Packet capture LAN
EMPTY!!!</mss></mss></mss>
-
Have you tried setting up the port forwards without using aliases to see if that works?
-
Do the cameras use RTP, by any chance, for video transfer?
-Chris
-
I've tried without aliases as well, the camera's CAN use RTP, but in this case, it's RTPoverHTTP as they call it.
I've tried using an SSH-tunnel (I have an NAT that actually works, SSH to my NAS), and forwarded just port 80 through that, and that works for all the cameras.