Question on Routing an external IP:port

  • I am a novice (but learning fast) that has been using pfsense for about 1 year generally with good success.

    I would like the groups direction/suggestions on how I can solve the problem listed below. The item is being posted in the General category for lack of my detailed knowledge.


    I have internet cameras at my farm located remotely from my base. They are setup from a fixed IP and specific ports. I would like to have the cameras send jpeg images to my base LAN vsftpd server (again at a fixed WAN IP and fixed LAN IP for port forwarding)  without exposing the server to all the random traffic that is normally seen when an ftp server has full internet exposure. The cameras are fully capable of this operation when they sense some external trigger.

    Someone might have asked this question before hence any direction on how I should pursue the solution would be appreciated. I can not find specific leads from searching.

  • What sort of network are the remote cameras on?  Could you do a VPN between that network and your home base?

  • Why not do a port forward? You can set it up under NAT and you can add a firewall rule that only specific IPs will be forwarded. If you are working with dynamic IPs I would recommend Dynamic DNS.

  • Netgate Administrator

    It's not clear where your cameras are in network terms. Are they on the LAN side of the network?
    More information please.  ;)


  • Thanks for the several responses to my note. As requested I have attached a sketch in jpg format to this note covering the system setup. looking forward to any other comments you may care to make.

  • Would seem that a port forward would solve your issues. However if you were looking for something better than a port forward I would change out that dd-wrt router for a pfsense firewall/router and setup a IPsec tunnel that way you wouldn't even need to do a port forward and your video stream would be encrypted on the internet. IPsec is really easy to setup in Pfsense and works well.

    One question I have is does your server connect to the camera or do you configure the cameras to phone home to the server? How ever the case you would just need to setup the port forward on the end that is receiving the data and if you use pfsense you can filter the traffic not only by port number but also IP address as well just change the source address from any, to the IP for the cable modem where the remote cameras are located at.

  • Netgate Administrator

    Ah, OK.
    Your best option for security is to setup a VPN between your remote DD-WRT box and the pfSense box. You should be able to do that easily enough with OpenVPN (


  • Thank you all for the information and suggestions. Responding to mikeisfly's question on the camera.

    The camera contacts the remote dd-wrt router (camera at a fixed ip on the lan) when it senses movement in the camera field of view and initiates an ftp transfer of that jpeg image file to the home ip address. The camera operates at a specific port and uses the dd-wrt router to contact the home ip address over the internet. This allows manual remote access to the camera.

Log in to reply