How to configure nat to access ip cam form wan



  • hi

    i setup my nat following the tutorial, to be able to access my ip cam, but i didn't succeed my setup is as follows:

    interface: wan
    external address: any
    protocol: tcp
    external port range:
    from: other 1400
    to: other
    nat ip: 192.163.1.1 (1st ip cam)
    local port: other 1400

    my dhcp range is: 192.163.10 to 192.163.1.245
    my gateway address is: 192.163.1.254

    so i tried accessing one the cam with the wan side of my server 87.230.x.x:1400 with no luck.

    what did i do wrong

    help is highly appreciated



  • if i put the xxx.xxx.210.14:850 (pf ip + the port configured to redirect to 192.163.1.50 (IP cam) on my web browser from wan, the page keeps trying and never connect

    still no one can help me in this?

    thanks in advance



  • Your IPcam is confirmed accessible from local LAN subnet on port 1400 with TCP traffic?
    You have created a firewall rule to permit traffic along with your NAT rule?



  • thanks for the reply

    after trying many setups, my final configuration is as follows:

    cam1 ip: 192.163.1.1 port 810
    cam2 ip: 192.163.1.2 port 820
    cam3 ip: 192.163.1.3: port 830
    cam4 ip: 192.163.1.4: port 840
    cam5 ip: 192.163.1.5: port 850

    my nat and firewall as follows:






  • You have an allow-all rule on top of all other rules on your WAN tab. Remove that urgently!
    I could reach your pfSense on the given IP via http - switch that to HTTPs at least if not blocking it from the outside completely!



  • thanks a lot for advice

    yes you are right, i keep seeing peoples try access and guess my server password from all over the world, i am kind of new to firewall rule, i don't know how what to put to access my server remotely, i have 5 running server and need to monitor always, so if you kindly help me create the necessarily rule to access pf box, ill be grateful and then access my ip cams.

    thanks again for trying to help

    hadi57



  • You set your LAN to 192.163.x.y

    unless you have this public IP range assigned to you by an ISP (which I somewhat doubt) you should change it to one of the designated private IP subnet ranges:

    • 10.x.x.x

    • 172.16.x.x bis 172.31.x.x

    • 192.168.x.x

    You most probably wanted to use 192.168.x.y
    Using 192.168.1.0/24 as subnet and assigning 192.168.1.1 to a device cries for problems. That's the IP a lot of devices initially use for setup. Avoid it.



  • ok ill change my ip's to 192.168.x.x, or 172.16.x.x even i dont have problem with 192.163.x.x becuase all my clients are accessing the internet with no problem, so you think because i am using 192.163.x.x instead of 192.168.x.x i am facing this problem?



  • May I suggest that you start reading about networking?

    A possible start could be here:
    http://en.wikipedia.org/wiki/IP_address
    http://en.wikipedia.org/wiki/Subnetwork
    http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
    but it's not limited to that.

    And no, I didn't say your problems arise from false subnetting.
    Wikipedia has an article about NAT (Network address translation) as well.


Locked