How to configure nat to access ip cam form wan

hadi57 · Feb 7, 2008, 5:28 PM

hi

i setup my nat following the tutorial, to be able to access my ip cam, but i didn't succeed my setup is as follows:

interface: wan
external address: any
protocol: tcp
external port range:
from: other 1400
to: other
nat ip: 192.163.1.1 (1st ip cam)
local port: other 1400

my dhcp range is: 192.163.10 to 192.163.1.245
my gateway address is: 192.163.1.254

so i tried accessing one the cam with the wan side of my server 87.230.x.x:1400 with no luck.

what did i do wrong

help is highly appreciated

hadi57 · Feb 21, 2008, 9:49 PM

if i put the xxx.xxx.210.14:850 (pf ip + the port configured to redirect to 192.163.1.50 (IP cam) on my web browser from wan, the page keeps trying and never connect

still no one can help me in this?

thanks in advance

jahonix · Feb 21, 2008, 11:50 PM

Your IPcam is confirmed accessible from local LAN subnet on port 1400 with TCP traffic?
You have created a firewall rule to permit traffic along with your NAT rule?

hadi57 · Feb 28, 2008, 6:48 PM

thanks for the reply

after trying many setups, my final configuration is as follows:

cam1 ip: 192.163.1.1 port 810
cam2 ip: 192.163.1.2 port 820
cam3 ip: 192.163.1.3: port 830
cam4 ip: 192.163.1.4: port 840
cam5 ip: 192.163.1.5: port 850

my nat and firewall as follows:

jahonix · Feb 28, 2008, 6:25 PM

You have an allow-all rule on top of all other rules on your WAN tab. Remove that urgently!
I could reach your pfSense on the given IP via http - switch that to HTTPs at least if not blocking it from the outside completely!

hadi57 · Feb 28, 2008, 6:41 PM

thanks a lot for advice

yes you are right, i keep seeing peoples try access and guess my server password from all over the world, i am kind of new to firewall rule, i don't know how what to put to access my server remotely, i have 5 running server and need to monitor always, so if you kindly help me create the necessarily rule to access pf box, ill be grateful and then access my ip cams.

thanks again for trying to help

hadi57

jahonix · Feb 29, 2008, 8:06 AM

You set your LAN to 192.163.x.y

unless you have this public IP range assigned to you by an ISP (which I somewhat doubt) you should change it to one of the designated private IP subnet ranges:

10.x.x.x
172.16.x.x bis 172.31.x.x
192.168.x.x

You most probably wanted to use 192.168.x.y
Using 192.168.1.0/24 as subnet and assigning 192.168.1.1 to a device cries for problems. That's the IP a lot of devices initially use for setup. Avoid it.

hadi57 · Feb 29, 2008, 11:15 AM

ok ill change my ip's to 192.168.x.x, or 172.16.x.x even i dont have problem with 192.163.x.x becuase all my clients are accessing the internet with no problem, so you think because i am using 192.163.x.x instead of 192.168.x.x i am facing this problem?

jahonix · Feb 29, 2008, 11:38 AM

May I suggest that you start reading about networking?

A possible start could be here:
http://en.wikipedia.org/wiki/IP_address
http://en.wikipedia.org/wiki/Subnetwork
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
but it's not limited to that.

And no, I didn't say your problems arise from false subnetting.
Wikipedia has an article about NAT (Network address translation) as well.