DSTNAT ports Hikvision

pmattia90 · July 18, 2024, 9:01am

Hello, I have a problem using an Hikvision camera behind a NAT.
I have a port with network 10.146.12.0/24, that’s my WAN(customer give me a private ip in his network) and i have configured a private network for a group of cameras on several ports in a bridge(172.16.10.0/24).
Everything is working fine with a masquerade from src.address 172.16.10.0/24, so i can ping 8.8.8.8 from cameras.
Now the customer wants to reach the camera from his network(10.146.12.0/24)
I know that cameras have a http page for configuration with a live stream, so i configured two dstnat in Mikrotik.
One is 10.146.12.20:50 to the 172.16.10.50:80
Second is 10.146.12.20:51 to the 172.16.10.51:80
The web page is working but i’m not able to see the stream.
I think that i need a second port for the streaming, probably the 554, so how I have to configure this for make operational the two cameras?
I can also request another private IP for the network 10.146.12.0/24
Thanks in advance.

karlisi · July 18, 2024, 12:03pm

Connect from 172.16.10.0 subnet if it is the same. Perhaps not a NAT problem. Many Hikvision devices requires Webcomponents plugin to see stream or recordings in browser. Older devices also requires Internet Explorer to run this plugin (MS Edge in IE mode). Search for “Browser and Plugin Support of Hikvision”

pmattia90 · July 19, 2024, 1:08pm

Hello,
unfortunately he canntot use the 172.x.x.x subnet, s this is the reason of the question.
The web components is working when i do not use the nat, and i try to reach the camera with the same subnet.
I thought i have to play with ports involved in web componets plugin, but i don’t know how.

rextended · July 20, 2024, 7:40am

The ports are 554 and 8000, do the same you do for the port 80.
On doubt (i do not remember) both tcp and udp.

jaclaz · July 20, 2024, 9:56am

It has to be checked, could be also 10554 instead of 554;
https://supportusa.hikvision.com/support/solutions/articles/17000128725-what-port-forwards-are-required-for-direct-ip-remote-access-

Should be TCP.
https://www.hikvision.com/content/dam/hikvision/ca/bulletin/technical-bulletin/technical-article/tb_network_port_list.pdf

karlisi · July 22, 2024, 6:39am

Additional ports are used by applications, for web sessions only 80/tcp is needed.

pmattia90 · July 30, 2024, 2:47pm

Thanks, but how can i dst-nat same ports to 2 different ip?