Hello my friends ,,
I have 4 Hikvision NVRs ,
I use Mikrotik RB4011igs+RM router ,
after using this fantastic router , every thing is fine ,
but the problem is :
after I used this router , all NVRs became offline for HikConnect App ,, So I can't access the nvrs using mobile app ,,
I use the ports 8001 - 8002 - 8003 - 8004 for the NVRs as server ports ... and I can't see the ports open when checked through canyouseeme - and it is working good without mikrotik ..
I tried to make nat rules but no use till now ..
same problem I can't access the nvrs from wan ..
but from lan is working good --
Please I need a working solution to make the ports opened to internet through mikrotik router to use it in mobile app hikconnect
Note : also I can ping only the adsl modem but I can't access it as a webpage .. any solution ?
also my mikrotik LAN PCs can't acess the adsl modem LAN PCs .. any solution ?
my config script file is attaced ...
notes :
I have no public static IP configured ... it is just a normal dynamic public ip ..
ADSL modem ( router mode _ portt 1 ) 192.168.1.1/24
Mikrotik Router ( router mode - automatic - Eth1 - Gateway - WAN ) 192.168.1.29/24
Bridge ( LAN ) 192.168.100.100/16
MIKROTIK is the main DHCP 192.168.10.0/16 for all devices mc.txt (3.62 KB)
The reason you can’t connect to your adsl is because of the /16 (192.168.0.0-192.168.254.254) IP scope you have set. It’s IP belong in this range and is being routed out on the bridge instead of your WAN. Looking at your config, I do not see a reason not to use /24 and have a single subnet (192.168.10.0/24 or 192.168.100.0/24).
You did not post what NAT rules you tried, but since you have set up double NAT (NAT from adsl to Mikrotik and Mikrotik to NVR), you will net to set up NAT rules on both devices. On the adsl, the ports would need to be forwarded to the IP of the Mikrotik. And the Mikrotik would need the ports forwarded to the NVR. If you try to connect to the NVR from LAN of Mikrotik using the external IP, you will also need Hairpin NAT.
You dont have a public IP.
The ADSL unit is giving you a private IP and thus NAT is not possible.
If you have access to the ADSL router then can you forward ALL the ports to the LANIP on the ADSL router that corresponds to the connection to your router, which is also the fixed WANIP on your MT RB4011
192.168.1.1/24 This is a private IP address structure not public.!!!
Your config is whack.
/ip address
add address=192.168.100.100/16 comment=defconf interface=bridge network=
192.168**.0**.0
@mrpip, first of all, what you mean by “access from WAN” - does that mean via the mobile app that connects to cloud or you could access those NVRs by connecting to the public IP of your ADSL router before inserting the 4011 between the ADSL modem+router combo and the NVRs?
If you could, do you use some dynamic DNS service to track the ever-changing but public IP on the ADSL combo’s WAN?
When you mention ports 8001-8004, are these the ports at which the NVRs listen for incoming connections or ports on the Hikvision’s cloud server?
In the mobile app, do you have to configure anything else than your user account to get access to the cameras (i.e. any IP addresses, domain names or port numbers)?
I have forwarded all ports to wanip of mikrotik .. no use ..
also I configured the NVR to take ips from DHCP it is working now …
Thank you …
because the NVRS take IPs now in range 192.168.10.0 …
without adding any rules … Thank you …
I can now access my nvrs from outside using the app …
SOLVED …
Some NVRs work the cloud way, where they actively build connections to cloud servers, and the mobile application or browser connects to the manufacturer’s servers in the cloud and access their cameras and NVRs that way. Others allow only direct connection, and in that case, a public address and port forwarding, or a VPN, is necessary to access them from outside your home LAN.
Depending on how your ones behave, a different configuration change on the Mikrotik is necessary. The information you gave in your OP is confusing and insufficient.
For the cloud way, nothing special should be required, just a proper configuration of the router. But some devices have special needs.