We installed an IP camera a couple of years at our church. I was not involved in the installation, but I know a port had to be opened/forwarded. In the mean time someone did a hard reset of the router and port forwarding settings were lost.
We now have a MikroTIK RouterOS v6.40.3router, of which I know nothing at all.
I know the link on the desktop to operate the camera was: 192.168.1.200:81
This causes me to think that Port 81 was involved.
The new router is 192.168.88.1
I connected the cable to my LT and managed to access the camera at the old IP address and change it to 192.168.88.200 and have access to it with full control.
BUT, now I know something needs to be setup in the router. The IP address of the PC operating the camera is dynamic.
Question:
Do I need to OPEN the port 81 and forward it to the camera’s IP address?
Is a camera incoming or outgoing?
I will really appreciate some help. I need to get the camera up and running ASAP.
Port forwarding on MikroTik will look something like this. Read these rules slowly. Note that bridge-LAN must be changed to whatever your LAN ports are. Likewise with ether-WAN. Allowing for port forwarding, this is something that you have setup among other settings. Thus, one line under /ip firewall filter, and another line under /ip firewall nat, these in addition to standard settings.
/ip firewall filter
add action=accept chain=input comment="Accept established related" connection-state=established,related
add action=accept chain=input comment="Allow LAN access to router and Internet" in-interface=bridge-LAN
add action=drop chain=input comment="Drop all other input"
add action=accept chain=forward comment="Accept established related" connection-state=established,related
add action=accept chain=forward comment="Allow LAN access to router and Internet" connection-state=new in-interface=bridge-LAN
add action=accept chain=forward comment="Allow Port forwards" connection-nat-state=dstnat in-interface=ether-WAN
add action=drop chain=forward comment="Drop all other forward"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether-WAN comment="Default masq"
add action=dst-nat chain=dstnat in-interface=ether-WAN protocol=tcp to-addresses=192.168.1.200 dst-port=81 to-ports=81
Hi. Could you be so kind as to explain what are the differences between your rules and the following rules for 443 port forwarding that were made automatically: NAT
/ip firewall nat print
3 chain=srcnat action=src-nat to-addresses=192.168.0.1 protocol=tcp src-address=192.168.0.0/24
dst-address=192.168.0.5 dst-port=80 log=yes log-prefix=""
4 chain=dstnat action=dst-nat to-addresses=192.168.0.5 to-ports=443 protocol=tcp in-interface=ether1
dst-port=443 log=yes log-prefix=""
5 chain=dstnat action=dst-nat to-addresses=192.168.0.5 to-ports=443 protocol=tcp
src-address=192.168.0.0/24 dst-address=xxx.xxx.xxx.xxx dst-port=443 log=yes log-prefix=""
xxx.xxx.xxx.xxx - my external IP
192.168.0.5 - LAN machine IP where to forward 443 port
Filter Rules
/ip firewall filter print
13 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related log=no log-prefix=""
14 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related log=no log-prefix=""
15 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=ether1 log=no log-prefix=""
16 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
17 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 log=no log-prefix=""