Port 8000 forwarding for HIKVISION camera not working

Serhioromano · November 26, 2019, 1:19pm

I’ve read this forum and there are some topics. But those do not answer my question.

First I created a NAT rule to open camera WEB access. It is configured on port 80 inside a camera. So I access it through port 8080 and it works fine.

chain=dstnat action=dst-nat to-addresses=192.168.1.222 to-ports=80 protocol=tcp dst-address=100.100.100.100 dst-port=8080

Now Webcam server on port 8000. I create absolutely the same rule, but when I use iVMS4500 mobile app it do not want to connect.

chain=dstnat action=dst-nat to-addresses=192.168.1.222 to-ports=8000 protocol=tcp dst-address=100.100.100.100 dst-port=8000

I thought maybe I’ve entered something wrong, but when I change IP/Domain to local address it works fine. When I switch to public address it says error to connect. I have no idea what did I do wrong here. Maybe protocol has to be not TCP but some other one?

CRS1

ivicask · November 26, 2019, 1:44pm

I think first rule is problem, app exepcts 80 to be web port, yet you redirected it to 8080, try for test change it from 8080 to original 80.

Also you may need 554 UDP/TCP for RSTP stream.

Try also forward UDP of that 8000 for test.

karlisi · November 26, 2019, 2:47pm

It’s OK with dst-nat rules. You don’t need 554/tcp or 8000/udp for iVMS application.
How do you connect to external address? From inside the LAN? If so, you need additional hairpin-nat rule.

Zacharias · November 26, 2019, 3:04pm

You know you can always use the cloud right ?
But since you want to port forward, i want to ask a few questions.
Do you have a public IP configured on your router ?
You use a DNS name ? If yes do you get a responce when you ping that name ?
Finally, as for the config you posted, no need to use the dst address 100.100… just specify the in interface, it must be the wan interface.

Serhioromano · November 27, 2019, 12:34pm

Actualy I use the coud and use domain that was generated for me. But it does not work as well. This domain pings ok, to the same IP I am using. And as I’ve said I have port 80 woring with the same IP or cloud domain.

My public IP is dynamic

No I do not

The 100.100.*** из my public dynamic address. When I use inretface it stops working even for port 80.

I do not connect to an external address. Do you mean to my public IP? I connect it from within LAN or through my mobile operator. It makes no difference. And what does it mean “You do not need port 8000”? How is that? I am connecting mobile app not web browser access.

The rules in command are in a different order than on the form. I redirect request to port 8080 to actual port 80. I mean in the webcam or in the local network I open cam web interface on port 80. When I open public IP with port 8080 it redirects to port 80. Any way that works fine, no issues on that.

I suspected that protocol might be an issue, so I try UDP on 8000. It doe snot change anything. I also added 554 port redirect but that also did not change anything. Still no access.

karlisi · November 27, 2019, 1:11pm

Yes, I mean public IP. And I wrote, you don’t need 8000/udp (ivicask suggestion), only 8000/tcp (you already tried it).
Are you sure port 8000 is reachable from Internet (not filtered by provider)? Check if packets are coming to this port.

Zacharias · November 27, 2019, 4:56pm

Actualy I use the coud and use domain that was generated for me

A cloud device does not need a DNS. I guess you mean the manufacturer gives you a free DNS to use, but this is not what i mean.

gotsprings · November 30, 2019, 2:13pm

/ip firewall Nat export

mrpip · March 15, 2021, 8:45pm

I have tha same problem

anav · March 16, 2021, 4:20pm

/export hide-sensitive file=anynameyouwish