alexj
May 26, 2009, 5:12pm
1
Hi,
I have ROS hotspot AP with subnet 10.0.40.0/24 connected with a pair of Nanostation NS5 in WDS AP mode to a DHCP server with subnet 192.168.20.0/24.
Can somebody tell me how to forward ports 5000 and 5002 to a hotspot user with static IP 10.0.40.91. He wants to access his ip web camera from ouside world. The camera has dyndns option.//acogold10.dyndns.org:5000 .
0 10.0.40.1/24 10.0.40.0 10.0.40.255 wlan1
WAN side is ADSL with dynemic IP.
[admin@MT ZTLX] ip firewall nat> print
Thank you in advance
Alex
alexj
May 27, 2009, 9:41am
3
sergejs:
/ip firewall nat add action=dst-nat chain=dstnat dst-port=5000 dst-address=public_IP_address_of_the_router to-addresses=local_IP to-ports=local_port
You need DST-NAT rules.
Thanks for your help. I have done dst-nat but no luck. Here is my des-nat:
0 ;;; masquerade hotspot network
1 chain=dstnat dst-address=192.168.20.40 protocol=tcp dst-port=1024
2 chain=dstnat dst-address=192.168.20.40 protocol=tcp dst-port=5000
3 chain=dstnat dst-address=192.168.20.40 protocol=tcp dst-port=5004
I have changed http port of the camera from 80 to 1024 in camera’s control panel.
The web camera is using 5000 port for video and 5004 for audio.
1.The camera in NOT accessible from wan side: http://192.168.20.40:1024 I get no response from IP camera from a PC with IP 192.168.20.188
http://10.0.40.4 - I am able to access control panel of IP camera from a PC with IP 10.0.40.55
How do you ensure authentication fot the 10.0.40.4 client ?
alexj
May 28, 2009, 12:57pm
7
alexj:
By client MAC address.
Thank you
One more question. How do I block a client by mac address to associate with specific hotspot AP:
Block client’s MAC address to wireless registration list?
OR block client’s MAC by DHCP server?
Thank you
enter his MAC in the ACCESS LIST of the Wireless card, and UNCHECK the AUTHENTICATION box. He will not be allowed to connect.