Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Problem with Nat port for camera

Locked
 
cupid2404
just joined
Topic Author
Posts: 2
Joined: Wed Mar 23, 2016 5:59 pm

Problem with Nat port for camera

Wed Mar 23, 2016 6:26 pm

I using RB1100AHx2 v6.27
I have registry no-ip host, and add this script + schedule for run script
Code: Select all
# No-IP automatic Dynamic DNS update

#--------------- Change Values in this section to match your setup ------------------

# No-IP User account info
:local noipuser "USER"
:local noippass "PW"

# Set the hostname or label of network to be updated.
# Hostnames with spaces are unsupported. Replace the value in the quotations below with your host names.
# To specify multiple hosts, separate them with commas.
:local noiphost "HOST"

# Change to the name of interface that gets the dynamic IP address
:local inetinterface "INTERFACE"

#------------------------------------------------------------------------------------
# No more changes need

#:global previousIP;

:if ([/interface get $inetinterface value-name=running]) do={
# Get the current IP on the interface
   :local currentIP [/ip address get [find interface="$inetinterface" disabled=no] address];

# Strip the net mask off the IP address
   :for i from=( [:len $currentIP] - 1) to=0 do={
       :if ( [:pick $currentIP $i] = "/") do={
           :set currentIP [:pick $currentIP 0 $i];
       }
   }

   :local previousIP [:resolve "$noiphost"];

   :log info "DNS IP: $previousIP, interface IP: $currentIP";

   :if ($currentIP != $previousIP) do={
      :log info "No-IP: Current IP $currentIP is not equal to previous IP $previousIP, update needed";
     # :set previousIP $currentIP;
      :local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$currentIP";
      :log info "No-IP: Sending update for $noiphost";
      /tool fetch url=($url . "&hostname=$noiphost") user=$noipuser password=$noippass mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
      :log info "No-IP: Host $noiphost updated on No-IP with IP $currentIP";
      
   } else={
   :log info "No-IP: Previous IP $previousIP is equal to current IP, no update needed";
   }
} else={
   :log info "No-IP: $inetinterface is not currently running, so therefore will not update.";
}
Then, i NAT port 81 for camera device.

Now, when i type user.ddns.net:81, browser go to the page of camera device -> OK
But i just type user.ddns.net, browser go to page login router.

Why's that when I just NAT port 81 to ip camera?
Top
 
kiaunel
Member Candidate
Member Candidate
Posts: 219
Joined: Mon Jul 21, 2014 7:59 pm
Location: Germany

Wed Mar 23, 2016 6:36 pm

How did u nat camera port?

Sent from my Lenovo K50a40 using Tapatalk
Top
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Thu Apr 17, 2014 4:17 pm

Re: Problem with Nat port for camera

Wed Mar 23, 2016 7:04 pm

You could disable the http service on the router and enable https. If you are trying to NAT a web server port to port 81 in your dst-nat chain.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Problem with Nat port for camera

Wed Mar 23, 2016 7:05 pm

Hostname points to address. It does not have to do anything with ports. So if you forward port 81 from you router's public address to internal camera, http://user.ddns.net:81 will connect to internal camera. If you don't forward port 80 anywhere, http://user.ddns.net will try to open webserver on your router. Simple as that.
Top
 
cupid2404
just joined
Topic Author
Posts: 2
Joined: Wed Mar 23, 2016 5:59 pm

Re: Problem with Nat port for camera

Wed Mar 23, 2016 7:29 pm

Hostname points to address. It does not have to do anything with ports. So if you forward port 81 from you router's public address to internal camera, http://user.ddns.net:81 will connect to internal camera. If you don't forward port 80 anywhere, http://user.ddns.net will try to open webserver on your router. Simple as that.
Thanks for replay.
Present, I don't forward port 80 anywhere. And i don't want http://user.ddns.net will open webserver on router. What should i do?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: Problem with Nat port for camera

Wed Mar 23, 2016 9:40 pm

Rule like this will do the trick:
Code: Select all
/ip firewall filter
add action=reject chain=input dst-port=80 in-interface=<wan interface> \
    protocol=tcp reject-with=tcp-reset
It will still work from LAN, feel free to change it if you want. But remember that you won't be able to use WebFig if you do that (I don't know if you need it or not). In case you don't need WebFig, you might just disable it under /ip services and then you wouldn't need any extra blocking rule.
Top
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Thu Apr 17, 2014 4:17 pm

Re: Problem with Nat port for camera

Wed Mar 23, 2016 9:40 pm

Disable services you do not want to use:
You do not have the required permissions to view the files attached to this post.
Top
Locked

Who is online

Users browsing this forum: svmk and 34 guests
  4. RouterOS
  5. Beginner Basics