Page 1 of 1

Mikrotik and camera ports

Posted: Thu Jun 01, 2017 10:56 am
by Leganini
Greetings to all,

I'm new to Mikrotik and much around it, i have a problem. Hope you guys can help me solve it.

Using Mikrotik routerboard RB3011UiAS, Router OS 6.38.1.

DHCP server - 6.6.6.0/24 for local PCs and devices.

Setting up new surveillance with 3 IP cameras, and NVR. They work like a charm, all get good IP and working as they should.
NVR - 6.6.6.111:90, port 90 is for http access as Lilin is having trouble with port 80 and 8080 for vieweing so i had to change it to 90.
Cameras - 6.6.6.39, 6.6.6.112, 6.6.6.113 , all of them work on port 90.

I can't access them from my Iphone software for cameras...port 90 not opened.
Internet connection is old ADSL that is dialed out from Mikrotik.

I would like to open port 90 on Mikrotik router, for my cameras and NVR, so I can access them and check my office from mobile while on meeting, please help.
Hope that port open will solve it ...tbh don't have a clue, any information is welcome.

Thanks!

Re: Mikrotik and camera ports

Posted: Thu Jun 01, 2017 12:06 pm
by DhrSoulslayer
You need to setup a NAT rule to allow port 90 to the ip address of your NVR.
Check this:

/ip firewall nat add chain=dstnat dst-port=90 action=dst-nat protocol=tcp to-address=[IP OF NVR] to-port=90

This rule will allow connections on port 90 on your external IP address to reach your NVR.


Different point of attention:
Is the 6.6.6.0/24 range your true IP range or is this just a fake.
Better would be to use a 10.0.0.0/16, 172.16.0.0/32 of a 192.168.0.0/24 range.

Re: Mikrotik and camera ports

Posted: Thu Jun 01, 2017 1:00 pm
by matiaszon
I don't think this will help at all. Port TCP 90 is for http protocol. To be able to use mobile app for cameras there is at least 1 protocol needed which is TCP 37777. Sometimes it is also needed to forward UDP 37778 as well. I don't know how it works on NVR, but this is what I have on DVR produced by BCS.

Of course, it is obvious, that you need public IP from your ISP.

Hope this helps.

Re: Mikrotik and camera ports

Posted: Thu Jun 01, 2017 2:22 pm
by Leganini
@DhrSoulslayer

Port 90 is opened, thanks for help!
Different point of attention:
Is the 6.6.6.0/24 range your true IP range or is this just a fake.
Better would be to use a 10.0.0.0/16, 172.16.0.0/32 of a 192.168.0.0/24 range.
No, unfortunately it's not fake :(
OpenVPN uses 10.0.0.0/24 range, when I get time(big problem) I will reconfigure VPN and my local network for now it will stay like this.
Thanks for corrections and notification.

May i know why it's not good practice to have that kind of range?

@matiaszon
I don't think this will help at all. Port TCP 90 is for http protocol. To be able to use mobile app for cameras there is at least 1 protocol needed which is TCP 37777. Sometimes it is also needed to forward UDP 37778 as well. I don't know how it works on NVR, but this is what I have on DVR produced by BCS.

Of course, it is obvious, that you need public IP from your ISP.

Hope this helps.
LILIN IP cameras and NVR in question here. LILIN NVR100L.
Untill now I used Dahua, and u have a point i had to open 37777 + UDP 37778, and I can use old cameras and DVR without problems.

Yea big problem is dynamic IP from ADSL not just for NVR and cameras but for most services I use.
This will change soon, getting new fiber connection next week, with public IP's from ISP. Then i will try to do as DhrSoulslayer suggested(IP range).

Thanks for HELP!

Re: Mikrotik and camera ports

Posted: Fri Jun 09, 2017 12:58 pm
by pukkita
Best practice is setting the DSL modem in bridge mode, so that it hands out the public IP directly to the mikrotik router.

If this is not possible, you'd need to resort to setting the mikrotik router as DMZ on the DSL router, or to forward the specific ports two times: DSL Router -> Mikrotik -> NVR.
Yea big problem is dynamic IP from ADSL not just for NVR and cameras but for most services I use.
IP being dynamic is not a problem, Mikrotik offers their own dynamic DNS support integrated straight into ROS, you just need to enable IP > Cloud.

Once you set that up, you'll get a yourboardserialnumber.sn.mynetname.net DNS you'll be able to use to access it from Internet.