Dear all,
hopefully you can help with my, probably easy, problem.
I have an internal network which includes 3 IP cameras (connected with wire and PoE and installed outside of my house) and a NAS for recording the images. For safety reason I would like to isolate the IP cameras from my internal network for the following reasons:
- I do not want my cameras to communicate with the internet
- In the event that somebody removes a camera from the wall and plugs in the cable I do not want the person to enter my internal network (IP range 192.168.0.xxx).
I have bought a MikroTik RB960PGS router for this. To this router I want to connect my internal network (via port 1), my 3 IP cameras and the NAS for recording. The NAS will be allowed to communicate with the internal network and internet. The IP cameras can only communicate with port 2-5 on the MikroTik router.
For now I put the MikroTik in router modus (IP range 192.168.1.xxx) and the cameras are working and communicating with the NAS.
From a PC in IP range 192.168.0.xxx I'm not able to connect to any device on the MikroTik, so that seems fine. However I still want to connect to the NAS with a PC to look back at recorded images.
But devices connected to the MikroTik can still connect to other devices outside the MikroTIk, which is not what I would like to have.
Would anybody be able to explain how I can takle this.
- Is it something with port forwarding for the NAS? And how should I do this then? I have tried something with dst-nat, but not get it to work.
- Should I actually put the MikroTik in bridge modus and prevent the IP cameras from communicating "outside" of the mikrotik? If this is the easiest route, how do I have to implement this?
Thank you very much for your help.
Kind regards from the Netherlands