Community discussions

MikroTik App
 
rfritz80
just joined
Topic Author
Posts: 24
Joined: Wed Jan 17, 2018 9:17 pm

Port Forwarding for Security Camera's

Sat Apr 14, 2018 5:44 pm

Hello everyone and thanks for taking your time to review my submission.

I had to setup in the mikrotik firewall under NAT rule for a customers camera system they have installed at their premises. They have a DVR that they can login to view the live stream at all times. Currently I have the customers port forwarding established and they can view their camera systems remotely. However, normally if I wanted to use the Web browser to load up mikrotik GUI on the web, I would type in the IP address for the router that we have for its public gateway, when I do this it is now always directing me to the customers Camera Login Screen.

Typically it should be working were the customer should be entering the IP address that we inform them about and then a colon ( : ) Followed by their port forwarding number to gain accessing into their camera systems remotely.

The customer needs these port forwarding numbers all in TCP: Ports 80, 81, 8000, and 10554.

I go into my Mikrotik Router by Winbox, Click IP, Click Firewall, Click the tab NAT: and begin to add my NAT port forwarding rule.
We set the customer with a static IP address for his Remote Camera system with X.X.X.99 /24

So in the NAT Tab Menu, I click Add new rule, in General I select in Chain: dstnat, and Dst. Address ( Our IP address for the Mikrotik router), then the Protocol: tcp, then the Dst Port: 80, and I select on the In. Interface, on our WAN port.

Next I goto Actions Tab, Under Actions I select: dst-nat, and enter in the To Addresses: X.X.X.99 (customers static IP address we assigned to him for his camera system) and then I Select To Ports: 80,

I repeat this process for all the required ports the customer needs, so they can gain access to their security system through our router.

This is working, however they don’t have to enter the Port Forward number when typing in our Routers IP address, it just directly takes them their!

So for instances the customer is suppose to type X.X.X.72:80 and takes them to their Remote Camera System Login Screen.

However, its now doing this, If I just enter X.X.X.72 with no Port Forward number on the end, it will always take me to the customers Login Screen.

If anyone has any ideas or suggestions I could try to fix this it would be much appreciated.
 
squeeze
Member Candidate
Member Candidate
Posts: 145
Joined: Thu Mar 22, 2018 7:53 pm

Re: Port Forwarding for Security Camera's

Sat Apr 14, 2018 8:51 pm

TCP port 80 is the default HTTP port. This is basic World Wide Web and TCP protocol knowledge.

In other words, all web browsers implicitly understand http://example.com as http://example.com:80.

If you actually need both of these services on this default (unsecured) web services port, then there is a conflict. This is usually resolved by one of the services being moved to a different port, e.g. remote router administration to a different port.

It can also be resolved by multi-homing with different IPs or by multi-hosting with different host names on the same IP, typically with a reverse proxy or more sophisticated web server in front of these services.

Alternatively, you could do none of the above and have a more secure setup, e.g. either a VPN for both services OR a remote and IP-filtered Winbox administration on one port with a TLS secured connection (with optional certificate auth) for the NVR/IP cam web login on the default HTTPS port (443). Even SSH tunneling would work and be more secure, similarly to the VPN solution, though it may not be as user friendly. Like the VPN solution, it has the advantage of being a single external port solution.
 
rfritz80
just joined
Topic Author
Posts: 24
Joined: Wed Jan 17, 2018 9:17 pm

Re: Port Forwarding for Security Camera's

Mon Apr 16, 2018 11:20 pm

Hi Squeeze, and thanks for your reply, ya I understand that port 80 is the default for http (non secured sites), but that's what I was told by the customer from his DVR tech support guy! If you could provide a demonstration on how to set that up in mikrotik it would be awesome, I am very new with Mikrotik and been learning as much as I can. I would truly appreciate this.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Port Forwarding for Security Camera's

Tue Apr 17, 2018 9:50 am

look here https://wiki.mikrotik.com/wiki/Manual:I ... nation_NAT

Ask DVR guy to change ports from 80 to eg. 40080 and follow above examples for port 40080.
You can also redirect external 40080 to port 80 on DVR to have DVR working.
 
rfritz80
just joined
Topic Author
Posts: 24
Joined: Wed Jan 17, 2018 9:17 pm

Re: Port Forwarding for Security Camera's

Wed Apr 18, 2018 3:16 pm

look here https://wiki.mikrotik.com/wiki/Manual:I ... nation_NAT

Ask DVR guy to change ports from 80 to eg. 40080 and follow above examples for port 40080.
You can also redirect external 40080 to port 80 on DVR to have DVR working.
Thanks Bartosz, the link you provided is just how I have it setup as, and when you mentioned talking to the DVR guy, I was thinking about doing too, I will have to give him a call and find if they can change that, I do appreciate your help and everyone's help in this matter, thank you all so much.
 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Port Forwarding for Security Camera's

Wed Apr 18, 2018 7:25 pm

keep you current rule, forward port 80 to DVR
forward port 82 to Mikrotik port 80
or not to use web interface to manage Mikroitk, using winbox instead?
 
johnii
just joined
Posts: 3
Joined: Tue May 18, 2021 10:21 pm

Re: Port Forwarding for Security Camera's

Sat May 22, 2021 9:43 pm

In general, there are two ways you can accomplish this, in certain cases you might be limited to one option or the other, depending on what's allowed within your router or camera:

Option 1: Leave the RTSP port (or HTTP port in case of a MJPEG stream) in all your cameras set to the default value (port 554 mostly) and select a different external port in your router port forwarding configuration. We recommend choosing ports 10554, 11554, 12554 and so on. The configuration should look like this in the router:
Last edited by johnii on Wed May 26, 2021 7:17 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port Forwarding for Security Camera's

Sat May 22, 2021 11:36 pm

Okay this is not clear at least to me at all what you are doing.
Draw a network diagram.

Firstly, most camera systems work through the cloud via an APP.
So cameras report to the manufacturers cloud which is accessed by the customer via their smart phone for example.

Are you saying this is not the case?

Is this a hybrid situation where the cloud functions separately from the DVR device and the DVR device is accessed directly from the LAN by other LAN users
AND potentially directly from the WAN??

If there is a direct WAN to DVR connection, what encryption or security is in place to protect that connection??

Also, how are you accessing your clients Routers, it appears not through VPN?????

Who is online

Users browsing this forum: BoraHorza and 90 guests