call me a dumdum if you must...really having trouble following documentation re: port forwarding. in my instance i have an ip camera connected to igc2 port of the router. coming from ddwrt and now fully realizing i dont know what the hell im doing i suppose...could really use some help with the 1-1 translation between ddwrt way and opnsense way of doing things.
in ddwrt i'd go to nat/qos>port fowarding, application was "camera", protocol was "both" because although my cell phone connecting via https, i couldn't connect https when trying to access within the network when home...never figured that one out years ago and gave up...anyway...source net blank, port from "30010, ip address 192.168.1.5, port to "443", and enabled was selected...bam just always worked.
i cant decipher where each of these settings above go into the opnsense>nat>port fowarding???
also sad to say im not sure of this, but i think i need to assign the ports to an interface and im afraid of messing that up too. remember they are only plugged in and that's it.
i know i know...i could use vlan or openvpn to avoid all this but i don't want my cell phone being a part of the network even temporarily to check the ip camera feeds. thx
59 views and no love? really hoping this is easy for someone out there...thx
hi there i will tell you what i do to port forward my camera so you go to firewall then nat then port forwarding then new rule in the interface selecte your wan interface protocole is tcp/udp or choose just udp i do booth in the destination your wan adresse in destination port choose ur poort for exemple from 3030 to 3030 the destination ip is your local camera ip 192.168.1.5 for exemple the source port is 3030 name the roule and click ok dont forget to open 3030 in your modem or source of internet and this is the easyway
for more secure and advanced way you need to nat your local ip and use a virtual ip and also to point your local port to an ssl port but this need more work
Port forwarding in OPNsense is similar to what you describe in ddwrt. The docs are pretty straightforward:
https://docs.opnsense.org/manual/nat.html (https://docs.opnsense.org/manual/nat.html)
What happens when you try it?
Quote from: mouad on April 08, 2024, 05:44:42 PM
hi there i will tell you what i do to port forward my camera so you go to firewall then nat then port forwarding then new rule in the interface selecte your wan interface protocole is tcp/udp or choose just udp i do booth in the destination your wan adresse in destination port choose ur poort for exemple from 3030 to 3030 the destination ip is your local camera ip 192.168.1.5 for exemple the source port is 3030 name the roule and click ok dont forget to open 3030 in your modem or source of internet and this is the easyway
for more secure and advanced way you need to nat your local ip and use a virtual ip and also to point your local port to an ssl port but this need more work
hi mouad, thanks i'll give this a try this evening if i have some energy left after work. really appreciate it
anyone have any step by step process of what to do after plugging in the camera to igc2? i think i go to interfaces and add igc2 for the camera and assign it the static ip that i want the camera to have. i dont use vlans so i think from there i would then just set up the port forwarding, right?
First thing you should realize is that of you use multiple Ports for the Same subnet, you need to create a Bridge.
Quote from: r.2024 on April 08, 2024, 03:15:47 AM
i know i know...i could use vlan or openvpn to avoid all this but i don't want my cell phone being a part of the network even temporarily to check the ip camera feeds. thx
while others help you with port forwarding (which is btw quite easy on OPNsense) I will tell you what I did with my cameras:
1- (of course) for all my IoT devices I have separate VLAN: 30
2- LAN ports on managed switch and SSID for IoT connect them directly to this VLAN
3- and now some rules on this VLAN:
- allow DNS
- allow all to reach my Home Assistant IP on another VLAN
- block everything else
4- this way all IoTs are exposed to Home Assistant that includes cameras - if I want to see what is going on I use remote access to my HA and while I am at home I can connect to the camera as well
5- checking the firwall logs, the IoT devices are SCREAMING all the time: LET ME CONNECT TO MY HOME SERVER!!! usually it is in China. And cameras are top 3 with that screem.
I hope you got what I wanted to say ;-)