Messages

1

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 18, 2024, 01:29:24 am »

How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

I would expect it will allow you to either configure a fixed IP address or use DHCP. If you choose DHCP (or if there's no option), you could create a reservation in OPNsense's DHCP server to assign it a specific IP address of your choosing (which should be outside the pool for dynamic addresses).

Looking online I  see these NVR's have two IP settings, one for the Switch that provides POE connectivity and one for the internal NIC that connects to your network.
The IP for the switch can be changed, but I read it is better to allow the NVR to assign one via its own DHCP and then to remove the tick and this will make it static.
Saying this, this is not the IP required to access the NVR, it has to be left alone as it is a static IP that the NVR uses to talk to the switch, and changing it am told results in the connected cameras being unable to communicate with the switch in the NVR.

I will see how it goes, and ask again when I get stuck.

One thing though, how does one create a reservation in OPNsense's DHCP server.
Am beyond new to all this network stuff, I hear of subnets and this is even more cconfusing,
as is different ip ranges, all greek to me.

2

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 17, 2024, 11:46:06 pm »

You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...

... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...

Thank you for commenting.
How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

Thank you for posting.
You bring up some good points, regarding trusting I am unsure but in general I do
not trust anything and thus my blocking idea.
I am awaiting the NVR in the post, and as of yet do not know whether it has a static
or dynamic IP, I am only assuming a static IP could be blocked easier than a dynamic one.

I have what I think is an odd setup, I only have mobile internet access.
I set up OPNsense and use a portable router connected by cable to the OPNsense WAN port and
set to bridge mode.
This portable router bridges to my phone to provide my entire wired network with internet access.
This also means I can leave my phone in the same room as the routers and connect via Ethernet
to my network in another part of the house and use apps on my laptop rather than the apps on the
phone, open source apps that is, I have zero trust in my phone not to be listening in and sending big
brother info from any app I would use on that device, so I use computers instead to communicate.

Now, I have decided to add some IP cameras, and am quite lost, I went the NVR route as in
testing it would take a very fast computer to record my 8mp cameras and display them, I tried
with zoneminder, memory was ate up until the system frooze every time a camera was triggered
it would record so much then freeze the computer, so I will now use an NVR which must use
a GPU to do its work, the chips inside these things are rarely marked so its a guessing game.

3

General Discussion / Re: How can I keep my security camera setup off line and still acces it locally

« on: September 17, 2024, 11:35:53 pm »

You could assign igc3 as another interface, and give it its own subnet (not overlapping with your existing LAN), and create firewall rules to explicitly allow whatever communication you deem appropriate...

... or you could put the NVR on your LAN and block it from accessing the internet... but it would still be able to talk to other hosts on your LAN without going through the firewall - that may or may not be a concern, depending on how much you distrust the NVR...

Thank you for commenting.
How can I block an IP / my NVR's IP if it turns out to be dynamic, I am awaiting the
NVR in the mail, and can not find any information regarding whether it has a fixed IP
or a dynamic one.

4

General Discussion / How can I keep my security camera setup off line and still acces it locally

« on: September 16, 2024, 11:16:47 pm »

Hi everyone.
I am putting together an ip camera system that connects to an NVR.
I want to put the NVR in a safe place and access it over my network.

My router runs OPNsense, it has four ports, it is in default configuration
with nothing set up yet, igc1 is the Wan port and igc0 is the lan port.

That leaves two more ports on the router, igc3 and igc4.
Is there a way I can set one of these ports / igc3 for example, so that I can connect my NVR
to it and access it over the lan / igc1 port, but make sure the NVR connected
to igc3 in this example can not access the WAN / internet.

I am completely new to OPNsense, networking and ip cameras, so a simple
solution is what am after.

Thanks to all.

5

General Discussion / Re: Secure boot and fast boot

« on: August 28, 2024, 12:42:44 am »

Thanks, I have secure boot off, will leave fast boot alone seeing as it is no security threat.

6

General Discussion / Re: Can't Update OPNSense after successful "transparent bridge" set up.

« on: August 28, 2024, 12:14:41 am »

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

Are you sure you want to bridge the lan and wan, seems very odd thing to do.

7

General Discussion / Secure boot and fast boot

« on: August 28, 2024, 12:01:46 am »

Hi everyone, my first post.
Should I disable secure boot and fast boot in the BIOS.
I want to take it one step at a time and I usually disable these settings when I install Linux.

Is there any security benefit to be had by leaving both of these settings enabled.

Thanks to all.