Access IP camera with static IP on other subnet?

Started by mrpetersson, May 05, 2024, 11:43:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 05, 2024, 11:43:14 AM
I recently did some changes to my network setup in my home, like switching from using 192.168.1.0/24 to instead have 10.10.0.0/16 for my LAN (I'm not using VLANs yet). One problem I've run into is that I have this cheap IP camera that has a fixed IP address 192.168.1.X and I have not found any way to change that or set it to use DHCP.

I've tried a bunch of things wth routes and firewall rules but I don't have sufficient understanding of these things to make it work.

This is the setup:

  • Computer running OPNsense 24.1.6-amd64 (at this moment). One NIC is used for WAN and one for LAN.

  • Switch (Unifi 8-port PoE switch) - this one gets a 10.10.10.Y address (I've set up som static assignments in DHCP where I've used different ranges like 10.10.10, 10.10.20 and 10.10.100 for different types of devides. Yes, this should probably be done with VLANs instead but I'm not there yet.

  • A few IP cameras are connected to the above switch, most of them get IP adresses through DHCP but this particular camera doesn't support that it seems - or at least there is no configuration option for it.

I'm trying to reach the IP camera via rtsp and ping.

I asked ChatGPT and it said the following (see firther down) but I don't get that to work either...

Any tips I could use to figure out a way to do this? I'm sure this is pretty easy but I don't get it...

(X and Y are of course some numbers.)

Quote1. Configure a Static Route:

  • Go to the OPNsense web interface.
  • Navigate to the "System" menu and select "Routes."
  • Click on the "+" icon to add a new static route.
  • In the "Destination network" field, enter the network address of the camera's subnet, which is 192.168.1.0/24.
  • In the "Gateway" field, enter the IP address of the switch that connects to the camera. This will likely be an IP address within the 10.10.0.0/16 subnet.
  • Save the changes.

2. Configure NAT (if necessary):

  • If the computers on the 10.10.0.0/16 subnet need to access the camera using its original IP address (192.168.1.X), you'll need to set up NAT.
  • Navigate to the "Firewall" menu and select "NAT."
  • Add a new NAT Port Forward rule.
  • In the "Interface" field, select the interface that connects to the 10.10.0.0/16 subnet.
  • In the "Protocol" field, select the appropriate protocol (e.g., TCP or UDP).
  • In the "Destination" section, enter the original IP address and port of the camera (e.g., 192.168.1.X:port).
  • In the "Redirect target IP" field, enter the IP address of the camera.
  • Save the changes.

3. Ensure Firewall Rules Allow Traffic:

  • Make sure that there are no firewall rules blocking traffic between the 10.10.0.0/16 subnet and the 192.168.1.0/24 subnet.
  • Navigate to the "Firewall" menu and select "Rules."
  • Check both the WAN and LAN interfaces for any rules that might block traffic between these subnets. Adjust or add rules as necessary.
After completing these steps, computers on the 10.10.0.0/16 subnet should be able to reach the camera at 192.168.1.X. If you're still encountering issues, double-check the configuration and ensure that the devices are properly connected to the network.

May 05, 2024, 03:43:06 PM #1
Instead of posting wrong information presented by ChatGPT I would just throw away that camera. You cannot change the IP address? Well, what else does this thing do in your network you're not aware of?

Regarding your OPNsense question: set up another LAN (VLAN or seperate cable) for the camera. At least you'd have some control over the traffic
May 05, 2024, 04:53:38 PM #2
Quote from: Saarbremer on May 05, 2024, 03:43:06 PM
Instead of posting wrong information presented by ChatGPT I would just throw away that camera. You cannot change the IP address? Well, what else does this thing do in your network you're not aware of?

Well, I guess that is also a topic to discuss - how to make sure this device doesn't call home and share some data or accesses other devices that it shouldn't. I guess firewall rules will at least help there. I don't know that ChatGPT is wrong - perhaps it is just me that is doing it wrong, but if it can be confirmed that solution will not work then that is good information.

Quote from: Saarbremer on May 05, 2024, 03:43:06 PM
Regarding your OPNsense question: set up another LAN (VLAN or seperate cable) for the camera. At least you'd have some control over the traffic

Sounds easy enough but I guess there is more to it - I will need to configure the switch for the VLAN also, right? Some rules in the firewall as well?
May 06, 2024, 09:38:03 AM #3
Hi,

just to be clear: In order to access multiple subnets in a proper way you need actual subnets, i.e. VLANs. Anything else might work partially but usually it doesn't.

ChatGPT gave you the right answer to the question how to set up routes but that doesn't solve your issue nor does it work at all in your setup.

Subnetting involves VLAN separation, that requires VLAN capable router interfaces and a mangeable switch. And yes, in order to allow traffic, firewall rules are required, matching your requirements.
January 16, 2025, 04:21:03 AM #4
Chat GPT only helps us partly, sometimes it gives very roundabout and off-topic answers that I myself do not understand. As for changing the IP camera, I think it is impossible, because each machine produced has its own IP address.
Print
Go Up Pages1
User actions