CCTV remote access; port forwarding...

cmutwiwa
Senior Member

Posts: 73

CCTV remote access; port forwarding... Oct 12, 2016 13:02:49 GMT

Quote

Post by cmutwiwa on Oct 12, 2016 13:02:49 GMT

Hi guys,
I'm facing a problem that I've been trying to ignore but its time I deal with it.
I'm using SmallWall to manage bandwidth for my clients.
Everything else works great but lately a couple of clients need to access their CCTV remotely.

My network layout is as described here.

--> ISP Modem/router (WAN - 41.237.xx.xx, LAN - 192.168.167.x) --> Smallwall (WAN - 192.168.167.x, LAN - 192.168.168.x) --> Client router (WAN - 192.168.168.x, LAN - 192.168.1.x) --> Client's DVR machine.

Now, I know there is port forwarding to be done here and I have managed to forward my SmallWall IP on the ISP router and so I can reach it remotely.
The problem is I've never done port forwarding where more than one router is involved and in this case there three routers involved (ISP router, SmallWall and Client's router).

My question is, what is the best practice here, is it possible to port forward through SmallWall then Client's router to the DVR? is it workable and if yes, kindly illustrate / guide on how it can be achieved.

Any help will be highly appreciated.

Best regards

Cosmas

Lee Sharp
Administrator

Posts: 522

CCTV remote access; port forwarding... Oct 12, 2016 14:28:30 GMT

Quote

Post by Lee Sharp on Oct 12, 2016 14:28:30 GMT

Ick! Triple NAT. I do not want to see those packet headers!

First, I would try and get some of those firewalls into bridge mode. Obviously, SmallWall can not do that and still shape traffic... But you can remove the ISP router from that. Also DMZ Pluse mode would still do nat, but pinhole everything to SmallWall.

After that, it is just setting the port forwarding rules in all firewalls. Simple in concept, but time consuming with a lot of room for a simple mistake.

cmutwiwa
Senior Member

Posts: 73

CCTV remote access; port forwarding... Oct 12, 2016 14:49:34 GMT

Quote

Post by cmutwiwa on Oct 12, 2016 14:49:34 GMT

Thanks Lee for the reply.
Yes I can get the ISP router in bridge mode, only one problem with that, I didnt mention it but the main connection (where ISP router is located) is like a mile away in another bldg, am only using PtP to get it to my Base Station where SmallWall is located, the PtP is obviously in bridge mode, putting the ISP router to bridge mode will require me to have the PtP in router mode since the ISP provides me with only one IP address. I think if I the correct port forwarding sequence from the ISP router to SmallWall to Client router then it will work...

Lee Sharp
Administrator

Posts: 522

CCTV remote access; port forwarding... Oct 12, 2016 16:03:40 GMT

Quote

Post by Lee Sharp on Oct 12, 2016 16:03:40 GMT

No, it can all be in bridge mode. Give the WAN port a secondary IP for management of the PtP APs and put them on 172.16.25.x or something. That can also give you management of the IPS router from the LAN side...

cmutwiwa Senior Member Posts: 73	CCTV remote access; port forwarding... Oct 13, 2016 5:17:32 GMT Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by cmutwiwa on Oct 13, 2016 5:17:32 GMT Oh!...sounds workable, never tried that, will definitely give it a try. Thanks Lee

cmutwiwa
Senior Member

Posts: 73

CCTV remote access; port forwarding... Oct 13, 2016 6:40:27 GMT

Quote

Post by cmutwiwa on Oct 13, 2016 6:40:27 GMT

Ok Lee...let me say something is escaping me here, when you say "Give the WAN port a secondary IP for management of the PtP APs and put them on 172.16.25.x or something." which WAN port are you referring to? on the ISP router or on SmallWall?...am a bit confused here...

Lee Sharp
Administrator

Posts: 522

CCTV remote access; port forwarding... Oct 13, 2016 12:23:42 GMT

Quote

Post by Lee Sharp on Oct 13, 2016 12:23:42 GMT

Smallwall. But my brain actually broke. (Was doing too many things at once...) You need it on a LAN or Opt interface to use the GUI and not be NATed... So set up an Opt (if you have the ports) and plug it into the WAN switch. You can also multinet with shell commands.

cmutwiwa
Senior Member

Posts: 73

CCTV remote access; port forwarding... Oct 13, 2016 12:51:13 GMT

Quote

Post by cmutwiwa on Oct 13, 2016 12:51:13 GMT

ouch!...unfortunately I don't have the ports to setup an Opt.
Guess am kinda stuck here for now but am going to try forwarding the IP in sequence, from the ISP router to SmallWall to Client's router, I've seen online examples for double forwarding but not triple...my only worry is if will be able to get past SmallWall...

Lee Sharp
Administrator

Posts: 522

CCTV remote access; port forwarding... Oct 13, 2016 14:27:08 GMT

Quote

Post by Lee Sharp on Oct 13, 2016 14:27:08 GMT

You can use shell commands in the config file to manually bring up a multinet on WAN. Use the hidden exec.php to figure out the exact commends needed for what you want, then put it in the config. It works, but is a bit of work to set up.

Or, just bucket brigade it.

Port 80 goes from ISP router to SmallWall to client router to DVR.

cmutwiwa
Senior Member

Posts: 73

CCTV remote access; port forwarding... Oct 14, 2016 6:38:30 GMT

Quote

Post by cmutwiwa on Oct 14, 2016 6:38:30 GMT

Oct 13, 2016 14:27:08 GMT Lee Sharp said:

Or, just bucket brigade it.

Port 80 goes from ISP router to SmallWall to client router to DVR.

Thats exactly what am going to try out, am not ready to go into shell commands hehe

Lee Sharp Administrator Posts: 522	CCTV remote access; port forwarding... Oct 14, 2016 12:15:27 GMT Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Lee Sharp on Oct 14, 2016 12:15:27 GMT Just giving options. Pick the one that best fits your needs.

CCTV remote access; port forwarding...

Post by cmutwiwa on Oct 12, 2016 13:02:49 GMT

Post by Lee Sharp on Oct 12, 2016 14:28:30 GMT

Post by cmutwiwa on Oct 12, 2016 14:49:34 GMT

Post by Lee Sharp on Oct 12, 2016 16:03:40 GMT

Post by cmutwiwa on Oct 13, 2016 5:17:32 GMT

Post by cmutwiwa on Oct 13, 2016 6:40:27 GMT

Post by Lee Sharp on Oct 13, 2016 12:23:42 GMT

Post by cmutwiwa on Oct 13, 2016 12:51:13 GMT

Post by Lee Sharp on Oct 13, 2016 14:27:08 GMT

Post by cmutwiwa on Oct 14, 2016 6:38:30 GMT

Post by Lee Sharp on Oct 14, 2016 12:15:27 GMT

Quick Reply