Access zone 'iot' from 'lan'

Is there any firewall or access list on the iot devices?
You can rule this out quickly by enabling masquerade on iot firewall zone and try again.

There are a few things to unwrap...

  • you can ping 192.168.2.1 from the lan because the router actually responds to that address... so in this case, you're not truly routing between different networks, but rather getting a response from a device that has an address on both the lan and iot networks (i.e. the router).

Now, as for the IP cameras, there are a few possible situations here...

  • how are they configured -- do they use DHCP or are they setup with a static IP?
  • are you sure that they are able to work with inter-network connections?
    • some devices may not actually understand how to work with routed connections if they are designed only for local (same subnet) connectivity.
    • other devices may have host-level firewall rules that reject/drop connection attempts from other networks (windows is a great example of this).

A worthwhile test would be to put a computer (preferably non-windows based.... could be something like a RPi or similar) on the iot network and then try to connect to it from the lan... if it connects, it means your router is setup correctly.

2 Likes

Ok, I will try that tomorrow.
[EDIT]
Well, I followed @psherman s advice and put a RPi in the iot zone via Wifi.
And it is reachable via ping and ssh from the lan zone.
So the network/firewall config is OK, but the two IPCams can not be reached from a different subnet.
That is really strange, but now I can search for other solutions to solve the problem.

Many thanks to all of you, your help is very much appreciated.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.