I removed the forward to destination WAN, add the traffic rules but I can't seem to connect to the cctv device. or do you mean I need to use the port forward tab?
The first rule was fine, don't change the first rule by adding extra ports, it's the second rule that opens up forwarding from CCTV.
When you test you must test from a device connected to a different firewall zone, one that has full internet access. Are you doing that?
1 Like
Hello dlakelan, I got some good news!
Thanks for the help, I was able to make it with your help! 
I set the forward to allow Any ports, checked the Connections for the port.
I changed it back to this, and added the port ranging from 12000-14000 and then it worked!
I also changed the Firewall Input and Forward to reject and it still works.
I like to ask you what is the difference between the Port Forward tab and Traffic Rules tab? they can be use to forward ports so when to use port forward instead?
1 Like
Port forwarding is for letting internet devices connect inbound to LAN devices. What you are doing here is letting LAN devices connect outbound
1 Like
How about mobile devices (ios and android phones)? do you control the input also?
For every firewall zone you have the option INPUT, OUTPUT and FORWARDING. First is for traffic from the zone to the device. Second is from the device to the zone. Third is for traffic between interfaces of the same zone. For the traffic between different zones you need to either allow it completely (usually the case in the LAN->WAN config) or allow specific things, like you did with the CCTV hosts towards ports 80,8000,554 etc in WAN.
2 Likes
Don't confuse LAN zone with wired devices. In the default configuration, LAN interface cover the bridge of the wireless radios and the VLAN of the physical LAN ports, and that's assigned LAN zone
So, basically in a simple setup, wireless devices are also on the LAN.
2 Likes