Inconsistent IP Cam Port Forwarding?

GBano · September 13, 2022, 7:57pm

Hello,

I seem to have encountered a weird problem:

There are three IP cams connected to an OpenWRT Netgear (HAOS CALMER (15.05, r46767)).
Both have an open port forwarded so they can be viewed via LAN and WAN.
Cam 1-2 work fine but cam 3 is only accessible via LAN, not from outside.
So I would rule out the camera itself (all three are the same Foscam model).

I'm pasting the camera port forwarding part of the firewall config below and as you can see, it's all the same for all three cams.
So where could the problem lie?

/etc/config/firewall :

config forwarding
        option src 'lan'
        option dest 'wan'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '901'
        option dest_ip '192.168.12.1'
        option dest_port '901'
        option name 'CAM1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '902'
        option dest_ip '192.168.12.2'
        option dest_port '902'
        option name 'CAM2'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '903'
        option dest_ip '192.168.12.3'
        option dest_port '903'
        option name 'CAM3'

mk24 · September 13, 2022, 8:06pm

Port 53 is used for DNS, it probably conflicts with dnsmasq.

You should use higher port numbers that are not reserved for things.

Conventionally .1 is the router in a subnet (though it doesn't have to be) and endpoint devices are other numbers. In this case the IP the router holds must not be 192.168.12.1 since that conflicts with a camera.

You can have all the cameras listening on the same port (since they have different IP addresses) and translate from different external ports. This could simplify camera configuration.

Exposing IP camera ports directly to the Internet is considered high risk. Also 15.05 is very old and should be upgraded.

GBano · September 13, 2022, 8:09pm

Ah sorry, this wasn't intended: I masked some details to protect the system.
It's not port 53.
They are in the 900s...
Will adjust it to avoid confusion.

Would be curious however about an overview over pre-assigned ports and also compare nmap port scans for all three cams.

GBano · September 27, 2022, 4:41pm

Well,
I can log in / reach the cam locally via LAN.
How come this is a WAN issue only?

Mike Keitz via OpenWrt Forum: