Port forwarding is not working for IP Cameras

I have TP-LINK VIGI C430I IP camera (192.168.0.70) connected to my router running OpenWrt.

I can access 192.168.0.70 with my Windows PC (192.168.0.2) also connected to my router and view the webUI of the IP cam without any problem.

I have setup OpenWrt firewall to port forward to 192.168.0.70 (external port 8400, internal port 80). However, I cannot access WebUI of the IP cam with browser via WAN. I get ERR_INVALID_REDIRECT in Chrome.

I have no problem accessing other 20 devices via WAN.which are port forwarded in the same way (different external ports assigned in the firewall of course) as the IP cam.

Is IP cam different from other non-IP cam devices? Or is this just TP-LINK IP cam's problem?

I only need to access the WebUI (port 80). I do not need any video feed (ONVIF, rtsp ets.)from the IP cam which uses different ports.

The only difference I noticed between the IP cam and other devices is that IP cam gives me a warning about https not being used with https crossed out in the browser's address bar (https://192.168.0.70).

You likely need a web proxy that rewrites those redirects. Better wireguard dial-in to LAN (or equivalent) with needed access.

1 Like

Perfect way to get your camera hacked, and added to some bot net, it wouldn't be the 1st one...

4 Likes

Don't do this, do not forward traffic using unsecured HTTP, it's not safe.

2 Likes

To extend to WG home connection: https://openwrt.org/docs/guide-user/services/vpn/wireguard/server
i.e use VPN to connect your phone or laptop to home LAN

1 Like

As others have said. Don't do this, and look into VPN (Wire Guard is an example and recommended), reverse proxy, cloudflare tunnel, etc.
You don't mention the reason why you're trying to do this, maybe a "jump box" utilizing some type of remote access software (Microsoft's quick assist, TeamViewer, Chrome remote desktop, etc, as as solution). Maybe this would work if you're trying to do this as just a one-off temporary setup.

I looked at that camera, It looks like a camera possibly supporting TP links Vigi app. So maybe that might be better and easier solution for you to utilize that with their cloud, if it's supported.

To answer your question, and not offer other solutions, that you really should look into other options... If you set up the port forward correctly, you would have to use your external IP (possibly from a completely external source, unless you have hairpin nat allowed (I can't remember the default setup with OpenWRT in this scenario). And then you would have to specify the port so it would look like http://youpublicipnot192adress:port number (http, because you said you're trying to reach port 80). Your example is also confusing because you mentioned HTTPS in part of your examplebe. Https would be used if you're trying to access port 443.

Again, don't do this, but trying to answer your question in case this is a learning experiment, or maybe you're trying it from a closed environment.

Your ISP could be blocking various ports, or if that camera is then doing something with the URL after connection, And it's trying to redirect you to something other than that port, That could also "break" it.

The last thing I'll mention as an option, or something that might stir the fire as you go down the camera road, you could also look into self-hosted DVR and NVR solutions like agentDVR, Blu Iris, frigate, etc. That's a whole other topic, That you might end up spending weeks researching, lol.

1 Like

Thank you for your reply.
I already have setup ddns (no-ip.com) and it works fine with other IOT devices.

I tried http://****.ddns.net:8400 to connect to the IP cam (port forwarded to 192.168.0.70:80 by OpenWrt) but it does not work.

Since I have not encountered any problems with other IOT devices redirected to different ports, I can only guess that the camera is doing something with the URL after connection like you mentioned.

Regarding the NVR, I already have NVR running which allows me to view the video streams. The only reason I want to access the WebUI is to change the configuration or the setting of the camera.

I will definitely look into Wireguard as suggested by numerous users of this forum.

Thank you again for your reply.

The camera might have a firewall to refuse connections from non-LAN IPs (the Internet). Run tcpdump on the router to see if connection attempts are being forwarded to the camera, and what its response is.

1 Like