January 24, 2010 at 6:10 pm #42160
Let me start of by thanking Fulvio for a GREAT product!
I’m new to ZeroShell and so far it’s been a breeze – setting up ZeroShell as a router/internet gateway with a 3G USB router. That was until now. I can’t get the port forwarding right!
I am setting up a number of IP cameras as demos that must be accessible over the internet and would like to use ZeroShell to do the security and port forwarding of this little network. Everything is working – the IP cams have Internet access, the DDNS (through DynDNS) is set up and is accessible from the outside. But all I see is the ZeroShell login screen when I try to access a camera from outside.
Am I missing something? Should I create a firewall rule, and how? Please help!
Thanks in advance.
DJJanuary 24, 2010 at 7:06 pm #49442
The problem here is that you access the cameras though ports 80/443, and ZS is alrready listening to those ports.
Two steps that may help you:
1 – Disable ZS admin interface from outsiders and make it accessible just from internal (LAN) clients (This is also a good security measure)–> this can be done under Setup / HTTPS Tab / “Allow access only from” and select just your LAN interface (be careful to select the LAN and not the WAN interface as this can prevent you from accessing the admin pages from the LAN if you pick the wrong one).
2 – Since you’ve probably NATed your WAN interface, you can then use Setup / Network / Virtual Servers to map port 80 to one of the cameras OR select several different ports, one for each camera and translate each to port 80 of each camera’s LAN IP (you may also need to add firewall rules to allow such accesses in case you change the default FORWARD policy to DROP or REJECT). Note that if you choose ports different from 80 and 443 for each camera, step one is unecessary, but will still be a good security precaution…
GoodluckJanuary 27, 2010 at 2:12 pm #49443
Thank you Marcelo for your advice. I did as you suggested, but still I can’t access the IP cameras from the Internet – I now only get a “Page cannot be displayed”.
I’m pretty sure that the firewall is the culprit, but I’ve just spend the better part of 6 hours googling, adding and deleting firewall rules, changing the forwarding rules, testing… and still it does not work!
Either I’m missing something or ZS can’t do port forwarding. Fact is, I’m about ready to forget about ZS and get another router to do the job.
DJJanuary 27, 2010 at 2:35 pm #49444
Zeroshell can do port forwarding. I’m doing it for a number of ports on my public interfaces to different servers on my LAN. So it is something in your setup.
The advice given by Marcelo was spot on. So go through his suggestion again and verify your settings with respect to NAT and virtual server setup.January 27, 2010 at 2:38 pm #49445
One more thought… And this would affect other routers too:
How do these IP cameras send their video? Check the HTML they are generating and see if they are expecting another port to be opened for the video stream.January 27, 2010 at 3:23 pm #49446
Sorry if you already (probably) know this, kogonies, but just in case…
If you did assign different ports for each camera as suggested, you will have to indicate to the browser the respective camera port you assigned when you want to access this specific camera:
So that this can be internally converted by Zeroshell to:
You must be logged in to reply to this topic.