Can I just block cameras from net?

CJ133

Getting the hang of it
Joined
Jul 18, 2019
Messages
83
Reaction score
50
Location
NJ USA
Hi all,

I apologise if this has been talked about but I'm wondering if it would be safe to connect my ip cameras and blue iris machine to my wifi router and just block their ips in the router from internet access?

Primarily I want to be able to access them from wifi in the house on phones / tablets. Right now I have 6 Dahua poe cameras running on a blue iris machine without a router. I didn't bother going further than that because I knew that way was safe and I left it at that.

They would keep their static IPs of course.
 

biggen

Known around here
Joined
May 6, 2018
Messages
2,539
Reaction score
2,765
Access into your LAN from the internet should already be blocked by default by your router/firewall. You don’t have to do anything.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,544
Location
USA
You would be better served getting another network card and going the dual NIC route - can get for like 20 bucks. This would let you see your cameras but not run the camera data through the router except when viewing. Except for high end routers, most are not made to pass through heavy data hog continuous streaming of video cameras 24/7.
 

CJ133

Getting the hang of it
Joined
Jul 18, 2019
Messages
83
Reaction score
50
Location
NJ USA
Your IP cams are connected to a POE switch and then to the BI PC and NOT directly to the wireless router, correct?

EDIT: @wittaj is quicker than me. :cool:

Currently yes.
I would just be connecting the poe switch to the router. Would the data even pass thru the router to get to the BI pc?
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
Have a look at this thread -

VPN Information Thread

There is also a whole section regarding securing your network in the Cliff Notes, inside the Wiki in the blue bar at the top of the page.

Do not connect the switch to the router. Connect the PC to the switch and a port of the switch to the router. ISP style routers normally can't handle the amount of data on a video surveillance system.
 
Joined
Aug 8, 2018
Messages
7,386
Reaction score
25,889
Location
Spring, Texas
This is by far the easiest and safest way to do what you want. Since your BI PC is on both sub-nets, you can access the BI PC from any client, including WIFI on your main LAN sub-net. There really is no reason to want to be able to log directly in to a cam from a WIFI client on your main LAN. Logging directly in to a cam (via web GUI) is rarely needed. I have several cams that I have not done web GUI access for over two years. No need. If you do actually need to log in via web GUI for some reason, just do it from a PC that is on both sub-nets.

Network Topology 4.JPG
 

Flintstone61

Known around here
Joined
Feb 4, 2020
Messages
6,587
Reaction score
10,894
Location
Minnesota USA
I saved your diagram. I'm a basic user, but I'm thinkin i might do this. BI PC is not on the net. If i run a USB wifi adapter on a 10 foot extension, cord I can download a file ( slowly). I barely get an Xfinity wifi signal. If the person using the Comcast rental router ever gets smart....and gets a different modem,,,,I'm totally offline.
But If I ever get to the point of of Offsite monitoring, I'd want that setup.
 

CJ133

Getting the hang of it
Joined
Jul 18, 2019
Messages
83
Reaction score
50
Location
NJ USA
Hi all,

I've got a question before I plug this into my main network. I've read about not updating windows 10 drivers automatically etc but what about windows updates? How is everyone handling those?

I would rather the system not update and restart all of the time but I also don't like having a system that's not current connected to the internet.

Also do my cameras have to be on a different subnet than the main network if I'm running two nics to stay isolated?
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,428
Reaction score
47,544
Location
USA
Most here do not use the BI computer for anything but Blue Iris, so we turn off all windows updates. You can keep the virus scanner up to date though. Windows updates have been known to mess up a BI system running fine...usually the drivers, but sometimes the update messes something.

Yes, the cameras should be a different IP address range than the home internet. For example 192.168.100.XXX for the cameras and 172.16.100.XXX for home network.
 
Joined
Aug 8, 2018
Messages
7,386
Reaction score
25,889
Location
Spring, Texas
I allow Win10 updates. But they get downloaded and do not install until I OK it. I only use the BI PC for BI and the time server, but it is connected to my main LAN, and therefore the internet, via one of the two NICs. I do access the internet at times with that PC as in when I am working an issue on BI/Cams and need info.

I have never had an issue with the updates causing issues. However, I do not have WIN10 updating drivers.
 

Dreamscape

n3wb
Joined
Feb 11, 2021
Messages
22
Reaction score
8
Location
USA
Could you put in a firewall rules that denies all traffic to and from your BI LAN NIC? Or just allow traffic on the ports required for Windows Updates? I like the idea of keeping the box up to date, but don't want it to be able to communicate with the outside unless I want it to. Trying to figure out how to setup a similar to this.
 
Top