How to record to NAS from IP Camera or SmartPSS (PC-NVR)?

[iseeker]

So, I've got an oem Dahua turret camera from Andy. Mounted and works with my Synology DS 718+. Works pretty well. But since I plan on adding more cameras, and since the synology does not allow the use of the IVS (it only does a basic motion detection in a specified zone) I've been testing and learning the next solutions. While I might eventually end up on BI, I'll need to build slowly.

I've downloaded SmartPSS and can see my live feed. However, when I open up PC-NVR, the only option that shows up under HDD Manager is my C drive. I could start there but I'm unsure if allocating space will wipe needed parts of my main partition. I could connect an external drive via usb and try that too. I'd really like to use my NAS though.

#1 - So, if I allocate space in PC-NVR to the main partition of my main (only) drive, will that only allocate un-used parts of the drive or am I at risk to lose data?
#2 - How can I use my synology nas through PC-NVR to allocate space?
#3 - in IP Camera > Storage > Destination -- can I use that program to save recordings to my NAS? I've tried changing the Path to NAS, and then on the NAS tab enabling the server, but is the server address my static nas IP address? And the remote directory field doesn't enable "\" in the address so how in the world would I be able to put any address there?!!

Help me

 

[catcamstar]

Help is on the way

To start: which turret you are referring to?
#1: no experience with PC-NVR, sorry
#2: what happens if you connect to a share on your Synology (eg make your D: refer to \\NAS-IP\Share). And then point PC-NVR to D: ?
#3: is in that "storage-destination" something similar as in:

If yes: you can setup FTP on your Synology and let the cam "ftp" (which stand for file transfer protocol). And your question suggests to me that this is, as a matter in fact, the case: SMB (windows file transfer) uses \, but FTP uses / (as it is linux/unix based). See the screenshot above with the remote directory example.

Hope this helps already a bit!
CC

 

[iseeker]

Help is on the way CC

Hey! some answers after the questions below:

To start: which turret you are referring to? IPC-HDW2231R-ZS

#1: no experience with PC-NVR, sorry. After some more reading seems like it would be better to enable through IP Camera anyways.

#2: what happens if you connect to a share on your Synology (eg make your D: refer to \\NAS-IP\Share). And then point PC-NVR to D: ? Right. Don't see the option on PC-NVR. Also trying on IP Camera but it does not allow "\" so I can't put it in windows address language...must use linux address. So, now I enabled NFS protocol in on my NAS (synology ds718+). in IP Camera I entered the ds718+ (my NAS) static ip address and the volume of the directory (see picture).

#3: is in that "storage-destination" something similar as in: I put in the imgur link above the picture of it.

If yes: you can setup FTP on your Synology and let the cam "ftp" (which stand for file transfer protocol). And your question suggests to me that this is, as a matter in fact, the case: SMB (windows file transfer) uses \, but FTP uses / (as it is linux/unix based). See the screenshot above with the remote directory example. I'd like to try and get the NFS server running, but could look in to FTP as well. What do most people here use? Is this all easier in BI or is it the same learning curve?

 

[catcamstar]

#2: No, don't do the \ in SmartPSS. What I suggested was this procedure: Mapping a Network Drive on Your Windows 10 PC - dummies --> you map a drive letter D: to some place in your NAS. Try to feed that D: to SmartPSS.

#3: Have a look at page 132 in http://pl.dahuasecurity.com/download/product/20180205/dahua-network-camera-web3_0-operation-manual_v1_0_2-201711025.pdf. With NFS, there are couple of caveats on whether (or not) it might (or not) work - have a look at all the NFSD parameters in Synology on DiskStation Manager - Knowledge Base | Synology Inc.. Having said that: if I was going your route, I'd try with FTP first. It has the advantage of "emergency" backup (on SD card) when transfer are not working. Plus (error) logging on FTP server is bit more verbose than debugging NFS.

Hope this helps!
CC

 

[iseeker]

I probably should change my title to "how to record on synology NAS from Dahua OEM ip camera using NFS". lol (but I'd never heard of NFS before this

Thanks for the links! I have mounted the share folder (S: drive) in windows explorer that I would save to. I'd have to mess with port forwarding I think to get the FTP working. Did this for VPN Server setup so I'm sure I could muddle through it. SmartPSS only still shows the C: drive. How is viewing files and recording organization through FTP? Is it easy to find events? What do you use to playback?

NFS Permissions: I had seen this part of the help section in DSM, but not as detailed as this post. What is the hostname of the NFS client? Does this mean the IP address of the camera? Is this to allow the ip camera access through NFS to the NAS? So, I could just put the 192.168.1.124, which is the static ip address of my Dahua ip cam? And is the DSM my nfs server or do I need a separate linux server? Sorry this part confuses me.

Hostname or IP: Enter the IP address of the NFS client which will access the shared folder. You may specify a host in three ways:

• • Single Host: The fully qualified domain name (FQDN), or an IP address.
  • Wildcards: *, *.synology.com
  • IP networks: 203.74.205.32/255.255.252.0, /24

 

[iseeker]

OK. Well, we stumbled on to something here. Used the camera ip address as the Hostname/IP. As of 5:21pm CST, I have folders showing up in my Synology shared folder. See the settings I used in the snips below. Didn't have to mess with port forwarding or firewall (should I be worried ?)


Now - how to I playback these new files?? *.DAV files. No clue.

Also - what other methods do people use to share images?

 

[catcamstar]

Congratulations, your NFS share is working well

Regarding your concern on port forwarding: you mentioned earlier you employ VPN. If you care to share your network diagram, we can formulate a sensible answer (eg is all traffic from IPC Lan tunneled site2site towards Synology NAS).

Regarding .dav files: Playback/Playback DAV File - Dahua Wiki. Converting is possible through the same player: NVR/Playback/Convert DAV - Dahua Wiki. If you happen to have a MacOS or linux, there are "simple" conversion scripts available (might even exist to run on your Synology).

Regarding "going through these files": yes, that is an issue. The PC-NVR solution might come in handy there (as it simulates a full blown hardware NVR), then you got timeline views, with colored bars (first google hit: ). But like you wrote: BI can do the job for you too. All depends on the expandability, configurability you wish to have.

Hope this helps!
CC

 

[iseeker]

@catcamstar - All very helpful. Feel like I eventually get there but it is slow going getting ramped up on this venture (ip cams) and a little "pointing in the right direction" is invaluable!

-- I was able to view clips made via NFS to the NAS with SmartPSS, but the search function felt very clunky. Maybe I am just not used to it yet.
-- The VPN server set up on my NAS is what I use to tunnel in securely from outside the house to use DS Cam and to access my router and NAS, etc. I've attached my router firewall rules. 192.168.1.124 is my ip cam on the lan. I believe I set it up to deny any traffic in or out of the camera (looking at it now, it is strange to me why I can access while on the lan since it looked like I blocked all access, buuutt, firewall rules is something I am learning now). BTW - let me know if I shouldn't be showing lan ip addresses so I can remove.

 

[catcamstar]

To start: no worries in having LAN ip's on a forum. But as a "rule of thumb", especially when working on VPN, I always suggest to change from the "defaults" 192.168.1.x and 192.168.0.x subnets to something more exotic (eg 192.168.150.x) - this to avoid overlapping when being on a wifi hotspot (or your parents for example) which is configured in the same subnet. You'll experience issues then.

Back on-topic:
- you say Synology & NAS. But I see SRM too. Do you have a Synology Router too?
- Firewall rules employ one basic "rule": and that's the ordering: if traffic comes in: first rule is applied. If valid, it stops there. If not valid, it goes more down. Which means that a "logic" way is putting the ALLOW statements (which are/have to be specific) before a general: DENY ALL statement. So basically: your last line should have that. But the port forwarding rule (which is an allow) should go higher up.
- Firewall rules are only processed on layer 3. Which means routed. If your device is already in the subnet of the cams/nas, these firewall rules are just not used. And you can access all that is available. If you want to block it, you have to block either at the endpoint (very difficult cam side, however my HFW can have a "whitelist" of ip's for access), OR you work with vlans. But that is networking 901 instead of 101.
- lastly: your portforwarding rule (the last rule) looks clumpy to me. Normally I would expect the WAN IP there (or because the 192.168.1.8 is your SRM ip address?) Hence my first question

Hope this helps!
CC

 

[iseeker]

@catcamstar -

-- Yes, I have an rt2600ac Synology router along with my 718+ Diskstation. My first step in to NAS and non-ISP issued router.
-- Allow/Deny - I also should have shown the bottom of the firewall page, which says "If IPv4 WAN-to-SRM traffic matches no rules: [user checks] Allow or Deny". I have that checked to Deny, so I think does what you are talking about: denies all traffic from WAN through router, unless specific rule in firewall allowing. There are some additional overall allow/deny that I didn't include in the first image of my firewall settings; I've included that in this link now. ***And another edit - just noticed that my WAN to LAN rule allowed all traffic unless specific rules blocked. That is probably not good so changed to deny. However, I checked shields up with this option set at "deny" and "allow" it always said all my ports were stealth so not sure what this change does really. ***
-- Layer 3 - I should state that all these firewall rules are on my router; I do not have my firewall active on my NAS (to be honest, just didn't know how, or if necessary to have both).

• I entered the port forwarding rule in the port forward section and the router automatically had it show up in the firewall rules, and it won't let me move that rule up (others I can move).
• "If your device is already in the subnet of the cams/nas, these firewall rules are just not used." -- all devices are in the same subnet right now (considering putting some on the guest network to isolate). I understand this statement but maybe not all the ramifications or applications. You are specifically talking about the IPCamera rules, right (or any firewall rule with local ip's mentioned)? I was trying to stop any WAN traffic in or out to the camera, since I can tunnel in through a VPN Server on my NAS (VPN to NAS allowed by the port forwarding rule). But I guess the deny all rule already does this right. And to show those rules don't do anything - I can obviously access the camera from my laptops on the same lan, proving your point, I believe.
  
• Would the point above also apply to the NTP service I activated on the router for devices already on the same lan? Don't think I am using the NTP anyways as I always point to google's NTP or something (to use this I think I would just use the router ip address in other devices when it asks for the NTP address, right?)

-- VPN port forwarding rule - I have checked that this one works. If I disable the rule, and get on the cell network on my phone, I can no longer tunnel in to my VPN Server on my NAS. I use this to access the router or NAS from outside my LAN, and also to encrypt my traffic if on public wifi.

Thanks for the reply. This is really helpful. I've read a lot about firewall rules, but it has never really sunk in (yet).

 

[catcamstar]

Lots of questions, and we might go off-topic from your initial question, but as I'm in a helpful state today, I'll offer you some clues
- indeed, the "bottom line" - what to do with all else traffic - is indeed the most crucial one. Do not change that one from "deny all".
- it might seem "unnecessary" to have an (additional) firewall on your Synology, but I prefer to have double security than "trusting" in good faith. You might have heard of botnet, where IoT devices (or even NAS) get hacked, and start eating up your network. Not fun, and as I wrote earlier: intranet (LAN) access is already difficult to grab in firewall rules through a router (LAN traffic flies past "customs", like in Shengen-Europe), but end-point firewall (like on your NAS Synology) might prevent bits of additional security). That's why some "advanced network peeps" are using VLANs (virtual LANs). It's like having complete seperate (physical) networks, but then on the same wire. The main advantage: you can have a "standalone" IPC network, a "standalone" kids network, a "standalone" TV network, and a "stand alone" mom&dad network. You might wonder why, but I prefer to "ALLOW" (cfr the firewall rules) specifics rather deny all: in my network, I can access ALL cams, but only specific devices can see the NVR, others can't see anything. I can, within my vlans, define who can do what, all the rest is "deny all garbage can". My fridge can NEVER EVER connect to my NAS. Ever. If you want to do that with a "flat" classic network (like yours), you have to wire it on an independant physically separated network (with proper switch/router etc). Do you need to go that far? No! Not at all, but just to explain there is much more to "discover" as your requirements go wider and deeper.
- NTP: it is a somewhat appropriated way of working to run an NTPd service on your router. I do it too. So all my devices simply connect to my main router for time updates. Again, simplification on firewall rules.

Hope this helps you out a bit more!
CC

 

[iseeker]

Alright boss. I'm going to take a few days to re-read and study this a little more. Appreciate you pointing me in the right direction.

 

[iseeker]

If you want to do that with a "flat" classic network (like yours), you have to wire it on an independent physically separated network (with proper switch/router etc).

Isn't my guest network basically a vlan? Thinking I can put my iot devices on the guest network, click the button that does not allow them access to my other devices, and basically have a vlan.

NTP: it is a somewhat appropriated way of working to run an NTPd service on your router. I do it too. So all my devices simply connect to my main router for time update

So, if I put the ip address of my router running an ntp server in the "Server" field below in the pic from my ipcam (with the right port), that would allow the IP Camera to use the NTP server on my router. If that is not right, do you see a decent post that I could follow to set this up?

NTP settings in IP Camera

• iseeker
• Apr 30, 2019
• 1

 

[catcamstar]

Isn't my guest network basically a vlan? Thinking I can put my iot devices on the guest network, click the button that does not allow them access to my other devices, and basically have a vlan.

Affirmative. But keep in mind that it might be difficult to make "exceptions" for these guest networks. For example, I have a raspberry pi which uses rest API to query one of my IoT devices. If that device would be 100% isolated, then I wouldn't be able to talk to it. Now I have one "simple" rule defining this exception on my core network router, and I can hop from one vlan to another.

So, if I put the ip address of my router running an ntp server in the "Server" field below in the pic from my ipcam (with the right port), that would allow the IP Camera to use the NTP server on my router. If that is not right, do you see a decent post that I could follow to set this up?

NTP settings in IP Camera

• iseeker
• Apr 30, 2019
• 1

Affirmative: as long as your router has NTPd running on port 123, you're good to go. Best is to try on your desktop/laptop if it is running (cfr 1st tutorial in google: Managing time servers on Windows 10)

Good luck!
CC