Menu
What's new

Network Questions

C

Chapin

Getting comfortable
Joined
Oct 5, 2017
Messages
148
Reaction score
28
I'm setting up a network for a Dahua NVR and Cameras I just ordered.

I've read these excellent threads a few times each.
VPN Primer for Noobs
Network Security Primer

I've got a capable router and the ability to set it up and configure it. I think setting up a vlan for the cams/NVR and setting a VPN for remote access should be pretty straight forward.

I do have a few questions that I am not sure about.

The camera/NVR vlan should not have access to the internet. Is this best set up by setting a bogus gateway in the cams and NVR?

Or, is it ok to let them have access, just not open ports for them?

How does the NVR send push notifications and email if it is on an isolated vlan?

How do I access cams and NVR from my PC on the main vlan? Do I open ports between the vlans for this? If so, which ports? Should I dual nic the PC?

The NVR I ordered has dual nics. Is there ever a situation that I should use both? Perhaps one on each vlan, or will this weaken the security of having the devices on a isolated vlan?

Thanks in advance and sorry if I missed or didn't understand this from my research and reading. There's a lot of great information and folks here.
 
Last edited:
mat200

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,940
Reaction score
23,244
Chapin said:
I'm setting up a network for a Dahua NVR and Cameras I just ordered.

I've read these excellent threads a few times each.
VPN Primer for Noobs
Network Security Primer

I've got a capable router and the ability to set it up and configure it. I think setting up a vlan for the cams/NVR and setting a VPN for remote access should be pretty straight forward.

I do have a few questions that I am not sure about.

The camera/NVR vlan should not have access to the internet. Is this best set up by setting a bogus gateway in the cams and NVR?

Or, is it ok to let them have access, just not open ports for them?

How does the NVR send push notifications and email if it is on an isolated vlan?

How do I access cams and NVR from my PC on the main vlan? Do I open ports between the vlans for this? If so, which ports? Should I dual nic the PC?

The NVR I ordered has dual nics. Is there ever a situation that I should use both? Perhaps one on each vlan, or will this weaken the security of having the devices on a isolated vlan?

Thanks in advance and sorry if I missed or didn't understand this from my research and reading. There's a lot of great information and folks here.
Click to expand...
Hi Chapin,

I'll give you a generic answer.

You can use the vlan to isolate the security camera network. If you want to have access to the security camera network from the "normal lan" network which allows access to the internet, you can add another router which has good firewall rules and put the security camera network on the LAN side of that and your other "normal lan" network on the WAN side of the router.

Then you can make firewall rules that allow traffic from certain ports and certain IPs/MAC addresses to access the security camera network.

It gets a little tricky, but works well once you've configured it - and yes it is still possible to have a virus or hacker reach your cameras - but harder for them to do so.
 
C

Chapin

Getting comfortable
Joined
Oct 5, 2017
Messages
148
Reaction score
28
Thanks. So, the cam network would be double nat'd, through two firewalls?

How would email and push notifications work from the cam network?

It seems that maybe dual nic on my PC might be a good solution.

I think I can also open ports between vlans, which would be similar, I think, to opening ports through a firewall.

Is the best way to have the cameras not reach the outside to set them up with static IP and a bogus gateway?
 
You must log in or register to reply here.
Top