Network Security Primer
- Thread starter nayr
- Start date
This looks to be an older post, but I've seen the original post referenced a couple of times, so I will ask here.
I've got a Synology rt2600ac router and am running VPN w/ openvpn on my synology diskstation. Working great. My question is about setting up the firewall to stop all attempts outside of my LAN to access the camera (IPC-HDW2231R-ZS). I've created a rule that looks like this:
Protocol - tcp/udp
Source IP - all.
Source Port - all.
Destination IP - 192.168.1.xxx (the static IP address I've assigned to my ip camera)
Destination Port - all
Action - Deny.
Firewall rules are still a little fuzzy to me. I can get back in to the camera setup/settings by typing in the static local IP address in to IE (w/ the plug in installed). Is the Source IP just known to mean all EXTERNAL ip address? Is the Destination IP address the way I should do it (i.e. - the local static ip of my camera)? Kind of wondering why this is necessary too since I would think that the router wouldn't let this kind of traffic through its active firewall anyways. Yes, firewall rules are still fuzzy too me.
I plan to keep my cameras in a certain range so then I can switch the destination IP address to a range. I don't think my router can do a vlan, although sounds like a great idea. I would probably have one for all my "smart" home devices and then one for ip cameras and then one for all normal laptops/apple tv, etc.
I've got a Synology rt2600ac router and am running VPN w/ openvpn on my synology diskstation. Working great. My question is about setting up the firewall to stop all attempts outside of my LAN to access the camera (IPC-HDW2231R-ZS). I've created a rule that looks like this:
Protocol - tcp/udp
Source IP - all.
Source Port - all.
Destination IP - 192.168.1.xxx (the static IP address I've assigned to my ip camera)
Destination Port - all
Action - Deny.
Firewall rules are still a little fuzzy to me. I can get back in to the camera setup/settings by typing in the static local IP address in to IE (w/ the plug in installed). Is the Source IP just known to mean all EXTERNAL ip address? Is the Destination IP address the way I should do it (i.e. - the local static ip of my camera)? Kind of wondering why this is necessary too since I would think that the router wouldn't let this kind of traffic through its active firewall anyways. Yes, firewall rules are still fuzzy too me.
I plan to keep my cameras in a certain range so then I can switch the destination IP address to a range. I don't think my router can do a vlan, although sounds like a great idea. I would probably have one for all my "smart" home devices and then one for ip cameras and then one for all normal laptops/apple tv, etc.
alastairstevenson
Staff member
The firewall on the router?
Presumably the default inbound rule is 'deny all' anyway?
And you will have added a single narrow exception for the inbound VPN port/protocol to the DiskStation.
And assuming you don't have UPnP enable on the router, which allows the rules to be messed with by devices on the LAN.
disabled UPnP on router, and, yes, narrow exception for vpn port to DS.
For firewall, I'm referencing step 7 on page 43 of the cliff notes, which is Dahua Camera Initial Setup:
7. Establish Firewall Rules
Establish firewall rules in the router to prevent the camera from accessing the internet via the MAC address recorded in step 6. Each router will differ in the specific instructions, so use Google.
For firewall, I'm referencing step 7 on page 43 of the cliff notes, which is Dahua Camera Initial Setup:
7. Establish Firewall Rules
Establish firewall rules in the router to prevent the camera from accessing the internet via the MAC address recorded in step 6. Each router will differ in the specific instructions, so use Google.
alastairstevenson
Staff member
Ok, that's an outbound rule, blocking access to the internet.
I interpreted your example as an inbound rule.
I interpreted your example as an inbound rule.
