dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
481
share rss forum feed


allhvac

@rr.com

USG 50 routing help needed - DVR

We replaced a Lynksys RWL200 with a ZyWall USG50. We've got a security DVR in the office which we need to make accessible from anywhere on the internet. We don't have a static IP, but we're using DynDNS, which gives us an address to access it. The only tricky part is the DVR wants to be on port 80, but we need that so workers can log in for the SSL VPN, so I need to shift it to 8080. To do this, I've got NAT set up as a virtual server, with Wan1 as the incoming interface, original IP set to "any", mapped IP is set to the address of the DVR, port mapping is "service", and the original service (named DVR-out, TCP 8080) and mapped service (named DVR-in, TCP 80). With this, if I log in using the DynDNS domain name on port 8080, I get the DVR log in screen, so it seems to be doing the routing correctly. However, when it attempts to log in, I get a "failed to connect" message. Firewall should be set to allow connections through it, near as I can tell. Any ideas?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
So basically you have got the NAT squared away, looks like what I would have done.
You now need to create the associate FW rule for port 80 to the DVR.


allhvac

@rr.com
Think I've got that (2 actually).
One from LAN1 to WAN, with service set to DVR-out (TCP=8080)
Another from WAN to LAN1 with service set to DVR-in (TCP=80)
At the moment both source and destination are set to "any", should I change these to "DVR" (which is set to the IP address of the DVR?
Or is there another way I should be doing this? Thanks...


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to allhvac
Hmm dont see why you need a LAN to WAN rule unless you have created a block all traffic rule (by default I believe LAN to WAN traffic is permitted-allowed).

For now disable that lan to wan rule.

As for the Wan to LAN rule yes make it specific to that service on the specific IP address of the DVR on the LAN. (Source is any, destination is the DVR IP on the LAN)
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

phayze

join:2013-09-17
singapore
reply to allhvac
I think you need to forward the dvr video streaming port also. My dlink ipcam need port 554 to be open in order to watch the camera video.