Axis cameras IP cameras are configured using the web interface. In some cases it may be necessary to access remotely the cameras, through an OpenVPN connection installed on a gateway running Ubuntu 16.06. This article will describe how to configure the Ubuntu Gateway so all the necessary ports are forwarded (NAT) to the camera and the camera's web interface can be reached through the VPN
Step-by-step guide
- Login to the gatewat and get to the Linux Shell. Go to root mode (sudo su).
Modify the /etc/sysctl.conf file:
Edit the sysctl.conf
Code Block language bash root@user-desktop:/home/user# vi /etc/sysctl.conf
Add or uncomment this parameter
Code Block net.ipv4.ip_forward=1
Info This change will come into effect after the next reboot. To make it have immediate effect execute this command:
Code Block sysctl -w net.ipv4.ip_forward=1
...
Put the following commands on the shell. Replace the IP with the correct IP from the camera to be accessed.
Code Block iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 554 -j DNAT --to-destination 172.16.53.101:554 iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 1024 -j DNAT --to-destination 172.16.53.101:1024 iptables -t nat -A PREROUTING -i tun0 -p udp --dport 1024 -j DNAT --to-destination 172.16.53.101:1024 iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 172.16.53.101:80 iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 554 -j ACCEPT iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 1024 -j ACCEPT iptables -A FORWARD -p udp -d 172.16.53.101 --dport 1024 -j ACCEPT iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 80 -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE
Check the NAT table with the following command
Code Block iptables -t nat -L -n -vCode Block language bash root@Router:~$iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 13 packets, 1809 bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:554 to:172.16.53.101:554 0 0 DNAT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1024 to:172.16.53.101:1024 0 0 DNAT udp -- tun0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:1024 to:172.16.53.101:1024 0 0 DNAT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.16.53.101:80 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
- Once than that, the access the camera with the web browser, using the VPN IP from the router
After the camera configuration is done, it is convinient to delete the NAT routes from the router. To do so paste the following commands (again, replace the IP with the one of the camera)
Code Block iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 554 -j DNAT --to-destination 172.16.53.101:554 iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 1024 -j DNAT --to-destination 172.16.53.101:1024 iptables -t nat -D PREROUTING -i tun0 -p udp --dport 1024 -j DNAT --to-destination 172.16.53.101:1024 iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 172.16.53.101:80Check again that the NAT table is correct
Code Block language bash root@Router:~$iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 7 packets, 1286 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 120 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
...
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...