Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...


Warning

Camera support has been dropped as EoL with Site Controller version 3.0


IP cameras are configured using the web interface. In some cases it may be necessary to access remotely the cameras, through an OpenVPN connection installed on a gateway running Ubuntu 16.06. This article will describe how to configure the Ubuntu Gateway so all the necessary ports are forwarded (NAT) to the camera and the camera's web interface can be reached through the VPN

Step-by-step guide

    1. Login to the gatewat and get to the Linux Shell. Go to root mode (sudo su).
    2. Modify the /etc/sysctl.conf file:

      1. Edit the sysctl.conf 

        Code Block
        languagebash
        root@user-desktop:/home/user# vi /etc/sysctl.conf


      2. Add or uncomment this parameter 

        Code Block
        net.ipv4.ip_forward=1 


        Info

        This change will come into effect after the next reboot. To make it have immediate effect execute this command:

        Code Block
        sysctl -w net.ipv4.ip_forward=1



...

  1. Put the following commands on the shell. Replace the IP with the correct IP from the camera to be accessed.

    Code Block
    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 554 -j DNAT  --to-destination 172.16.53.101:554
    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 1024 -j DNAT  --to-destination 172.16.53.101:1024
    iptables -t nat -A PREROUTING -i tun0 -p udp --dport 1024 -j DNAT  --to-destination 172.16.53.101:1024
    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT  --to-destination 172.16.53.101:80
    iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 554 -j ACCEPT
    iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 1024 -j ACCEPT
    iptables -A FORWARD -p udp -d 172.16.53.101 --dport 1024 -j ACCEPT
    iptables -A FORWARD -p tcp -d 172.16.53.101 --dport 80 -j ACCEPT
    iptables -t nat -A POSTROUTING -j MASQUERADE


  2. Check the NAT table with the following command

    Code Block
    iptables -t nat -L -n -v
    Code Block
    languagebash
    root@Router:~$iptables -t nat -L -n -v
    Chain PREROUTING (policy ACCEPT 13 packets, 1809 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 DNAT       tcp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:554 to:172.16.53.101:554
        0     0 DNAT       tcp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1024 to:172.16.53.101:1024
        0     0 DNAT       udp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:1024 to:172.16.53.101:1024
        0     0 DNAT       tcp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.16.53.101:80
    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0


  3. Once than that, the access the camera with the web browser, using the VPN IP from the router
  4. After the camera configuration is done, it is convinient to delete the NAT routes from the router. To do so paste the following commands (again, replace the IP with the one of the camera)

    Code Block
    iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 554 -j DNAT  --to-destination 172.16.53.101:554
    iptables -t nat -D PREROUTING -i tun0 -p tcp
    --dport 1024 -j DNAT  --to-destination 172.16.53.101:1024
    iptables -t nat -D PREROUTING -i tun0 -p udp --dport 1024 -j DNAT  --to-destination 172.16.53.101:1024
    iptables -t nat -D PREROUTING -i tun0 -p tcp --dport 80 -j DNAT  --to-destination 172.16.53.101:80


  5. Check again that the NAT table is correct

    Code Block
    languagebash
    root@Router:~$iptables -t nat -L -n -v
    Chain PREROUTING (policy ACCEPT 7 packets, 1286 bytes)
     pkts bytes target     prot opt in     out     source               destination
    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
        2   120 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    
    

...


Filter by label (Content by label)
showLabelsfalse
max5
spacesSOD
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ( "cameras" , "kb-troubleshooting-article" , "cisco" ) and type = "page" and space = "SOD"
labelscisco cameras kb-troubleshooting-article

...