How to connect (via DD-WRT) to a device known by its MAC address?

networking wireless-networking router port-forwarding dd-wrt
10,688

As mentioned previously, the issue appears to be NAT. If you wish to keep your current setup, you would have to setup port forwarding just as suggested by the manufacturer's tech support.
Note: I rearranged the order and reworded a bit based on your specified topology

SUMMARY:

1) In 'Wireless router' (192.168.1.1) main page, we need to find the router's 'WAN IP' (Top right corner), which should be something like 192.168.3.x.
2) In 'Wireless router' (192.168.1.1) config page, we need to port forward the incoming request to the camera's IP/Port.
3) (For access from internet) In 'Wired router' (192.168.3.1) config page, we need to port forward the incoming request to the 'Wireless router' (192.168.3.1) WAN IP 192.168.3.x and the port we've chosen in step 1.

IMPLEMENTATION:
Assuming routers are DD-WRT

  1. On your 'Wireless router' go to the main page and check what it shows for the 'WAN IP.' This should be in the upper right corner underneath 'Firmware' and 'Time.' It should be in the 192.168.3.x network. For this I'm assuming 192.168.3.30 based on your IPTABLES output. Be sure to change this if it is no longer this address.

  2. On your 'Wireless router' go to NAT/QoS tab -> Port Forwarding sub tab

    • Application: IPCam

      This is any name you want. Only used by you to identify different port forwards.

    • Port from: 7779

      This is the incoming connection port.
      This can be whatever you want. It is the port we will use to connect to the IP Cam from ANYTHING NOT connected to the 'Wireless router' so that means any device connected to the 'Wired router' and for simplicity anything connecting from the internet.

    • Protocol: Both

      This is the protocol that will be forwarded. I don't know which your IP Cam is using so I specified both

    • IP Address: 192.168.1.32

      This is the address we are forwarding this request to. In our case we want to forward to the IP Cam.

    • Port to: 7779

      This is the port which we want to forward to. For your IP Cam you say it is 7779 so that is what we put here.

    • Enable: Checked

      This MUST be checked otherwise the port forward will be disabled.

  3. (For access from the internet)
    On your 'Wired router' go to NAT/QoS tab -> Port Forwarding sub tab

    • Application: IPCam

    • Port from: 7779

      This is the incoming connection port FROM THE INTERNET.
      This can be whatever you want but again for simplicity we will use the same port as the IP Cam.

    • Protocol: Both

    • IP Address: 192.168.3.30

      This is the address we are forwarding this request to. In our case we want to forward the internet request to the 'Wireless router' so that it can then forward the request to the IP Cam.

    • Port to: 7779

      This is the port which we want to forward to. For the previous port forward we used 7779 (Port from) so that is what we put here.

    • Enable: Checked

Again this would be much simpler if you just disabled DHCP on your 'Wireless router' and didn't use the WAN port on that router and only used the switch ports and the WiFi.

Share:
10,688

Related videos on Youtube

ususer
Author by

ususer

Updated on September 18, 2022

Comments

  • ususer
    ususer over 1 year

    This question might seem odd at first, because the answer may look trivial: "Either assign a static IP address to it or just DHCP it."

    Well... this challenge turns out to be not so simple:

    The device in question is an "IP camera", accessible (at least theoretically) via both an Ethernet cable and WiFi.

    Accessing the camera via Ethernet is straightforward and works without any problem, after setting it up per the instructions:

    Device Name:           IPCamera  
DHCP                   [No]  
IP Address:            192.168.3.27   
Net Mask:              255.255.255.0
Default Gateway:       192.168.3.1  
DNS Server:            8.8.8.8  
Web Port (default 80): 7779

    And then I can access it via: http://192.168.3.27:7779/video/liveie.asp#

    Through that web interface I can also configure its WiFi, which means I can only tell it which of the available nearby WiFi networks to connect to, but I cannot tell which IP address it is assigned or other IP related parameters.

    I know that the WiFi connection works because when I set it to send email upon motion detection, it sends the email fine across the Internet, even when the Ethernet cable is disconnected.

    However, both the device and the software that came with it require rebooting, resetting and recofniguration from time to time and since the optimal placement of that camera isn't where an RJ45 jack is available, I would like to be able to access the device's web interface via WiFi.

    Well... for some strange reason, I could not find anywhere what IP address is assigned to its WiFi interface as a DHCP client of my DD-WRT router. I therefore went to my DD-WRT router's 'Services' > 'Services' tab and added the camera's MAC address under the 'Static Leases' section. That essentially forced a static IP address of 192.168.1.32.

    So now the topology of my network looks like this:

    ISP-----Wired router (192.168.3.1)--+--LAN-----------------------------+-- My PC (192.168.3.7)   
                                    |                                  |                          
                                    |                                  +  IP Camera (192.168.3.27)
                                    |
                                    |
                                    |
                                    +-- Wireless router (192.168.1.1)--+-- My PC (192.168.1.29)
                                                                       |
                                                                       +  IP Camera (192.168.1.32)

    I then tried to access the camera through its WiFi IP address (192.168.1.32) but I have not been successful so far. I tried http://192.168.1.32:7779/video/liveie.asp#

    To further diagnose why I am unsuccessful to access the camera via WiFi (even though the manufacturer says it can be accessible from the Internet using DDNS + port forwarding), I telneted into my router and tried to ping it from there. No response.

    This is weird, because the router's web interface lists the assigned static IP address as not having any problems.

    So, while still telneted to my router, I issued the netstat -a command, which resulted in:

    Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:www             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:domain          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5431            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:telnet          0.0.0.0:*               LISTEN
tcp        0      0 192.168.3.30:www       192.168.3.7:33755      TIME_WAIT
tcp        0      0 192.168.3.30:www       192.168.3.7:33753      TIME_WAIT
tcp        0    132 192.168.3.30:telnet    192.168.3.7:33097      ESTABLISHED
tcp        0      0 my-ddwrt:5431            mypc:32847           ESTABLISHED
tcp        0      0 192.168.3.30:www       192.168.3.7:33758      TIME_WAIT
tcp        0      0 192.168.3.30:www       192.168.3.7:33776      TIME_WAIT
tcp        0      0 my-ddwrt:5431            mypc:33000           ESTABLISHED
udp        0      0 localhost:34954         0.0.0.0:*
udp        0      0 0.0.0.0:domain          0.0.0.0:*
udp        0      0 0.0.0.0:bootps          0.0.0.0:*
udp        0      0 0.0.0.0:upnp            0.0.0.0:*
raw        0      0 0.0.0.0:255             0.0.0.0:*               7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                       601

    Interestingly, all the IP addresses listed by netstat are of the wired Ethernet interface. There is no reference to any WiFi address (192.168.1.x) as if the WiFi interface doesn't exist (I know it does! see earlier description on email alarm etc.)

    And this is despite having configured a bridge between vlan0 and eth1 on this WiFi router.

    But using arp -a, I can see both interfaces:

    android_72c5e473c08d1ab4 (192.168.1.2) at 44:A7:CF:47:C8:37 [ether]  on br0
? (192.168.3.7)                        at 00:0F:B0:C8:91:72 [ether]  on vlan1
? (192.168.1.3)                        at D0:17:6A:5A:B2:8F [ether]  on br0
mypc (192.168.1.29)                    at 00:13:02:20:43:AD [ether]  on br0
wiredrouter (192.168.3.1)              at 00:1C:10:4F:B3:27 [ether]  on vlan1

    So, as it seems now, the IP camera is assigned a valid (static) IP address by the router, but I have not been able to ping, SSH, telnet or http it.

    The manufacturer's tech support says that what I am trying to accomplish is supported but couldn't provide clear instructions on how I can do that. He initially offered to connect via DDNS but at this point I am only interested in internal access, so the only instructions he could provide was:

    In router 192.168.1.1's page, we need do port forwarding with camera's IP and camera's port.
In router 192.168.1.1's page, we need find the router's external IP which should be 192.168.3.x.
In router 192.168.3.1's page, we need do port forwarding with router's 192.168.1.1's external IP 192.168.3.x and camera's port, not use camera's IP.

    Any idea what this means?

    How can I further diagnose and accomplish web interface access through WiFi?

    Update: Per a comment advice below, I ran iptables -t -nat -n -L in my-ddwrt WiFi router and this is the output:

    root@my-ddwrt:~# iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       icmp --  0.0.0.0/0            192.168.3.30       to:192.168.1.1
TRIGGER    0    --  0.0.0.0/0            192.168.3.30       TRIGGER type:dnat match:0 relate:0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  0   --  0.0.0.0/0            0.0.0.0/0
RETURN     0    --  0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast

MASQUERADE  0   --  192.168.0.0/16       192.168.0.0/16

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

    My DD-WRT router does not support the tcpdump command.

    • Tero Kilkanen
      Tero Kilkanen about 10 years
      Have you tried to reboot the IP Camera? It might have got confused if the camera's IP address changed when you assigned a static IP for it. Next step would be a factory reset for the camera.
    • ususer
      ususer about 10 years
      @TeroKilkanen Yes I did. What confuses me is that DD-WRT shows the static lease properly but in all other respects that device is non-existent, yet it can send email to the Internet via WiFi. What am I missing? Thanks.
    • Tero Kilkanen
      Tero Kilkanen about 10 years
      Can you check DD-WRT iptables counters for NAT rules when the camera sends E-Mail? Can you run tcpdump on the DD-WRT device to see what traffic comes from the MAC address?
    • Ramhound
      Ramhound about 10 years
      You can't. The MAC address isn't guaranteed to be unique even though it likely is
    • ususer
      ususer about 10 years
      @TeroKilkanen I ran iptables -t -nat -n -L before and after and email was sent by the camera. The result is identical (see update above). tcpdump isn't available on this DD-WRT router.
    • ususer
      ususer about 10 years
      @TeroKilkanen I can confirm that indeed the MAC addresses for both the wired and the WiFi interfaces of the camera are indeed unique, known, and stable across reboots over months.
    • Tero Kilkanen
      Tero Kilkanen about 10 years
      From which router did you get that netstat -a listing? If it is from the wired one, then it won't see any .3.x addresses if your wireless router is doing NAT. NAT seems likely because the routers have different subnets.
    • Tero Kilkanen
      Tero Kilkanen about 10 years
      I figured out the netstat -a listing now. What exactly is vlan0 interface referred to in this sentence: "And this is despite having configured a bridge between vlan0 and eth1 on this WiFi router." ?
    • ususer
      ususer about 10 years
      Answering your earlier question: Everything (including netstat -a) refers to the wireless router. vlan0 is the WAN interface, eth1 is the Ethernet (LAN cable), wl0 is the WiFi interface. This is standard DD-WRT naming convention.
    • jet
      jet almost 10 years
      how about if you scan the network with nmap -sP 192.168.1.*
  • ususer
    ususer about 10 years
    Thanks but the problem has nothing to do with the topology: All I want is access the camera from the same wireless router to which it is connected, all wirelessly. For the purpose of this troubleshooting, you can assume that the wireless router is not connected to the Internet (or the LAN) and all I am trying to do is access the camera from mypc, both connected through their WiFi interfaces only. I believe it is a port forwarding problem, but I have no idea what to do in this regard. That is, port forwarding from where? To where?
  • Tero Kilkanen
    Tero Kilkanen about 10 years
    Port forwarding is only useful if you need to connect to a server behind NAT. This applies for example if you want to connect to your camera from the Internet. Port forwarding isn't the problem / solution in this case, since your PC and Camera are in the same subnet.
  • ususer
    ususer about 10 years
    You are right. This is why I am so baffled by this problem. The DD-WRT WiFi router shows the camera as statically leased but other than that there is no sign that this is registered elsewhere in the router. It's possible that the the camera is "un-ping-able" but then how could one verify its existence. Something is very strange in this camera's WiFi interface.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

My repeater is not letting me port forward
D-Link DIR-615 bricked. Power led stays orange, can't get into emergency flash mode
Wan IP shown by router is different that public IP [Port Forwarding]
Back to original firmware on TP Link WR2543ND
Running a DHCP Server on DD-WRT in "Repeater Bridge" mode?
How to fix Wrong firmware installed on router
Cannot connect to my own mumble server using external ip
Need Mobile Broadband with Port Forwarding
Why can't I install DD-WRT on a DLINK DIR 600 A1?
Cannot Access Web GUI after changing to Router mode DD-WRT