How to connect (via DD-WRT) to a device known by its MAC address?
As mentioned previously, the issue appears to be NAT.
If you wish to keep your current setup, you would have to setup port forwarding just as suggested by the manufacturer's tech support.
Note: I rearranged the order and reworded a bit based on your specified topology
SUMMARY:
1) In 'Wireless router' (192.168.1.1) main page, we need to find the router's 'WAN IP' (Top right corner), which should be something like 192.168.3.x.
2) In 'Wireless router' (192.168.1.1) config page, we need to port forward the incoming request to the camera's IP/Port.
3) (For access from internet) In 'Wired router' (192.168.3.1) config page, we need to port forward the incoming request to the 'Wireless router' (192.168.3.1) WAN IP 192.168.3.x and the port we've chosen in step 1.
IMPLEMENTATION:
Assuming routers are DD-WRT
On your 'Wireless router' go to the main page and check what it shows for the 'WAN IP.' This should be in the upper right corner underneath 'Firmware' and 'Time.' It should be in the 192.168.3.x network. For this I'm assuming 192.168.3.30 based on your IPTABLES output. Be sure to change this if it is no longer this address.
On your 'Wireless router' go to NAT/QoS tab -> Port Forwarding sub tab
Application: IPCam
This is any name you want. Only used by you to identify different port forwards.
Port from: 7779
This is the incoming connection port.
This can be whatever you want. It is the port we will use to connect to the IP Cam from ANYTHING NOT connected to the 'Wireless router' so that means any device connected to the 'Wired router' and for simplicity anything connecting from the internet.Protocol: Both
This is the protocol that will be forwarded. I don't know which your IP Cam is using so I specified both
IP Address: 192.168.1.32
This is the address we are forwarding this request to. In our case we want to forward to the IP Cam.
Port to: 7779
This is the port which we want to forward to. For your IP Cam you say it is 7779 so that is what we put here.
Enable: Checked
This MUST be checked otherwise the port forward will be disabled.
(For access from the internet)
On your 'Wired router' go to NAT/QoS tab -> Port Forwarding sub tabApplication: IPCam
Port from: 7779
This is the incoming connection port FROM THE INTERNET.
This can be whatever you want but again for simplicity we will use the same port as the IP Cam.Protocol: Both
IP Address: 192.168.3.30
This is the address we are forwarding this request to. In our case we want to forward the internet request to the 'Wireless router' so that it can then forward the request to the IP Cam.
Port to: 7779
This is the port which we want to forward to. For the previous port forward we used 7779 (Port from) so that is what we put here.
Enable: Checked
Again this would be much simpler if you just disabled DHCP on your 'Wireless router' and didn't use the WAN port on that router and only used the switch ports and the WiFi.
Related videos on Youtube
ususer
Updated on September 18, 2022Comments
-
ususer over 1 year
This question might seem odd at first, because the answer may look trivial: "Either assign a static IP address to it or just DHCP it."
Well... this challenge turns out to be not so simple:
The device in question is an "IP camera", accessible (at least theoretically) via both an Ethernet cable and WiFi.
Accessing the camera via Ethernet is straightforward and works without any problem, after setting it up per the instructions:
Device Name: IPCamera DHCP [No] IP Address: 192.168.3.27 Net Mask: 255.255.255.0 Default Gateway: 192.168.3.1 DNS Server: 8.8.8.8 Web Port (default 80): 7779
And then I can access it via:
http://192.168.3.27:7779/video/liveie.asp#
Through that web interface I can also configure its WiFi, which means I can only tell it which of the available nearby WiFi networks to connect to, but I cannot tell which IP address it is assigned or other IP related parameters.
I know that the WiFi connection works because when I set it to send email upon motion detection, it sends the email fine across the Internet, even when the Ethernet cable is disconnected.
However, both the device and the software that came with it require rebooting, resetting and recofniguration from time to time and since the optimal placement of that camera isn't where an RJ45 jack is available, I would like to be able to access the device's web interface via WiFi.
Well... for some strange reason, I could not find anywhere what IP address is assigned to its WiFi interface as a DHCP client of my DD-WRT router. I therefore went to my DD-WRT router's 'Services' > 'Services' tab and added the camera's MAC address under the 'Static Leases' section. That essentially forced a static IP address of 192.168.1.32.
So now the topology of my network looks like this:
ISP-----Wired router (192.168.3.1)--+--LAN-----------------------------+-- My PC (192.168.3.7) | | | + IP Camera (192.168.3.27) | | | +-- Wireless router (192.168.1.1)--+-- My PC (192.168.1.29) | + IP Camera (192.168.1.32)
I then tried to access the camera through its WiFi IP address (192.168.1.32) but I have not been successful so far. I tried
http://192.168.1.32:7779/video/liveie.asp#
To further diagnose why I am unsuccessful to access the camera via WiFi (even though the manufacturer says it can be accessible from the Internet using DDNS + port forwarding), I telneted into my router and tried to ping it from there. No response.
This is weird, because the router's web interface lists the assigned static IP address as not having any problems.
So, while still telneted to my router, I issued the
netstat -a
command, which resulted in:Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:www 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5431 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:telnet 0.0.0.0:* LISTEN tcp 0 0 192.168.3.30:www 192.168.3.7:33755 TIME_WAIT tcp 0 0 192.168.3.30:www 192.168.3.7:33753 TIME_WAIT tcp 0 132 192.168.3.30:telnet 192.168.3.7:33097 ESTABLISHED tcp 0 0 my-ddwrt:5431 mypc:32847 ESTABLISHED tcp 0 0 192.168.3.30:www 192.168.3.7:33758 TIME_WAIT tcp 0 0 192.168.3.30:www 192.168.3.7:33776 TIME_WAIT tcp 0 0 my-ddwrt:5431 mypc:33000 ESTABLISHED udp 0 0 localhost:34954 0.0.0.0:* udp 0 0 0.0.0.0:domain 0.0.0.0:* udp 0 0 0.0.0.0:bootps 0.0.0.0:* udp 0 0 0.0.0.0:upnp 0.0.0.0:* raw 0 0 0.0.0.0:255 0.0.0.0:* 7 Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 601
Interestingly, all the IP addresses listed by netstat are of the wired Ethernet interface. There is no reference to any WiFi address (192.168.1.x) as if the WiFi interface doesn't exist (I know it does! see earlier description on email alarm etc.)
And this is despite having configured a bridge between vlan0 and eth1 on this WiFi router.
But using
arp -a
, I can see both interfaces:android_72c5e473c08d1ab4 (192.168.1.2) at 44:A7:CF:47:C8:37 [ether] on br0 ? (192.168.3.7) at 00:0F:B0:C8:91:72 [ether] on vlan1 ? (192.168.1.3) at D0:17:6A:5A:B2:8F [ether] on br0 mypc (192.168.1.29) at 00:13:02:20:43:AD [ether] on br0 wiredrouter (192.168.3.1) at 00:1C:10:4F:B3:27 [ether] on vlan1
So, as it seems now, the IP camera is assigned a valid (static) IP address by the router, but I have not been able to ping, SSH, telnet or http it.
The manufacturer's tech support says that what I am trying to accomplish is supported but couldn't provide clear instructions on how I can do that. He initially offered to connect via DDNS but at this point I am only interested in internal access, so the only instructions he could provide was:
In router 192.168.1.1's page, we need do port forwarding with camera's IP and camera's port. In router 192.168.1.1's page, we need find the router's external IP which should be 192.168.3.x. In router 192.168.3.1's page, we need do port forwarding with router's 192.168.1.1's external IP 192.168.3.x and camera's port, not use camera's IP.
Any idea what this means?
How can I further diagnose and accomplish web interface access through WiFi?
Update: Per a comment advice below, I ran
iptables -t -nat -n -L
in my-ddwrt WiFi router and this is the output:root@my-ddwrt:~# iptables -t nat -n -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT icmp -- 0.0.0.0/0 192.168.3.30 to:192.168.1.1 TRIGGER 0 -- 0.0.0.0/0 192.168.3.30 TRIGGER type:dnat match:0 relate:0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE 0 -- 0.0.0.0/0 0.0.0.0/0 RETURN 0 -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast MASQUERADE 0 -- 192.168.0.0/16 192.168.0.0/16 Chain OUTPUT (policy ACCEPT) target prot opt source destination
My DD-WRT router does not support the
tcpdump
command.-
Tero Kilkanen about 10 yearsHave you tried to reboot the IP Camera? It might have got confused if the camera's IP address changed when you assigned a static IP for it. Next step would be a factory reset for the camera.
-
ususer about 10 years@TeroKilkanen Yes I did. What confuses me is that DD-WRT shows the static lease properly but in all other respects that device is non-existent, yet it can send email to the Internet via WiFi. What am I missing? Thanks.
-
Tero Kilkanen about 10 yearsCan you check DD-WRT iptables counters for NAT rules when the camera sends E-Mail? Can you run
tcpdump
on the DD-WRT device to see what traffic comes from the MAC address? -
Ramhound about 10 yearsYou can't. The MAC address isn't guaranteed to be unique even though it likely is
-
ususer about 10 years@TeroKilkanen I ran
iptables -t -nat -n -L
before and after and email was sent by the camera. The result is identical (see update above).tcpdump
isn't available on this DD-WRT router. -
ususer about 10 years@TeroKilkanen I can confirm that indeed the MAC addresses for both the wired and the WiFi interfaces of the camera are indeed unique, known, and stable across reboots over months.
-
Tero Kilkanen about 10 yearsFrom which router did you get that
netstat -a
listing? If it is from the wired one, then it won't see any .3.x addresses if your wireless router is doing NAT. NAT seems likely because the routers have different subnets. -
Tero Kilkanen about 10 yearsI figured out the
netstat -a
listing now. What exactly isvlan0
interface referred to in this sentence: "And this is despite having configured a bridge between vlan0 and eth1 on this WiFi router." ? -
ususer about 10 yearsAnswering your earlier question: Everything (including
netstat -a
) refers to the wireless router.vlan0
is the WAN interface,eth1
is the Ethernet (LAN cable),wl0
is the WiFi interface. This is standard DD-WRT naming convention. -
jet almost 10 yearshow about if you scan the network with
nmap -sP 192.168.1.*
-
-
ususer about 10 yearsThanks but the problem has nothing to do with the topology: All I want is access the camera from the same wireless router to which it is connected, all wirelessly. For the purpose of this troubleshooting, you can assume that the wireless router is not connected to the Internet (or the LAN) and all I am trying to do is access the camera from mypc, both connected through their WiFi interfaces only. I believe it is a port forwarding problem, but I have no idea what to do in this regard. That is, port forwarding from where? To where?
-
Tero Kilkanen about 10 yearsPort forwarding is only useful if you need to connect to a server behind NAT. This applies for example if you want to connect to your camera from the Internet. Port forwarding isn't the problem / solution in this case, since your PC and Camera are in the same subnet.
-
ususer about 10 yearsYou are right. This is why I am so baffled by this problem. The DD-WRT WiFi router shows the camera as statically leased but other than that there is no sign that this is registered elsewhere in the router. It's possible that the the camera is "un-ping-able" but then how could one verify its existence. Something is very strange in this camera's WiFi interface.