Hey all, I’m having some trouble with a PFsense firewall and a LUMA NVR.
Here’s the whole story, about 3 months ago, we put in new network equipment, pfsense router, unifi 24 port poe switch and a unifi AP. When I did the installation I added the port forwards that were in the old router to pfsense(turns out they were for the old cameras and were not needed) and put them on their own VLAN(30). Everything was working great, we were able to access the cameras normally. A few weeks ago spectrum came in to upgrade the internet connection and tried to set the ip to static, well they royally screwed everything up and my client was completely down. After fighting to get the switch and firewall communicating for a while I decided to set pfsense back to default and build out the network again and remove the spectrum router(went back to dhcp). ever since about that time we have had issues connecting to the cameras outside of the network. We had the camera guy come today and he is blaming our firewall, they say no ports need to be open. I have tried opening the old ports back up(I know I know but im at that point), I have tried opening port 8000, 80, and 554 which I found in Luma’s documentation. I have tried all different NAT settings and changing the firewall optimizations, and even turning off all packet filtering to no avail. Luma and the company that installed it is basically no help as it seems the problem is on our end. Out of frustration and after changing many settings troubleshooting, I decided to set pfsense back to defaults again of course this didn’t help. I did have a cheap home router with me onsite and when I hook that router to the modem and hooked the cameras up to that they work, no port forwards just plan basic router. There must be something im missing, I’m willing to bet its pretty simple but after pulling my hair out all day, I cant really think clearly.
I’m wondering if anyone can give me any suggestions of things to try, I’m at a complete loss and could really use some help.
I’m honestly at the point of buying a UDM but im worried i will have a similar issue because i dont know whats causing it.
Thank you so much!
If it is working with a consumer router but not working with pfsense my guess would be that the consumer router has UPNP enabled by default as many do. You can turn that on in pfsense but it is off by default as it’s considered a security risk to allow devices to automatically open ports.
Thank you so much for your reply Tom!
Okay I will give that a shot today and will update to let you know.
I did enabled pnp remotely last night but right now the nvr isn’t pulling an ip, so I’m gonna head down there figure that out and hopefully everything will work as expected.
Again thank you so much for taking the time to read and reply. Your videos were my guild and inspiration to use pfsense for myself and my clients.
I got the cameras to pull the correct IP address, enabling UPNP did not resolve the issue.
If anyone has any suggestions it would be much appreciated.
Here’s a SS of the upnp in case i did something wrong.
I also have tried opening ports 8000, 80, and 554
How do you access the NVR internally , what ports
Is the gateway address entered correctly on the NVR
The port used internally, you have to setup port forwarding from the wan to access it externally
What type of internet connection do you have - startic, cgnat. If cgnat you can not have port forwarding
To test if the port is open use Open Port Check Tool - Test Port Forwarding on Your Router
Hey Paul thanks for the reply.
To access the cameras internally from a browser i believe its using port 80, although all we have to do is type in the NVR’s local IP address “10.30.1.100” without any ports into a browser and the page pulls up. They have another port for the LUMA app(thats what they use) which is 8000.
After some research it looks like spectrum does use CGNAT but i am only using their modem(not a combo unit) and we are currently using DHCP but do have a static IP. According the spectrum they require to have their router inbetween the modem and the firewall to get the static IP and i could not for the life of me get that working, so i had scrapped it. It would however be nice to have a static IP for them as our new DHCP IP is apparently on some block lists.
I did bring the spectrum router that is configured for static back to the shop to see if I could look in the settings and see why i could not get that working either.
I will open a port and test to see if the port is actually open and report back.
Currently the cameras are back online but only because I installed a netgear router that i had and have the cameras plugged into it as well as pfsense. It’s working and the client is happy but im just not happy with that config and know its not done correctly.
I opened port 8000 and tested the port. It comes back as its closed but that could also be due to the other router not having any open ports.
Is there a way to turn off cgnat or get pfsense working with it properly?
Thank you guys for all your help so far. It’s times like these when i feel like i know only the basics of networking.