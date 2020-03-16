Wanting to keep the cameras from phoning home to China or other mischief. Some will be in a detached garage on a wired POE switch and some in the house. Can I keep the traffic separate with one cable between buildings or do I need two? Want to set up a NVR, probably Zoneminder, that I can access from the home network but would like to keep the cameras off it or limit their connection to only the NVR. What's the best way to do this? I set up my own network with static ip for some devices but don't have a lot of network experience so some detail would be helpful. Router is running ddwrt.
-
Did you know that you can enjoy many members-only features simply by quickly registering (no CAPTCHA!)?
Registering gives you access to our giveaways, forum features, increased search performance, access to our Download Library, create your own blog & gallery, and more!
Once you have registered, stop by in 'Hello World', and introduce yourself.
separating camera network from rest of home network
#1
Posted 16 March 2020 - 03:52 PM
#2
Posted 16 March 2020 - 03:58 PM
I have my pfsense router firewall rules set to specifically block the IP addresses for all of my devices that don't need outbound connections. pfsense allows creating an alias, in which I've got each device's IP address. This allows making a set of rules that'll cover anything in the alias.
I have all my DNS set up internally to run through an instance of pi-hole. This is a DNS server with spam blocking. The nice part of it is the dashboard. It allows me to see quite easily what devices have been making DNS requests. It caught my Smart Things hub making an EXTREME amount of DNS lookups, due to a Hue integration bug. Like 50k requests per hour.
#3
Posted Yesterday, 09:16 AM
Your wiring generally won't matter (unless you create a totally separate LAN for the cameras and NVR and don't give it WAN access). These type of restrictions usually occur at the router level. The router controls how traffic is routed internally (LAN) and externally (WAN). You just need to create some rules to prevent the cameras (by ip address or mac address) from communicating outside of your LAN.
I also run pfsense as my router, but I found this DD-WRT guide that is hopefully still relevant. I also run pfsense, but I found this DD-WRT guide that is hopefully still relevant. https://www.reddit.c...from_accessing/
Edited by sic0048, Yesterday, 09:23 AM.
#4
Posted Yesterday, 09:37 AM
Utilize PFSense here and the PFBlocker add on. Pi-Hole is a good add on but not necessary when using PFSense.
Here is a video comparing PFSense-PFBlocker and Pi-Hole.
You can separate the CCTV network via VLANs (lots of folks do this) or autonomous networks and separate rules on your firewall.
Many CCTV DVRs today utilize POE enabled ethernet ports for an autonomous network plus a separate ethernet port for the DVR GUI.
Typically you cannot see the rules in play between the networks on these devices between ethernet interfaces (embedded Linux)
#5
Posted Yesterday, 09:39 AM
While pfsense does have a blocker, the dashboard in pi-hole is FAR superior. That alone makes it worth the trivial effort to install it. Tip, it'll run on anything that runs linux, not just a raspberry pi. I have mine running in a Debian linux VM on my QNAP NAS.
#6
Posted Today, 06:21 AM
Thanks. That gives me a few things to check into.
Bill, Sounds like you are running pfsense AND pihole? Will take a look at how much overhead they take. I've got a linux box running mythtv if the overhead isn't too high. Need to check the loading too but I think it is pretty high when dealing with multiple recordings.
#7
Posted Today, 06:55 AM
Here running MythTv and Logitech Squeeze server on a Lenova Tiny M93 computer (recently upgraded from an old core duo). It wasn't working too hard on the core duo and even less now on the Lenova Tiny.
I have the MythTV box talking to two HDHomerun boxes. Not really recording too much. Looking now to see about saving live streaming stuff on the Kodi boxes.
I am happy here running PFBlocker on PFSense. On a new install had to register PFBlocker on the Maxmind site.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users