• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

How to easily separate Security Camera system on LAN to its own network for security.

We have a small business that uses Comcast as our ISP. They supplied us with a Netgear CG3000DCR Modem. We currently have a static IP address to allow us to remotely view our security camera DVR via port forwarding. We process credit cards thru the same system & have ports open to do so & now we are failing our security scan by our credit card security people (SecureScan). What would be the easiest way to segment our security camera system off of the main LAN but still use the gateway for remote viewing access? Can I just add an additional router to an open LAN port on the modem, change the internal IP to another network & place the DVR on that network? How will that affect port forwarding to the new network?
0
mimi8118
Asked:
mimi8118
2 Solutions
 
CombemartinCommented:
This article may help, I were thinking of doing the same at one site but never got round to it, in the end, it were more secure to have a second broadband installed for the transactions.
http://portforward.com/help/doublerouterportforwarding.htm
0
 
mbkitmgrCommented:
Does your router support Port Translation.

It allows you set an uncommon external port to connect to a device via its preferred port.  We have Head Office clerical maintaining the address books in Digital Multifunction printers (MFD) at other sites

EG - I setup port 32333 as the incoming port, which gets translated to Port 80, and forwarded to our Digital Multifunction printer to allow Admin staff to maintain the address book.

They connect to Http://1.1.1.1:32333, the router converts it to port 80, and routes it to the MFD on 192.168.1.111

Of course this will only work if the software you use to remotely access the Stream allows you to specify the port other than standard.

Using this method helps us get approval for this config to remain.
0
 
KimputerCommented:
You can indeed add another router, forwarding will still work.
Example, current situation:

port forward
80 >  public IP > router 1 LAN > 192.168.1.2
81 >  public IP > router 1 LAN > 192.168.1.3

You can reach both security cam 1 and 2 through public IP:80 and 81, where camera 1 is IP 192.168.1.2 and cam2 is IP x.3
NAT rules in router 1 is port 80 to 192.168.1.2 and port 81 t0 192.168.1.3

new situation:

80 >  public IP > router 1 LAN > router 2 192.168.1.250 > 192.168.2.2
81 >  public IP > router 1 LAN > router 2 192.168.1.250 > 192.168.2.3

NAT rules in router 1 is port 80 to 192.168.1.250 and port 81 ALSO to 192.168.1.250 (with router 2 WAN having this IP)
NAT rules on router 2 is port 80 to IP 192.168.2.2 for cam1 and port 81 to IP 192.168.2.3 for cam2

Another method is to have a new modem/router that has VLAN options.
VLAN1 is current network, VLAN2 (it's own DHCP server, and IP range, most easy in wifi situations, because SSID links to this VLAN)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now