How to block my IP cameras from the internet and my local network?

Mike 19

n3wb
Joined
Oct 30, 2022
Messages
18
Reaction score
10
Location
DC
I found a easy way to do it.

go to profiles create new group Type IPv4 enter the IP you want blocked hit save.

then go to firewall create new rule type internet out - action drop - source type - port/ip group IPv4 Address group select the one you just made in profiles hit save.

inspired by user Gargoile
 
Joined
Mar 2, 2022
Messages
6
Reaction score
1
Location
Gaia
I was more concerned about the cameras I have "phoning home" They were very inexpensive, but well manufactured with a lot of great features (human recognition). That's a pretty powerful processor, thus the reasons for my suspicions. (I later learned that these cameras do indeed attempt to contact an unknown IP address)

I created a separate network and my BlueIris software runs on a computer with two NICs. All of the camera network have fixed IP address. I have a dedicated computer running BlueIris (~$250 refurbished on Amazon). I haven't taken the time to ensure that the network is secure, so I don't know if this works or not. I did run into a challenge. The cameras want to access an NTP server to get the time. I resolved this by building my own NTP server from an Arduino with an ethernet interface and a GPS module. I found the NTP Server software for the Arduino online. So for under $20 I have an NTP server.

All is good.

OSD
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
You can also load NetTime on the BI machine and use it as the NTP server. No Arduino needed that way.
 

Alaska Country

Getting comfortable
Joined
Jun 10, 2021
Messages
437
Reaction score
632
Location
Alaska
You can also load NetTime on the BI machine and use it as the NTP server. No Arduino needed that way.
Like this idea.

What are the steps to add the NTP server to each camera? Assuming that it will be necessary to log into each individual camera and change the Date & Time NTP server to other than "clock.ise.org". Would one use "0.nettime.pool.ntp.org" as the correct camera NTP server for each individual camera? i.e. reuse the same server?
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Yes, each camera needs to be pointed to the NTP server. You'd use the IP of the BI server assuming that's where you installed it. The cams all use the same server IP.

Beyond installing NetTime on the BI Server, you may also need to allow traffic through the Windows firewall on the server over UDP port 123. And check that the native Windows time server hasn't already grabbed port 123. If so, you can disable it.
 
Last edited:

Mike 19

n3wb
Joined
Oct 30, 2022
Messages
18
Reaction score
10
Location
DC
The two NIC cards will not work for me as everyone's situation is different.

I did try the VLAN and it worked as well but i thought it was a lot more complicated so many rules to make. I didn't think my BI computer should be on the same VLAN as the cameras as it would have no internet then i read that it would be taxing on the router if you had all that data going over two VLANs.

Blocking by IP was the easy route lol
 

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
The two NIC cards will not work for me as everyone's situation is different.

I did try the VLAN and it worked as well but i thought it was a lot more complicated so many rules to make. I didn't think my BI computer should be on the same VLAN as the cameras as it would have no internet then i read that it would be taxing on the router if you had all that data going over two VLANs.

Blocking by IP was the easy route lol
cameras are going to tax a 1Gb network. But in your case with a 10Gb network, it wouldn't be a burden anyways.

two nics on different ip into the same network works well, however, they should be the same speed or else it would have to buffer to the lower speed which can slow things down.
 

sebastiantombs

Known around here
Joined
Dec 28, 2019
Messages
11,511
Reaction score
27,690
Location
New Jersey
How many cameras are running that it would "tax" a gig network switch? I'm running 22, mix of 4MP, 2MP and one 8MP, and only see ~200Mb/PS of traffic on the private LAN. Even if you had 44 4MP cameras running I don't think you'd hit 600Mb/PS.
 

Mike 19

n3wb
Joined
Oct 30, 2022
Messages
18
Reaction score
10
Location
DC
I was referring to the VLAN taxing the UDM not the NIC cards.

From what i can find there is a huge performance drop with IP cams on VLANs using the UDM Pro.
 

rwclark73

n3wb
Joined
Aug 19, 2020
Messages
11
Reaction score
8
Location
Kansas
Running My cameras on Vlan using UDM pro. I have not noticed a problem with performance with 12 cameras, I think that was some older software on the USG/udm pro.
All cameras are on the same switch and all the ports they are plugged into are set to that Vlan only not all traffic. Made a separate wireless network for that Vlan too. I have three raspberry pies running Camviewer software on them to display on TV's around the house. so everything security related is on one vlan, BI computer, dahua nvr, cameras, and camviewers. Firewall rules are set so I can get to all of them from the main network but they cannot get out of that Vlan unless they are queried from the main.
Security Vlan is also set so it cannot get out of the house. If you plug a computer into that network it has no abilities to get out to the world.

I would try a vlan.
 

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
How many cameras are running that it would "tax" a gig network switch? I'm running 22, mix of 4MP, 2MP and one 8MP, and only see ~200Mb/PS of traffic on the private LAN. Even if you had 44 4MP cameras running I don't think you'd hit 600Mb/PS.
32 - 8mp @ UHD (3840x2160) 25 fps Is about 880Mb/s w h.264 high quality compression
Then when you have a lot of bandwidth getting used this way, Will your recorder keep up?
32- 8mp with the above settings would need a HDD sustained transfer rate of ~110 MB/s
It is getting near the limits in SATA especially when there is more than 1 remote session in live view and another one searching the recordings
So eventually NVR makers will have to go either SAS (which is the full duplex SATA) with a dual armature HDD, or with lesser performance with NVMe storage .
 
Last edited:

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
I'm curious where you get that figure from.
That's about 28Mbps per camera.
None of my Hikvision 8MP cameras allow a bitrate to be configured at over 16,384Kbps.
but they run a different compression standard: H.265 or h.264 with high compression
you wouldn't get a low compression, high quality in a camera until you start looking into cameras that have a AMD cortex or better processor ($500+ cameras)
 

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
412
Reaction score
417
Location
South Dakota
OK, so quite different from what you quoted to get that figure. Not h.264
its not going to be exact, because its a calculation.
There are several ways these cams can be set up. Some have certain limitations than others.
The bandwidth varies and there are a lot of combinations.
If you want to anticipate what bandwidth its going to possibly consume, there are several online calculators and none of them are going to give you truly exact numbers, just an approximation.
 
Top