Netgate SG-1000 microFirewall

Author Topic: Stunnel and IP Cameras  (Read 1669 times)

0 Members and 1 Guest are viewing this topic.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Stunnel and IP Cameras
« on: July 12, 2013, 03:37:37 am »
I'm ambivalent about having IP cameras facing the public IP with no VPN required to get at them, but seems most of them have no SSL web interface.  I wanted to have one on a port I could turn on and off with a button click to my firewall rules but leave configured.

I put stunnel facing the web and pointed the other side of it at my IP camera.

Of course its better to have it behind firewall and access through VPN, but stunnel works to hide my user name/pass when logging in and seems to keep it all inside SSL nicely.

No guarantee camera won't get DOSed but I have no plans to leave it open all the time.

Of course, it would be nice to have an intermediary tool of some sort similar to captive portal that would request a username and password before a single packet was sent to the camera since pfsense can handle a DOS attack much better than the little camera can but not sure how I'd set something like that up in short order that was specific to a single port on the WAN and didn't get in the way of other things.  I'm think about it.
« Last Edit: July 12, 2013, 03:39:55 am by kejianshi »

Offline panz

  • Full Member
  • ***
  • Posts: 187
  • Karma: +0/-0
    • View Profile
Re: Stunnel and IP Cameras
« Reply #1 on: September 10, 2013, 08:46:54 am »
Is your configuration like this?

Listening socket IP address and port $WAN:443

Target IP address and port 127.0.0.1:22

IP address to bind to when connecting to the target Cam_IP
pfSense 2.3.2-RELEASE-p1 (amd64)
motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: Stunnel and IP Cameras
« Reply #2 on: September 10, 2013, 08:50:10 am »
I tried it behind stunnel.  It works, but the problem is that 7 billion people world wide try to connect to that port, so it causes the IP camera to be un-responsive.  So, I only use VPN.

Offline apple5

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Stunnel and IP Cameras
« Reply #3 on: September 11, 2013, 02:43:00 am »
you can try listening socket IP address and port $WAN:443
« Last Edit: September 11, 2013, 03:16:23 am by dvserg »

Offline panz

  • Full Member
  • ***
  • Posts: 187
  • Karma: +0/-0
    • View Profile
Re: Stunnel and IP Cameras
« Reply #4 on: September 11, 2013, 03:12:33 am »
you can try listening socket IP address and port $WAN:443

???
« Last Edit: September 11, 2013, 03:17:54 am by dvserg »
pfSense 2.3.2-RELEASE-p1 (amd64)
motherboard: MSI C847MS-E33 Micro ATX (with Intel Celeron CPU 847 @ 1.10 GHz) ~ PSU: Corsair VS350 ~ RAM: Kingston KVR1333D3E9S 4096 MB 240-pin DIMM DDR3 SDRAM 1.5 volt ~ NIC: Intel EXPI9301CTBLK (LAN) ~ NIC: D-Link DFE-528TX (CAM) ~ Hard Disk: Western Digital WD10JFCX Red ~ Case: Cooler Master HAF XB ~ power consumption: 21 Watts.