Port forwards work on WAN and not on LAN using UPnP

[kater1]

I am having problems setting up port forwarding to access my cameras from both WAN and LAN. Let me tel you what hardware I am using then describe the problem.

Netgear WNDR3700v4 firmware V1.0.1.32

Hikvision and Foscam cameras

IP camviewer app on Android phone

DYNDNS.org as DNS service

If I use UPnP to configure my port forwards I can connect to the cameras using Mydomain.DYNDNS.org from the WAN but not the LAN

If I maually configure the port forwards I can connect to Mydomain.DYNDNS.org from both WAN and LAN

I can not figure out why. What am I doing wrong? How can I fix it.

Thanks

Bill

 

[mxnerd]

http://www.hikvision.com/ueditor/net/upload/2015-06-10/4a0adc77-c874-464a-a2fe-e7d8f7589b21.pdf

 

[kater1]

That doesn't explain why I have the same problem with the Foscam cameras.



Sent from my SM-G920V using Tapatalk

 

[kater1]

Is it something to do with Nat Loopback?

Sent from my SM-G920V using Tapatalk

 

[mxnerd]

Why would you insist using UPNP if manual port forwarding works?

http://www.foscam.com/Cooperate/FAQinfo/id/28.html

Q: How is UPNP working?
A: In current software, UPNP only contains port forwarding. It is used to do port forwarding automatically.
If you enable UPNP on both your camera and router, camera will automaticly do port forwarding between them. However, UPNP is also easily affected by different routers or firewalls, sometimes it may show failed status. In this case, please do port forwarding manually in your router, forward to camera’s ip and port. After that, UPNP succeed or failed has no effect on remote access.

 

[kater1]

At the moment I have 17 of the 20 allowed manual port forwards used. If UPnP would work I wouldn't run out of Port forwards

Sent from my SM-G920V using Tapatalk

 

[mxnerd]

Maybe you can try other firmwares like DD-WRT or Tomato for your model.

I personally have a DD-WRT router, but my port forwarding never go beyond 10, so I have no idea how many ports these custom firmware will take.

 

[mxnerd]

Or you can try x86 pfSense, which probably doesn't have any limits.

 

[kater1]

This still has not answered the question as to why port forwarding works when manually input but not with UPnP

Sent from my SM-G920V using Tapatalk

 

[mxnerd]

Tested, DD-WRT can take more than 30

==

UPNP doesn't always work. I encountered the same problem before with some software/hardware. This is not a perfect world.

Sometime you don't even get same pitch when you buy screws that's made by different manufacturers.

Foscam engineers already answered that question. Ask them.

 

[Rifter]

UPNP is not perfect, it doesnt always work, and it never will be perfect and always work, the better and more secure way to go about this is with manual port forwarding. As has already been mentioned.

If your current router is not up to the task i recommend a pfsense based solution.

 

[mxnerd]

This is what FOSCAM said about UPNP, and they encourage you to disable it!

http://foscam.us/forum/please-always-disable-upnp-in-your-camera-here-is-why-t7282.html

 

[kater1]

So. This is a camera issue, not a router issue?

Sent from my SM-G920V using Tapatalk

 

[mxnerd]

So. This is a camera issue, not a router issue?

No one knows. Ask FOSCAM, or Netgear. I think very few people know how to troubleshoot at UPNP protocol level.

UPNP probably is good for LAN, but absolutely a bad idea for WAN. It's a security risk.

Most home routers port forwarding max entries seems to be 20 since Linksys introduce consumer grade routers for home use.

If you insist to use UPNP or need more than 20 port forwarding entries, build an x86 firewall like pfSense or use custom firmwares for your router and try as I said earlier. But there is no guarantee that your device will work with either.