Emerging Member
Posts: 66
Registered: ‎03-25-2014
Kudos: 15
Solutions: 2
Accepted Solution

edgemax and airvision

Hello The Internets,

I have an edgemax lite and an airvision nvr version 2.1.3. I am tryng to get accsess to the nvr from the cloud.  i have forwarded 7443 7080 and 843 i have also opened the ports up on my firewall as well as disabiling it completly i am still unable to get accsess. I am willing to post configs if needed.

 

Thanks Much

typecookie

Alight who has my password?

Accepted Solutions
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: edgemax and airvision

You didn't mention what version you're running, but it appears to be v1.2.0 so I'd recommend upgrading to v1.4.1.   Once you upgrade you can delete your destination nat rules and related firewall rules and instead use the new port-forward feature in the GUI.  Not only is it easier, but it can automatically open the right firewall ports and even do nat hairpin.

As for you current configuration couple comments:

1) cloud.torouter rule 2 is missing the state invalid match criteria, so rule 2 will drop any packet that didn't match rule 1.

2) cloud_in has default-action of accept which effectively means no firewall - any packet that doesn't match rule 7 will be accepted.

3) cloud_in rule 6 is your established allow and probably should be the first rule as it will get hit most often.

4) the address range your using from your LAN is a public range.  If you don't own that range you should probably use a rfc1918 range.  If you do own that range then you don't need to masquerade NAT your WAN traffic.

EdgeMAX Router Software Development

View solution in original post


All Replies
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: edgemax and airvision

Post your config.

EdgeMAX Router Software Development
Emerging Member
Posts: 66
Registered: ‎03-25-2014
Kudos: 15
Solutions: 2

Re: edgemax and airvision

configs attached

Alight who has my password?
Attachment
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: edgemax and airvision

You didn't mention what version you're running, but it appears to be v1.2.0 so I'd recommend upgrading to v1.4.1.   Once you upgrade you can delete your destination nat rules and related firewall rules and instead use the new port-forward feature in the GUI.  Not only is it easier, but it can automatically open the right firewall ports and even do nat hairpin.

As for you current configuration couple comments:

1) cloud.torouter rule 2 is missing the state invalid match criteria, so rule 2 will drop any packet that didn't match rule 1.

2) cloud_in has default-action of accept which effectively means no firewall - any packet that doesn't match rule 7 will be accepted.

3) cloud_in rule 6 is your established allow and probably should be the first rule as it will get hit most often.

4) the address range your using from your LAN is a public range.  If you don't own that range you should probably use a rfc1918 range.  If you do own that range then you don't need to masquerade NAT your WAN traffic.

EdgeMAX Router Software Development
Emerging Member
Posts: 66
Registered: ‎03-25-2014
Kudos: 15
Solutions: 2

Re: edgemax and airvision

Thanks for the data. I got some side projects and have only been able to corect the firmware, ip range and firewall. I'm working on the port forwarding tonight
Alight who has my password?
Highlighted
Emerging Member
Posts: 66
Registered: ‎03-25-2014
Kudos: 15
Solutions: 2

Re: edgemax and airvision

Thanks for the firmware update tip. IT got me pointed in the right direction. I now have all the ports forwarded that I need the firewall is ordered corectly I even got my sandbox for infected computers up and running.

Alight who has my password?