rcmcmullen
New Around Here
Hello
I have AC5300 running Merlin latest and have been hardening my network. I've setup a VPN server via a VPS and have set it up where I drop all incoming traffic by default and punched a hole in the firewall to allow from a fixed ip (my vpn connection).
The router just forwards the ssh traffic to my ssh box; all the magic happens using ufw to handle that.
I have a camera system NVR on my lan that I am wanting to do the same; to remote viewing is restricted to just my incoming fixed ip (vpn conection).
Two trails to go down here; one I am wanting to setup through the router if possible to only allow a certain IP to pass traffic to say port 85--thinking that can be done manually through iptables but I am not sure how to do that.
The 2nd trail, how can I go about putting that NVR on its own isolated lan so it can not access anything within my network (paranoia that if I have a aftermarket ip camera that gets hijacked).
Any advice? I am considering on down the road to find a better NVR but maybe I can make something work with what I have--without getting too complicated.
ty.
I have AC5300 running Merlin latest and have been hardening my network. I've setup a VPN server via a VPS and have set it up where I drop all incoming traffic by default and punched a hole in the firewall to allow from a fixed ip (my vpn connection).
The router just forwards the ssh traffic to my ssh box; all the magic happens using ufw to handle that.
I have a camera system NVR on my lan that I am wanting to do the same; to remote viewing is restricted to just my incoming fixed ip (vpn conection).
Two trails to go down here; one I am wanting to setup through the router if possible to only allow a certain IP to pass traffic to say port 85--thinking that can be done manually through iptables but I am not sure how to do that.
The 2nd trail, how can I go about putting that NVR on its own isolated lan so it can not access anything within my network (paranoia that if I have a aftermarket ip camera that gets hijacked).
Any advice? I am considering on down the road to find a better NVR but maybe I can make something work with what I have--without getting too complicated.
ty.