Port 8080

Forum|Forum|16 years ago
July 23, 2009
4 replies
7173 views

HI, we host a webcam. A Canon GC-10. It sits on port 8080 internal to our network. I have setup virtual ip for the camera, NAT no port forwarding and set up a firewall policy to forward port 8080 traffic to the VIP camera. But nothing. Is there some kind of Fortinet admin service that grabs 8080? Any ideas?

g3rman

New Member

Hi David, welcome to the forums. Here is what the config should look like: Firewall -> Virtual IP Name: Camera IP: External/1.2.3.4 (public IP) Map to IP: 192.168.1.100 (private IP) Custom Service Firewall -> Service -> Custom -> Create New Name: TCP-8080 Protocol: TCP Source Low: 1 Source High: 65535 Destination Low: 8080 Destination High: 8080 Then there should be a rule Firewall -> Policy Source Interface: External Source Address: all Destination Interface: internal Destination Address: Camera Service: TCP-8080 The NAT checkbox on the firewall rule should not be enabled.

A

Anonymous_UserAuthor

Contributor

Hi g3rman, I set this exactly as you say but it is still not working. What other info can I gather?

g3rman

New Member

Run this command from the CLI: diag sniffer packet internal ' host 192.168.1.100' -Notice they are single quotes -Substitute your internal interface name and the physical IP of your webcam Then try to access the camera from the outside and see if you see any traffic coming inbound on the command line. If not you can try diag sniffer packet wan1 ' host 1.2.3.4' to see if packets on port 8080 are even getting to your firewall. Also, is the VIP the same as your external firewall IP address or a different IP?

A

Anonymous_UserAuthor

Contributor

Thank you g3rman! IP VIP and external: 10.0.x.x VIP 12.157.xx.xx external firewall address Ok I am seeing this constantly in the log: 6.796679 125.90.xx.xx.49164 -> 10.0.xx.xx.21: fin 3387191081 ack 3865568601 6.796728 125.90.xx.xx.49369 -> 10.0.xx.xx.21: syn 3386482840 6.797701 10.0.xx.xx.21 -> 125.90.xx.xx.49164: psh 3865568601 ack 3387191082 6.800826 10.0.xx.xx.21 -> 125.90.xx.xx.49164: fin 3865568615 ack 3387191082 6.819566 10.0.xx.xx.21 -> 125.90.xx.xx.49369: syn 3871957392 ack 3386482841 6.983824 125.90.xx.xx.49164 -> 10.0.xx.xx.21: rst 3387191082 6.986954 125.90.xx.xx.49164 -> 10.0.xx.xx.21: rst 3387191082 7.005702 125.90.xx.xx.49369 -> 10.0.xx.xx.21: ack 3871957393 7.017453 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957393 ack 3386482841 7.203951 125.90.xx.xx.49369 -> 10.0.xx.xx.21: ack 3871957437 7.203970 125.90.xx.xx.49369 -> 10.0.xx.xx.21: psh 3386482841 ack 3871957437 7.204479 10.0.xx.xx.21 -> 125.90.xx.xx.49369: ack 3386482861 7.205723 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957437 ack 3386482861 7.455444 125.90.xx.xx.49369 -> 10.0.xx.xx.21: psh 3386482861 ack 3871957473 7.461078 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957473 ack 3386482868 7.647326 125.90.xx.xx.49369 -> 10.0.xx.xx.21: fin 3386482868 ack 3871957504 7.647507 125.90.xx.xx.49586 -> 10.0.xx.xx.21: syn 3381131554 7.647972 10.0.xx.xx.21 -> 125.90.xx.xx.49586: syn 3861402502 ack 3381131555 7.648347 10.0.xx.xx.21 -> 125.90.xx.xx.49369: psh 3871957504 ack 3386482869 7.652470 10.0.xx.xx.21 -> 125.90.xx.xx.49369: fin 3871957518 ack 3386482869 7.834503 125.90.xx.xx.49586 -> 10.0.xx.xx.21: ack 3861402503 7.834527 125.90.xx.xx.49369 -> 10.0.xx.xx.21: rst 3386482869 7.838467 125.90.xx.xx.49369 -> 10.0.xx.xx.21: rst 3386482869

g3rman

New Member

This one is easy. Essentially what is happening is that you are hitting the camera and the camera is refusing the connection on port 8080. This is not a firewall issue but related to your camera config.

A

Anonymous_UserAuthor

Contributor

right you are g3rman. I did a pwer on/off of the camera and it started working. I think your fix suggestion last night of opening source ports for all TCP ports fixed it, but the camera was hung up at that point and was not working. All is well. THank you Thank you g3rman

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded