Difference between revisions of "Domnev1"

From Teltonika Networks Wiki
 
(16 intermediate revisions by the same user not shown)
Line 1: Line 1:
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.03'''] firmware version.</p>
+
<p style="color:red">The information on this page is updated in accordance with the [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.09'''] firmware version .</p>
 +
__TOC__
 +
==Summary==
  
==Introduction==
+
This article contains instructions on how to configure Port Foward functionality on most of the Teltonika Networks devices (with the exception of TAP and TSW series)
This article contains instructions on how to do UCI-based configuration for setting up RelayD with IPv4+IPv6 support.
 
  
==Tunnelbroker configuration==
+
<b>Port Forwarding</b> is the process of redirecting data packets to another destination. In Teltonika-Networks devices this is a feature of the iptables firewall, NAT table, PREROUTING chain. When a packet matches a port forwarding rule, the destination and/or port values are changed in the packet header.
[http://tunnelbroker.net Tunnelbroker.net] is a website operated by Hurricane Electric, a leading provider of internet services and networking solutions. The website provides a service called Hurricane Electric IPv6 Tunnel Broker, which allows users to create an IPv6 tunnel between their network and Hurricane Electric's network. This allows users to connect their devices to the internet using the IPv6 protocol, even if their internet service provider (ISP) does not support IPv6.
 
===Login===
 
----
 
Go to [http://tunnelbroker.net tunnelbroker.net] and log into your account. If you don't have a registered account then you will need to create one - click '''register'''.
 
[[File:Tunnelbroker login.png|border|center|class=tlt-border|1004x1004px]]
 
  
===IPv6 to IPv4 tunnel setup===
+
==Configuration overview & prerequisites==
Setup IPv6 over IPv4, also known as 6in4 IPv6 transition mechanism
+
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible.
----
 
  
To create a new tunnel, click on '''create regular tunnel''' ('''1'''), then '''enter''' your '''public IP''' (it will light up green, if the tunnel can be created with this IP) ('''2'''), '''select''' the desired '''tunnel server''' ('''3''') and '''create tunnel''' ('''4''').
+
Configuring port forwarding on Teltonika devices is a simple process that involves just a few steps and can easily be replicated across various devices. The number of devices involved will depend on the specific use case, but the setup can be scaled seamlessly. In the example below, we will use the RUTX50 as the primary device with mobile internet connectivity, acting as the gateway and DHCP server. This setup allows us to remotely access third-party devices connected to RUTX50 over the internet.
  
[[File:Create IPv6 Tunnel.png|border|center|class=tlt-border|854x854px]]
+
[[File:Networking_rutos_faq_port_forwarding_example_1_v1.png|900px]]
  
After successful tunnel creation, you will be prompt to tunnel details window.
+
'''Prerequisites''':
 +
* A device from the RUT, RUTX, RUTM, RUTC or TRB series gateway;
 +
* A device which we will be reaching through port forward
 +
* A PC, Laptop, tablet or a smartphone
 +
* The Teltonika Networks device must have a SIM card with a Public Static or Public Dynamic IP address (more on IP address types '''[[Private and Public IP Addresses|here]]''') to make remote access possible
 +
* (Optional) If the router's SIM card has a Public Dynamic IP address, you may want to additionally configure a '''[[Dynamic DNS]]''' hostname
  
[[File:IPv6 Tunnel created.png|border|center|class=tlt-border|454x454px]]
 
  
To create a a tunnel instance on your RUT router, '''navigate''' to '''example configurations''' ('''1''') and select '''OpenWRT Barrier Breaker''' ('''2'''). Copy and paste the following commands into your RUT CLI. Do not forget to '''replace''' '''YOUR_TUNNELBORKER_USERNAME''' and '''YOUR_TUNNELBROKER_PASSWORD''' with your '''TunnelBroker account username''' and '''password'''.
+
{{Template:Networking_rutos_manual_basic_advanced_webui_disclaimer
 +
| series = RUTX
 +
}}
  
[[File:Tunnel interface.png|border|center|class=tlt-border|554x554px]]
+
==Router configuration==
  
In the RUT1 CLI you can see that the new interface has been successfully created.
+
First, let's overview what configurations we'll be needing to set up:
  
[[File:Tunnel RUT interface created.png|border|center|class=tlt-border|554x554px]]
+
* Enable '''remote HTTP access''', so that the router can be reached from a remote location
 +
* Specify an '''Access Point Name''' ('''APN''') for the SIM card in use, so that the router will obtain a Public IP address
 +
* Configure a '''Port Forwarding''' rule that redirects all connections from one Port to the camera's IP address:Port
 +
* (Optional) Configure '''[[Dynamic DNS]]''' hostname
  
==Relayd configuration==
+
===Enabling remote HTTP(S) access===
Relay is a daemon (computer program that runs as a background process) used to relay and dynamically redirect incoming connections to a target host. Its main purpose in RUTxxx routers is to extend the wireless network. For example, when RUTxxx is in STA Wireless Station mode, it can be used to bridge WAN and LAN interfaces to create a larger Wireless network.
+
----
 +
* To enable remote HTTP access, log in to the router's WebUI and navigate to the  '''System → Administration → Access Control''' tab. Once in the '''Administration-Access Control''', find the '''Enable remote HTTP access''' field and put a check mark next to it:
  
This article provides an extensive configuration example of a basic Relay usage scenario with two RUTxxx devices.
+
 
===Relayd installation===
+
[[File:RutOS_remote_camera_access_7.8_1.png|border|class=tlt-border|alt=|1000px]]
 
----
 
----
Install relayd package if needed, skip this step on RUTX series devices or if you already installed it on your router
 
<pre>opkg update
 
opkg install relayd</pre>
 
  
===WiFi client configuration===
+
'''WARNING''': once you set up any type of remote access, your router becomes vulnerable to malicious attacks from unknown hosts throughout the Internet. It is highly recommended that once you enable remote access, you also change the router's default password to a string, custom password. You can change the router's password in '''[[RUT950_Administration#General|System → Administration → General → Administrator Password]]'''
 +
====Step 2: Set an APN====
 
----
 
----
Add WiFi interface to make your router act as a WiFi client (connect to another AP)
+
'''Note:''' ''If you have a Public IP address already, you can skip this step.''
 +
----
 +
* To set the APN, while in the router's WebUI, navigate to the '''Network → WAN''':
  
<pre>uci add wireless wifi-iface
 
uci set wireless.@wifi-iface[-1]=wifi-iface</pre>
 
  
Add new WiFi interface to 2.4ghz device, can specify 'radio1' for 5ghz
+
[[File:RutOS_remote_camera_access_7.8_2.png|border|class=tlt-border|alt=|1000x1000px]]
 +
----
 +
* Once in the '''WAN''' window, edit your mobile interface, find the '''APN''' field and enter you Internet Service Provider's APN:
 +
# '''Disable the Auto APN option'''
 +
# Choose the correct '''APN''', which gives out a public IP address (for more information about that contact your Internet Service Provider)
  
<pre>uci set wireless.@wifi-iface[-1].device='radio0'
+
[[File:RutOS_remote_camera_access_7.8_3.png|border|class=tlt-border]]
uci set wireless.@wifi-iface[-1].mode='sta'
 
uci set wireless.@wifi-iface[-1].network='wifi_wan'</pre>
 
  
Change SSID here to an SSID that the router will be connecting to
+
* Additional notes on APN:
 +
** '''NOTE 1''': don't use the exact APN value as seen in the example above as it will not work with your SIM card. APN depends on your Internet Service Provider (ISP), therefore, your ISP should provide you with their APN or, in many case, you can find your ISP's APN with an online search.
 +
** '''NOTE 2''': furthermore, it should be noted that not all SIM cards support this functionality. Static or Dynamic Public IP addresses (obtained through APN) are a paid service and setting any APN value for a SIM card that doesn't support this service will most likely result in losing your data connection. If this is the case, it can be fixed by simply deleting the APN, but it also means that remote access through WAN IP will most likely not work on your SIM card.
 +
** '''NOTE 3''': in some cases the SIM card doesn't require an APN in order to obtain a Public IP address. If that is the case for you, simply check what your router's WAN IP address is - if it's already a Public IP address, then you don't need to set an APN. The easiest way to find what your WAN IP address is to log in to the router's WebUI and check the '''WAN''' widget in the '''Overview''' page. The WAN widget will be on the right side of the page, second widget from the top:
 +
[[File:WANpublic.png|alt=|border|center|frameless|660x660px]]
  
<pre>uci set wireless.@wifi-iface[-1].ssid='RUT1_SSID'</pre>
+
===Step 3: Configure Port Forwarding===
 +
----
 +
* Navigate to the '''Port Forwards''' tab by going to '''Network → Firewall → Port Forwards''':
 +
* Scroll down to the bottom of the page and locate the '''New Port Forward Rule''' section. Set the following parameters:
 +
# Custom name for the port forward.
 +
# External port(s): '''8888''' (camera's HTTP port as set in the [[Hikvision:_remote_camera_access#Camera.27s_Web_User_Interface_.28WebUI.29|3.2]] section of this article)
 +
# Internal IP: '''192.168.1.64''' (camera's IP as set in the [[Hikvision:_remote_camera_access#Camera.27s_Web_User_Interface_.28WebUI.29|3.2]] section of this article)
 +
# Internal port(s): '''8888'''
 +
# Click on '''Add''' button.
  
Change BSSID here to BSSID that the router will be connecting to (L2 address)
+
[[File:RutOS_remote_camera_access_7.8_4.png|border|class=tlt-border|alt=|1000px]]
 +
----
 +
* If you plan viewing the camera's live stream via some sort of media player (for example, VLC), you should configure an additional Port Forwarding rule. Media players like VLC use the '''RTSP''' protocol. You can check the RTSP port in the camera's WebUI (as discussed in the [[Hikvision:_remote_camera_access#Camera.27s_Web_User_Interface_.28WebUI.29|3.2]] section of this article), but the RTSP default port is always '''554''' and there is no need to change it since by default the router doesn't use this port for any of its services (unless you use for some custom configuration. In that case, change the default RTSP port). So, once again make up a custom name for a new rule and set the following parameters:
 +
# Custom name for the port forward.
 +
# External port(s): '''554''' (camera's RTSP port)
 +
# Internal IP: '''192.168.1.64''' (camera's IP as set in the [[Hikvision:_remote_camera_access#Camera.27s_Web_User_Interface_.28WebUI.29|3.2]] section of this article)
 +
# Internal port(s): '''554'''
 +
# Click on '''Add''' button.
  
<pre>uci set wireless.@wifi-iface[-1].bssid='RUT1_BSSID'</pre>
+
[[File:RutOS_remote_camera_access_7.8_5.png|border|class=tlt-border|alt=|1000px]]
 +
----
 +
* Don't forget to click '''Save & Apply''' after you've made the changes. After you have added the new rule, you will redirected to that rule's configuration window. Everything should already be in order so just click '''Save & Apply''' and your rule will be created. The new rule will appear at the bottom of the '''Port Forwarding Rules''' list, where you can check its status and make additional configurations if need be:
  
Use appropriate encryption method, PSK2 = WPA2-PSK here
 
  
<pre>uci set wireless.@wifi-iface[-1].encryption='psk2'</pre>
 
  
Change secret to appropriate one
+
[[File:RutOS_remote_camera_access_7.8_6.png|border|class=tlt-border|alt=|1000px]]
  
<pre>uci set wireless.@wifi-iface[-1].key='SSID_PASSWORD'  
+
'''FINAL NOTE''': as you can see, once you add the new rule, it is already enabled and ready for use. From this point no more additional configurations are required, as your remote camera monitoring configuration is fully set up. Unless you want to set up Dynamic DNS for your router, you can skip to the '''[[#Testing_the_set_up|Testing the set up]]''' part of this guide.
uci set wireless.@wifi-iface[-1].disabled='0'
 
uci set wireless.@wifi-iface[-1].skip_inactivity_poll='0'
 
uci set wireless.@wifi-iface[-1].wifi_id='wifi1'</pre>
 
  
===New internface configuration===
+
===(Optional) Step 4: Configure Dynamic DNS===
 
----
 
----
Create a new interface IPv4 for WiFi WAN.
+
'''[[Dynamic DNS]]''' ('''DDNS''' or '''DynDNS''') is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.
<pre>uci set network.wifi_wan=interface
 
uci set network.wifi_wan.proto='dhcp'
 
uci set network.wifi_wan.metric='6'
 
uci set network.wifi_wan.disabled='0'
 
uci set network.wifi_wan.force_link='0'
 
uci set network.wifi_wan.broadcast='0'</pre>
 
  
Set mwan3 settings for new interface
+
Dynamic DNS configuration is optional here, but it is recommended if your SIM card has a Dynamic Public IP address. You can find more information on what a Dynamic Public IP address is '''[[Private_and_Public_IP_Addresses#Dynamic_IP_address|here]]''', but in short it means that your WAN IP address is Dynamic and, therefore, it may change over time (usually when disconnecting/reconnecting or re-registering to a network). Dynamic DNS assigns a hostname to your IP address and constantly updates that hostname, which means that even if your IP address changes, DDNS will assign the same hostname to your new IP, making your router reachable via the same hostname at any time.
  
<pre>uci set mwan3.wifi_wan=interface
+
You must use an external DDNS service to create a hostname and assign it to your IP. RUT routers support many such services. You can find a complete list of supported DDNS services in the '''Services → Dynamic DNS''' section of the router's WebUI. You can also find guides on how to configure some of these services in our wiki:
uci set mwan3.wifi_wan.enabled='0'
 
uci set mwan3.wifi_wan.interval='3'
 
uci set mwan3.wifi_wan.family='ipv4'
 
uci add mwan3 condition
 
uci set mwan3.@condition[-1].interface='wifi_wan'
 
uci set mwan3.@condition[-1].track_method='ping'
 
uci add_list mwan3.@condition[-1].track_ip='1.1.1.1'
 
uci add_list mwan3.@condition[-1].track_ip='8.8.8.8'
 
uci set mwan3.@condition[-1].reliability='1'
 
uci set mwan3.@condition[-1].count='1'
 
uci set mwan3.@condition[-1].timeout='2'
 
uci set mwan3.@condition[-1].down='3'
 
uci set mwan3.@condition[-1].up='3'
 
uci set mwan3.wifi_wan_member_mwan=member
 
uci set mwan3.wifi_wan_member_mwan.interface='wifi_wan'
 
uci set mwan3.wifi_wan_member_mwan.metric='1'
 
uci set mwan3.wifi_wan_member_balance=member
 
uci set mwan3.wifi_wan_member_balance.interface='wifi_wan'
 
uci set mwan3.wifi_wan_member_balance.weight='1'
 
uci add_list mwan3.mwan_default.use_member='wifi_wan_member_mwan'
 
uci add_list mwan3.balance_default.use_member='wifi_wan_member_balance'</pre>
 
  
===IPv6 interface creation===
+
* '''[[Dynu.com DDNS configuration]]'''
----
+
* '''[[Dnsdynamic.org DDNS configuration]]'''
Create a new IPv6 interface for WiFi WAN
+
* '''[[Noip.com DDNS configuration]]'''
<pre>uci set network.wifi_wan6=interface
 
uci set network.wifi_wan6.proto='dhcpv6'
 
uci set network.wifi_wan6.metric='6'
 
uci set network.wifi_wan6.disabled='0'
 
uci set network.wifi_wan6.force_link='0'
 
uci set network.wifi_wan6.reqaddress='try'
 
uci set network.wifi_wan6.reqprefix='auto'
 
uci set network.wifi_wan6.device='@wifi_wan'</pre>
 
 
 
Set proper ipv6 settings for wifi_wan6 iface
 
 
 
<pre>uci set mwan3.wifi_wan6=interface
 
uci set mwan3.wifi_wan6.enabled='0'
 
uci set mwan3.wifi_wan6.interval='3'
 
uci set mwan3.wifi_wan6.family='ipv6'
 
uci add mwan3 condition
 
uci set mwan3.@condition[-1].interface='wifi_wan6'
 
uci set mwan3.@condition[-1].track_method='ping'
 
uci add_list mwan3.@condition[-1].track_ip='2606:4700:4700::1111'
 
uci add_list mwan3.@condition[-1].track_ip='2001:4860:4860::8888'
 
uci set mwan3.@condition[-1].reliability='1'
 
uci set mwan3.@condition[-1].count='1'
 
uci set mwan3.@condition[-1].timeout='2'
 
uci set mwan3.@condition[-1].down='3'
 
uci set mwan3.@condition[-1].up='3'
 
uci set mwan3.wifi_wan6_member_mwan=member
 
uci set mwan3.wifi_wan6_member_mwan.interface='wifi_wan6'
 
uci set mwan3.wifi_wan6_member_mwan.metric='1'
 
uci set mwan3.wifi_wan6_member_balance=member
 
uci set mwan3.wifi_wan6_member_balance.interface='wifi_wan6'
 
uci set mwan3.wifi_wan6_member_balance.weight='1'
 
uci add_list mwan3.mwan_default.use_member='wifi_wan6_member_mwan'
 
uci add_list mwan3.balance_default.use_member='wifi_wan6_member_balance'
 
uci set mwan3.default_rule_ipv6=rule
 
uci set mwan3.default_rule_ipv6.dest_ip='::/0'
 
uci set mwan3.default_rule_ipv6.use_policy='mwan_default'
 
uci set mwan3.default_rule_ipv6.family='ipv6'</pre>
 
 
 
===LAN interface configuration===
 
----
 
Configure a LAN interface accordingly.
 
<pre>uci set network.lan_repeater=interface
 
uci set network.lan_repeater.proto='relay'
 
uci set network.lan_repeater.lan_mark='lan'
 
uci set network.lan_repeater.enabled='1'
 
uci set network.lan_repeater.network='lan wifi_wan'</pre>
 
 
 
Set DHCP settings for LAN interface (disable dhcp on LAN) and enable IPv6 relay on wifi_wan interface and
 
  
<pre>uci set dhcp.lan.ignore='1'
+
The guides contain information on how to configure both the router and the third party service. Choose one according to your liking.
uci set dhcp.lan.ra='relay'
 
uci set dhcp.lan.dhcpv6='relay'
 
uci set dhcp.lan.ndp='relay'</pre>
 
  
<pre>uci set dhcp.wifi_wan=dhcp
+
==Testing the set up==
uci set dhcp.wifi_wan.ra='relay'
 
uci set dhcp.wifi_wan.dhcpv6='relay'
 
uci set dhcp.wifi_wan.master='1'
 
uci set dhcp.wifi_wan.ndp='relay'</pre>
 
  
===Firewall configuration===
 
----
 
Set firewall zone, using WAN firewall zone for newly created WiFi WAN network interface.
 
<pre>uci set firewall.@zone[1].network='wan wan6 mob1s1a1 mob1s2a1 wifi_wan'</pre>
 
  
===Commit changes===
 
----
 
Save all the changes and restart the configuration
 
<pre>uci commit
 
reload_config</pre>
 
  
==Testing the setup==
+
==See Also==
If you've taken all of the steps described above, the configuration is done. But as with any other configuration, it is always wise to test the set up in order to make sure that it works properly.
+
Most Teltonika-Networks devices have the port forwarding feature. Configuration is described in the user manual Firewall page for each device.

Latest revision as of 15:53, 4 September 2024

The information on this page is updated in accordance with the 00.07.09 firmware version .

Summary

This article contains instructions on how to configure Port Foward functionality on most of the Teltonika Networks devices (with the exception of TAP and TSW series)

Port Forwarding is the process of redirecting data packets to another destination. In Teltonika-Networks devices this is a feature of the iptables firewall, NAT table, PREROUTING chain. When a packet matches a port forwarding rule, the destination and/or port values are changed in the packet header.

Configuration overview & prerequisites

Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible.

Configuring port forwarding on Teltonika devices is a simple process that involves just a few steps and can easily be replicated across various devices. The number of devices involved will depend on the specific use case, but the setup can be scaled seamlessly. In the example below, we will use the RUTX50 as the primary device with mobile internet connectivity, acting as the gateway and DHCP server. This setup allows us to remotely access third-party devices connected to RUTX50 over the internet.

Networking rutos faq port forwarding example 1 v1.png

Prerequisites:

  • A device from the RUT, RUTX, RUTM, RUTC or TRB series gateway;
  • A device which we will be reaching through port forward
  • A PC, Laptop, tablet or a smartphone
  • The Teltonika Networks device must have a SIM card with a Public Static or Public Dynamic IP address (more on IP address types here) to make remote access possible
  • (Optional) If the router's SIM card has a Public Dynamic IP address, you may want to additionally configure a Dynamic DNS hostname


If you're having trouble finding this page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, located at the top of the WebUI.

Networking rutos manual webui basic advanced mode 75.gif

Router configuration

First, let's overview what configurations we'll be needing to set up:

  • Enable remote HTTP access, so that the router can be reached from a remote location
  • Specify an Access Point Name (APN) for the SIM card in use, so that the router will obtain a Public IP address
  • Configure a Port Forwarding rule that redirects all connections from one Port to the camera's IP address:Port
  • (Optional) Configure Dynamic DNS hostname

Enabling remote HTTP(S) access

  • To enable remote HTTP access, log in to the router's WebUI and navigate to the System → Administration → Access Control tab. Once in the Administration-Access Control, find the Enable remote HTTP access field and put a check mark next to it:


WARNING: once you set up any type of remote access, your router becomes vulnerable to malicious attacks from unknown hosts throughout the Internet. It is highly recommended that once you enable remote access, you also change the router's default password to a string, custom password. You can change the router's password in System → Administration → General → Administrator Password

Step 2: Set an APN

Note: If you have a Public IP address already, you can skip this step.

  • To set the APN, while in the router's WebUI, navigate to the Network → WAN:


  • Once in the WAN window, edit your mobile interface, find the APN field and enter you Internet Service Provider's APN:
  1. Disable the Auto APN option
  2. Choose the correct APN, which gives out a public IP address (for more information about that contact your Internet Service Provider)

RutOS remote camera access 7.8 3.png

  • Additional notes on APN:
    • NOTE 1: don't use the exact APN value as seen in the example above as it will not work with your SIM card. APN depends on your Internet Service Provider (ISP), therefore, your ISP should provide you with their APN or, in many case, you can find your ISP's APN with an online search.
    • NOTE 2: furthermore, it should be noted that not all SIM cards support this functionality. Static or Dynamic Public IP addresses (obtained through APN) are a paid service and setting any APN value for a SIM card that doesn't support this service will most likely result in losing your data connection. If this is the case, it can be fixed by simply deleting the APN, but it also means that remote access through WAN IP will most likely not work on your SIM card.
    • NOTE 3: in some cases the SIM card doesn't require an APN in order to obtain a Public IP address. If that is the case for you, simply check what your router's WAN IP address is - if it's already a Public IP address, then you don't need to set an APN. The easiest way to find what your WAN IP address is to log in to the router's WebUI and check the WAN widget in the Overview page. The WAN widget will be on the right side of the page, second widget from the top:

Step 3: Configure Port Forwarding

  • Navigate to the Port Forwards tab by going to Network → Firewall → Port Forwards:
  • Scroll down to the bottom of the page and locate the New Port Forward Rule section. Set the following parameters:
  1. Custom name for the port forward.
  2. External port(s): 8888 (camera's HTTP port as set in the 3.2 section of this article)
  3. Internal IP: 192.168.1.64 (camera's IP as set in the 3.2 section of this article)
  4. Internal port(s): 8888
  5. Click on Add button.

  • If you plan viewing the camera's live stream via some sort of media player (for example, VLC), you should configure an additional Port Forwarding rule. Media players like VLC use the RTSP protocol. You can check the RTSP port in the camera's WebUI (as discussed in the 3.2 section of this article), but the RTSP default port is always 554 and there is no need to change it since by default the router doesn't use this port for any of its services (unless you use for some custom configuration. In that case, change the default RTSP port). So, once again make up a custom name for a new rule and set the following parameters:
  1. Custom name for the port forward.
  2. External port(s): 554 (camera's RTSP port)
  3. Internal IP: 192.168.1.64 (camera's IP as set in the 3.2 section of this article)
  4. Internal port(s): 554
  5. Click on Add button.

  • Don't forget to click Save & Apply after you've made the changes. After you have added the new rule, you will redirected to that rule's configuration window. Everything should already be in order so just click Save & Apply and your rule will be created. The new rule will appear at the bottom of the Port Forwarding Rules list, where you can check its status and make additional configurations if need be:


FINAL NOTE: as you can see, once you add the new rule, it is already enabled and ready for use. From this point no more additional configurations are required, as your remote camera monitoring configuration is fully set up. Unless you want to set up Dynamic DNS for your router, you can skip to the Testing the set up part of this guide.

(Optional) Step 4: Configure Dynamic DNS

Dynamic DNS (DDNS or DynDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

Dynamic DNS configuration is optional here, but it is recommended if your SIM card has a Dynamic Public IP address. You can find more information on what a Dynamic Public IP address is here, but in short it means that your WAN IP address is Dynamic and, therefore, it may change over time (usually when disconnecting/reconnecting or re-registering to a network). Dynamic DNS assigns a hostname to your IP address and constantly updates that hostname, which means that even if your IP address changes, DDNS will assign the same hostname to your new IP, making your router reachable via the same hostname at any time.

You must use an external DDNS service to create a hostname and assign it to your IP. RUT routers support many such services. You can find a complete list of supported DDNS services in the Services → Dynamic DNS section of the router's WebUI. You can also find guides on how to configure some of these services in our wiki:

The guides contain information on how to configure both the router and the third party service. Choose one according to your liking.

Testing the set up

See Also

Most Teltonika-Networks devices have the port forwarding feature. Configuration is described in the user manual Firewall page for each device.

Retrieved from "https://wiki.teltonika-networks.com/index.php?title=Domnev1&oldid=132148"