7011 questions

8392 answers

13629 comments

10306 members

0 votes
64 views 2 comments
by

Hello everybody,

After various help that I have received from this community, I would like to ask you another question.

The question always concerns a system installed on a boat.

First of all a brief description of the network, where I will have to repeat some information already provided in my previous post (https://community.teltonika-networks.com/19988/two-dhcp-servers-with-different-subnets).

The internet gateway of the entire network is Teltonika RUTX12:

RUTX12

2 sim cards:

SIM 1 (flat data - public IP, not fixed 2.196.XXX.X)) —> ddns xxx.ddns.it

SIM 2 (for load balancing)

WiFI - OFF

DHCP server (192.168.10.100/249)

Two ethernet cables are connected to the RUTX12:

LAN 1 —> Router Netgear R8500 (WAN address 192.168.10.101 - DHCP server 192.168.11.2/254) —> WiFi 2,4 and 5,0 GHz —> devices

LAN 2 —> Raymarine Multifunction display (DHCP server, range 10.30.102.x)

IP CAM 1 (fixed IP in Raymarine DHCP server 10.30.102.101)

IP CAM 2 (fixed IP in Raymarine DHCP server 10.30.102.102)

IP CAM 3 (fixed IP in Raymarine DHCP server 10.30.102.103)

IP CAM 4 (fixed IP in Raymarine DHCP server 10.30.102.104)

IP CAM 5 (fixed IP in Raymarine DHCP server 10.30.102.105)

IP CAM 6 (fixed IP in Raymarine DHCP server 10.30.102.106)

IP CAM 7 (fixed IP in Raymarine DHCP server 10.30.102.107)

IP CAM 8 (fixed IP in Raymarine DHCP server 10.30.102.108)

This was necessary because, parallel to LAN network, there is a network of navigation instruments on the boat (NMEA2000, MasterBus, Czone). Among these instruments are a Raymarine AXIOM Chartplotter and 8 IP CAMs.

To work on navigation instruments, the IP CAM must be directly connected to the Raymarine AXIOM 12 via ethernet cable.

The Raymarine AXIOM 12 has two separate network interfaces that work simultaneously:

- WiFi interface, with which the device connects as a client to the WiFi of the Netgear router. It receives an IP address in the 192.168.11.x range, and downloads weather data and software updates. There is no device configuration webpage at the assigned IP address.

- Ethernet interface, where instead the device acts as a DHCP server, to which IP cameras and other navigation instruments are connected. In this mode AXIOM automatically acts as a DHCP server and assigns addresses in the range 10.30.102.177 subnet mask 255.224.0.0 These DHCP settings can only be viewed but cannot be modified in any way (the question has already been clarified on the manufacturer's forum).

In order to view the IP CAM video streams both from navigation instruments and remotely, Flebourse suggested me to:

- Go to Network->VLAN, for VLAN ID 1 change LAN 2 from untagged to off, add a new VLAN and set LAN 2 from off to untagged in VLAN 3.

- Go to Network->Interfaces, create a new interface edit it; 

- in General Setup change the protocol to DHCP, in Physical Setting change the interface to eth0.3, "Bridge Interface" off, in Firewall Settings create a new firewall zone. 

- Network->Firewall->general settings, assign permissions to new zone.

Now that everything is working correctly, I have two more questions:

1. On LAN 1 I have several Apple TVs, on which I have installed some APPs for viewing IPCAMS via url. From LAN 1, can I access LAN 2 or are they completely separate?

2. The system management software on iPad (WilhelmSK) gives me the possibility to enter only one address for the camera. Is it possible to set the RUTX12 to resolve the IPCAM remote address to a local address? In this way, when away from the boat, I would view the IPCAMs via remote streaming, while when connected to the boat's WiFi, the RUTX12 would automatically resolve the remote url to the local one?

I hope I have explained myself enough, thanks in advance to those who want to help me.

Carlo

1 Answer

0 votes
by
Hello,

Q1: It is possible to access LAN2 from LAN1, this is a question of routes and firewall permissions.

On the Netgear, set the default route to 192.168.10.100

On the RUTX, go to Network->Firewall, set Lan->eth0.3 Forwarding to Accept, and eth0.3->Lan Forwarding to Accept.

Now you need to know the IP address of the eth0.3 interface, it would have been a better idea to set the interface to Static instead of DHCP and assign manually an IP address in the 10.30.102.0/24 range (is 10.30.102.99 available ?) and the address of the Axiom device.

Go to Network->Routing->Static routes, add the following route

interface:lan target:192.168.11.0 netmask:255.255.255.0 gateway:192.168.10.101 metric:1

If you have set the eth0.3 to static, of if the Axiom's DHCP server doesn't provide the full information, you'll need to add a second route:

interface:eth0.3 target:10.30.102.0 netmask:255.254.0.0 gateway: IP address of the Axiom metric:1

and on the Axiom set the default route to the IP address of the eth0.3 interface of the RUTX (if you keep DHCP be sure that it doesn't change, use static assignation if you can).

This should allow you to see the cams from the TVs and the iPad when connected to the Netgear's wifi.

Q2:  it is also possible to do that but it will be a little more complex. First add the cams to /etc/hosts on the RUTX and restart the dnsmasq process. This will permit you to access the cams by name locally.

To keep the using the same name when accessing the devices from a remote location the best option is to use a VPN (wireguard will be perfect, IPSEC will do also, probably others) as you will be able to query the local DNS.

Regards,
Best answer
by

Hi Flebourse, thanks again for your help.

> On the Netgear, set the default route to 192.168.10.100

Should I set a static route on the Netgear?

> Now you need to know the IP address of the eth0.3 interface, it would have been a better idea to set the interface to Static instead of DHCP and assign manually an IP address in the 10.30.102.0/24 range

In the previous configuration I chose DHCP because you wrote me to do so. I have no problem setting it static.

> and the address of the Axiom device.

The Raymarine Axiom does not allow you to change network configurations, and therefore not even the IP address. In practice, you can only turn it on and off.

Reporting what I read on the Raymarine forum, Raymarine Axiom “have been designed to function in a Class A Private Network (IP address range 10.0.0.0 - 10.255.255.255).”

On my Axiom, on the other hand, I read:

IP address 10.30.102.177

Subnet mask 255.224.0.0

> and on the Axiom set the default route to the IP address of the eth0.3 interface of the RUTX

Can't do that. Axiom doesn't allow you to change network settings.

> Q2:  it is also possible to do that but it will be a little more complex.

Isn't it possible to just tell the router to convert those certain urls to local addresses?

Thus the remote url if contacted under the Netgear network automatically refers to the local IP of the IPCAM.

Thanks again for your help,

Carlo

by

>> On the Netgear, set the default route to 192.168.10.100

>Should I set a static route on the Netgear?

A DHCP static assignation would be be enough.

>> Now you need to know the IP address of the eth0.3 interface, it would have been a better idea to set the interface to Static instead of DHCP and assign manually an IP address in the 10.30.102.0/24 range

>In the previous configuration I chose DHCP because you wrote me to do so. I have no problem setting it static.

Sorry I missed that.

>> and on the Axiom set the default route to the IP address of the eth0.3 interface of the RUTX

>Can't do that. Axiom doesn't allow you to change network settings.

Do you mean that the Axiom has no default route and none can be set? That's strange but if true the solution is to enable masquerading on eth0.3.

>> Q2:  it is also possible to do that but it will be a little more complex.

>Isn't it possible to just tell the router to convert those certain urls to local addresses?

>Thus the remote url if contacted under the Netgear network automatically refers to the local IP of the IPCAM.

The access is straightforward from the Netgear network, just use the local dns name set in /etc/hosts. To be able to do the same when away the simplest solution is to use a VPN, this will also permit you to restrict the accesses as you have a public address it is visible from the outside world.

Regards,