FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12615 questions

14984 answers

23964 comments

46771 members

0 votes
71 views 1 comments
by
We are running a science and media vessel with a high amount of media devices e.g. IP Cameras, UW Cameras and so on.
However we have two networks runing on the ship

Netwerk 1 (ScienceNet) contains a RUTX12 with 2 SIM Cards and is serving as DHCP in Network 1 (192.168.115.1) this network contains 3 IP Cameras (Axis), Underwater Camera (Ip-based), Printer (WLAN) and 2 to 4 Laptops. The RUTX12 serves also as WLAN Access Point with a normal WLAN and a Guest WLAN both working.

Netwerk 2 (NavigationNet) contains a RUTX08 serving as DHCP in Network 2 (192.168.10.1) this nbetwork contains the main navigation plotter and two additional plotters, the radar, and other safety related equipment.

Although both networks are strictly divided, the NavigatioNet (Network2) likes to have an internet connection. Therefore I managed to set up VLANs on the RUTX12 and I was able to integrate the RUTX12 successfull into the NavigationNet as IP gateway and DNS server at 192.168.10.2. The RUTX08 still works as DHCP.
Now the equioment in the NavigationNet has an internet connection but does not see any other machines from the 192.168.115.0 except the working ping to 192.168.115.1.

The advantage I see or i need is that both networks are working without the other, both have a running DHCP. From the view of the NavigationNetwork Internet and IP-Cameras are not a basic feature/necessary feature and can be dropped in case of an failure.

Well, now my question: i would like to acces the three IP-cameras 192.168.115.50-52 from the ScienceNetwork (integration in LiveStreams) but also from the Navigation network (as navigation help). Especially the view from the mast 15m above the ship can be very helpful!.

Has anybody an intelligent idea for an easy configuration via firewall settings and/or routing how I would be able to access the IP acmeras 192.168.115.50-52 from IP 192.168.10.200-202 (which are my navigation plotters)

1 Answer

0 votes
by

Hello,

I have tried a similar set up and below are the steps. I would assume, that you have done similar steps, configuring VLAN

  • Create a VLAN in RUTX12.
    • Navigate to Network -> VLAN -> Port based. Add a new instance, leave VLAN ID as 3. Under VLAN ID 1 set LAN port you intend to use for VLAN ID 3 as off and set this port to Untagged for VLAN ID 3 for any port you intend to use. 

  • Create a new VLAN interface in Network -> Interfaces. I'D call it LAN2.
    • Set protocol to Static.
    • IPv4 address 192.168.10.2, IPv4 netmask 255.255.255.0
    • Do not enable DHCP server.
    • Under physical settings tab, set interface as eth0.3 

  • Change firewall settings.
    • Navigate to Network -> Firewall -> General settings. Under Zones section, edit LAN zone settings, remove LAN2 if you can see it next to lan in Covered networks field.
    • Add a new zone, call it LAN2. In zone settings, set all policies to accept, add LAN2 to Covered networks field. Below, in Inter-zone forwarding section add wan zone to Allow forward to destination zones.

  • Add traffic rules for your devices in LAN.
    • Navigate to Network -> Firewall -> Traffic rules. Add anew instance of Add new forward rule type. Arrach a name to it, set Source zone as LAN2 and Destination zone as lan.
    • In a rule configuration window add cameras' IPs in Destination address field. I had a device connected with IP of 192.168.115.155.

  • Configure RUTX8
    • Login to RUTX08 with 192.168.10.1 IP. Navigate to Network -> Interfaces. Edit LAN interface settings. 
    • Set IPv4 gateway value to 192.168.10.2.
    • Set DNS servers IP as 192.168.10.2.

Now you should be able to reach your IP cameras connected to RUTX12 from RUTX8 network.

Best regards,

by
Thank you very much for your fast reply.
When I tried it first it did not work properly and I was writing a long reply ;-) However i tried it again after I added the IP adress into the DHCP of 192.168.115.1 and after that it was working. Or it was due to reboot and reconnect.

THANKS!!

To be complete maybe one remark:

I did the VLAN settings exactly the same but I added also two routing tables to split the traffic according to
https://wiki.teltonika-networks.com/view/Splitting_Network_Traffic_Via_Multiple_Interfaces

When I understand it right I had to do this to make equipment in lan (192.168.115.X) not accesible in Navnet/lan2 (192.168.10.x). Wen I remove the routing rules, then everything is accesible from everywhere.