Network setup advice

A place for discussion of topics that are not specific to ZoneMinder. This could include Linux, Video4Linux, CCTV cameras or any other topic.
Post Reply
enviousjl
Posts: 3
Joined: Sat Dec 24, 2022 9:03 pm

Network setup advice

Post by enviousjl »

I am seeking advice on how to best utilize what I currently have to isolate all cameras from the world and only allow them to communicate with Zoneminder while still exposing their admin interfaces to the main LAN.

I drew a diagram of what I’m envisioning, and it incorporates 3 different setup options. If anyone is aware of additional options, I would love to hear them. I’m not a networking expert, but I have enough knowledge to handle most of this stuff with some guidance.
diagram
diagram
73D2EF03-224A-443C-AF3E-D1D12D841F79.jpeg (255.27 KiB) Viewed 11811 times
I have a DD-WRT router I could utilize to handle more advanced firewall and VLAN stuff if I wanted. I also have a second NIC on the Ubuntu box.

Option A puts all the cameras behind the DD-WRT router, which would be connected to the main router, but I still need to get through to them via the main network (wifi or LAN)

Option B is the same as A but with the DD-WRT router connected to the second NIC on the box

Option C bypasses the second router and runs the POE switch straight to the second NIC - but now I don’t have an isolated wifi connection for Cameras 6 and 7.

Hopefully this all makes sense! I just wanted some fresh opinions on what I can do here, or what you’d do given the same collection of devices.

TIA!
efranzwa
Posts: 16
Joined: Sat Sep 23, 2023 2:08 pm
Location: San Ramon, CA USA

Re: Network setup advice

Post by efranzwa »

If your requirement is to isolate the cameras (including both wired AND wireless) then the simplest approach is to use virtual local area networks (VLAN).
The DDWRT router is not necessary. In your network let's assume VLAN10 is the main network and VLAN20 is the camera network. The connection between POE Switch and Main Router should be assigned VLAN20. The cable between Main Router and NIC1 can be VLAN10. I would add another cable from Main Router to NIC2 using VLAN20 which carries the camera data for ZM. Of course, on Main Router you will need to configure the VLANs. Also on main Router you will need to setup firewall rules to allow specific devices to access both VLAN10 and VLAN20 so that you can manage the cameras which is one of your requirements. One thing that most cameras require is WLAN (internet) access to synchronize time via NTP. Some cameras can disable NTP but if you can't then you will need to add a firewall rule to allow cameras WLAN access on port 123 for NTP synchronization. I have a very similar setup at home except for the fact that I use the isolated network VLAN20 for all of my 'untrusted' devices like video streaming boxes, thermostats, solar panel controller, guest devices, etc. My cameras are on my main network but I block WLAN connections. PS - did you leave the chicken in the picture background for any speific reason? :D
ZoneMinder 1.36.33 - Various Reolink, Ubiquiti cameras - NUC6CAYH - Ubuntu Server 22.04
Post Reply