could i access it if i attach the cameras to my green private network or i have to connect them directly to the router which by the way have a static IP which can be accessed world wide??
i forget to mention that we need to be able to open check the cameras from home or any where in the world when traveling
Both attachements are possible to access it from internal and external. You may use port forwarding on your router to put the cams to the 192.168.0.0 network. You have to do it on Nethserver too, when the cams are in green network. This way you can reach your cams by port, like https://public-ip-or-fqdn:22221 for the first cam, https://public-ip-or-fqdn:22222 for the second cam and so on…
the cams are cabled and i for the wireless i am not sure about how to deal with it for now.
by the way i think i still need to do port forward for the router when use reverse proxy right?
another thing the current configuration is choatic the whole network is reachable from internet and all machine are assigned with 192.168 subnet do you think it is okey to put the 192 for internal green and 10.10 for the router ?
another thing from my studying security comes with multiple layer of protection. i found many network maps that connect the clients of the LAN to the router directly which is in most case an ISP provided router with very limited firewall capabilities. in your opinion which one of those maps i put here does provide better security, management, and control? and what is the advantage of each one over the other?
I’d prefer the first one (and not only because I can see it much better ).
I don’t get second one but maybe if you have wlan on the adsl router and need to use it for internal network? What system is the firewall between internet and adsl router? A bridge firewall? Why do the WLAN/VPN clients have a separate firewall? Do you have some more examples/links of such configs?
My home setup as example:
Internet and VPN clients - Provider router (cable modem) - NethServer firewall/gateway/proxy/IPS/VPN (two interfaces) - NethServer DC/mail/webapps (only green)
I set my Nethserver gateway as DMZ host on my cable modem so any network traffic is forwarded from modem to my gateway This way I have full control on the Nethserver firewall and don’t have to reconfigure my modem for every port forward etc.
If I just may. Since you’ll be the administrator, why not control the access? Have them view the cams/dvrs from a VPN connection? Much work for you for configuration of VPN but much more secure. I wouldn’t want my corporate/business/especially home CCTVs and DVRs to be open for public viewing.
Nothing is preventing you to open your port and forward it to the device, mine is just a suggestion.
The other thing I see from your original diagram is double NATting, firstly to the 192,168.0.024 network and then to 10.10.0.0/24 which could possibly cause even more issues.
i got some new info about the current implementation. the factory is 3 levels and each level has 2 routing switches and 1 POE for cameras. the overall number of cameras is 66 and the number of computers curently attached is 10 devices 3 in ground level and 4 in 1 level and 3 in the last level. most of the switches are used for the cameras. so any diffrent suggestion or you advice me to stick with my plan?. and for cameras if i want to make a vpn server for it what is the best way to do it in my suggested model??
thank you
thank you for the feedback. another little thing i notice that the people who do the infrastructure place routers instead of switches. i dont think this was necessary and i think i should turn of routing and any other services from the routers except the main one , am i right?
You might want to review it. The infra people who put in the routers instead of servers might have the following agenda which may or may not have been implemented:
The network is or should have been segmented/VLANed, thus in need of routing.
They have routers but routing/dhcp server is disabled, effectively making it a switch. If this is the case, I’m thinking that there’s no switch/es available but there’s plenty of routers or these routers are consumer grade making it cheaper.
In anyways, it’s yours now, just do proper documentation.
another question if i may. if i want to have 2 diffrent subnets in the private network one for the pcs and printers and one for cameras. is it possible to do that in nethserver?