Previously I discussed the selection and installation of a Loftek CXS 3200 wireless camera, for us to keep an eye on our cats in their shed. As a reminder, here’s a screenshot of two cute, snoozing cats:
This post will cover the network changes made at home for the camera, and in the next, how it was made available on the Internet (for us to check up on away from home).
Naturally the camera needed to go on our home network, but I was a little wary of what shenanigans its software might get up to. For example I know the camera automatically registers itself with a public dynamic DNS service; it’s possible to update the firmware to disable that feature.
A safe design is to set up a DMZ, and put the camera on that. Our workstations in the house would be able to talk to the camera, as would the Internet, but the camera would not be permitted access to our workstations. Without dedicated cables for the DMZ I needed to enable a VLAN on the network. Thankfully the switch, wireless access point, and router we use support VLANs.
The switch is a Netgear GS108E, an eight port gigabit device (it lives in the loft, and I ran Cat5e inside the walls to recessed sockets in each room). It’s a simple job to enable a tagged VLAN on the ports to the router, the wireless access point, and our linux server (which I’ll come back to, next time).
I set up a new SSID on the wireless access point dedicated to the camera, which placed all traffic onto this new tagged VLAN. Now the camera and router were linked, via the switch, on a separate path from the rest of the house.
At the router I needed to configure a VLAN subinterface and add some access control lists to set up the DMZ access rules I mentioned above. The DMZ of course needs its own subnet so I gave it a new /24 network.
So far, so good: workstations in the house can now browse to http://172.16.30.10:8888/ (the new DMZ network, via the router) and log in to the Loftek camera to see video of the cats. The camera can only initiate connections to the Internet, or reply to requests from workstations in the house.
In the next post, I’ll talk about using our home linux server to make the camera video feed available on the Internet.