Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Approach to consider (older security cameras)

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

1,767
355
NAS
DS 718+, 2x-DS 720+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
i have some older security cameras that have in the past received firmware updates, but years ago (2019) their factory deemed them obsolete, and ceased issuing security or bugfix for them, even though the 1920x1080 video quality and operation they produced was excellent.

And then I’ve 4x 4K cameras: 2 each from 2 different bought from China companies that do not have any firmware updates available.

All obvious remote access options to “phone home” or remote access have been disabled in camera firmware. I do not need remote access to them:
Cameras only need to “talk” to SS on NAS. I’ll get my remote access via DS CAM! Other than initial cam configuration via LAN, cameras are isolated from internet by router firewall.
No VLAN here.

Can Anything else be done ? Then I recalled:

One time a few years ago on a Smart TV there was an issue where a firmware update allowed access to a certain channel. I wanted that - but it never found a firmware update. It turns out I did a typo in the gateway (I use Static IP’s here), and it couldn’t get the wanted update due to the incorrect Gateway setting I added! Fixed Gateway IP: Firmware update successful!

Using that approach, I went into all cameras, all have static IP’s, and programmed in a bogus gateway IP…. X.X.X.1.
I have no device at that bogus IP. The cameras accepted the bogus gateway.

I still have the range of camera IP’s blocked from internet & ICMP to internet in router firewall at X.X.X.24.

Getting no Hits on those rules. I love the Hits column in router firewall!

I’m self taught. Nosy what you think about that bogus gateway IP approach in devices you want to further isolate. I have a few other devices I’m considering doing that to….

Thank you!
 
Last edited:
Update on this idea...
It has morphed somewhat, to react to an un-expected result of Creating a Bogus Gateway...
WireShark indicates the original BOGUS GATEWAY idea is working, but tons of ARP comments are flying around the LAN: ALL Cameras asking where X.X.X.1 is, from all cameras simultaneously and repeating quite often. Firewall rules with TCP/UDP and PING I/O Camera Range Deny on real Gateway still Quiet of HITS... so Camera's have not found real gateway...

So, Plan B: Took an old Router, Configured as X.X.X.1, and logged ARP's via WS, and on the connection of this router to LAN, (Nothing connected to WAN of this new/OLD router) and noticed in 5 seconds 90+% of ARP's went away... !! It Does not appear that ARP's were replaced with any new communications on the LAN...
Over the next few days: Checked system and it is neither no faster nor Slower With daily operations, and on the addition of X.X.X.1 hardware, or extra Firewall DENY Rules.... This addition has had no other affect on any other device: be it streaming, speed, or LAN activity... That I can detect... Did some other experiments where laptop with IP Changed to Camera Range, and Gateway changed to X.X.X.1, was isolated from Internet, without HITS in Firewall Rules. So it appears to work... I then tested PING's on this laptop... Because camera range IP's are DENY'd - ICMP access in Firewall, and WS sees Ping to X.X.X.1 FAIL! It could not PING, either! Changed laptop back, and all fine again!

Seeing that I cannot do VLAN, this would appear to maybe be an assistance, but at worst is not an excessive load on the system... Didn't cost any money, reduced the contents of my "Parts" Drawer, and still no HITS at the Real Gateway Firewall!

This Idea has also changed the layout of the Real Gateway Firewall Rule's List:
Top Rules are all my experimental DENY's (That I am hoping will Never get a HIT. 4 Rules referred to above, are in that area)
Middle Rules all my ALLOW's (That I expect to get HITs)
Bottom Rules are all my Perminant DENY's (So I can LOCK DOWN all other IP's that weren't ALLOWED above... That HITS Confirm the rules are still active)

So far..... So Good!
 
So far..... So Good

Sounds like a similar approach to what I posted here...


Your addition of a "dead-end" router (no WAN) to take care of ARPs is a nice touch.
 
Glad to hear I'm not alone doing this! Except I don't have VLAN enabled....
 
Last edited:
So a brief update.
Since installing Bogus Gateway (physical Router with no Internet access), and adding I/O TCP/UDP & ICMP deny rules for cameras in firewall as a ‘make darn sure’, and monitoring LAN Traffic before and after Bogus install….and noticing the physical router quiets the LAN….
All is still quiet: on LAN, and firewall camera specific deny rule(s) have 0 hits. Total cost; $0, as old router and cable were in Spare Parts Drawer. One slight change: The old ‘Bogus’ router was wired to the camera’s POE Switch so all that traffic would be within that switch (‘Bogus’ had been on main switch originally).
 
Last edited:
As an addendum to this, and to further Improve on the existing Non-VLAN system....
All TV's are smart TV's, but, Smart features are not being used - we use Roku's.... And TV's are all 5 years or so older, So, operational firmware should be good to go by now.... Same for Blue Ray's.... So, We've disconnected the TV's & Blue Ray's from Internet access—LAN... Thinking: "If they are current, and don't need access to internet, and can't get there..... They can't be affected.... Other devices where Internet is not absolutely needed, have been disconnected as well... With Bogus Gateway and Security Cameras redirected toward that, the total number of devices disconnected or re-directed to 'No-Where' is now: 20 devices!
No issues have been encountered, now or in the past.... We are just doing preventative measures... and quieting the LAN... 2 more cameras moved to camera’s POE switch, to remove more camera traffic ftom main switch.
 
Last edited:
There you go again Mr. T! You need a new hobby...

More update(s): moved network printer to Bogus Gateway: Op sys says it has: Ver 'R', 7 years old, works fine across all devices, only LAN Access needed...
Also, Moved Garage Linksys E2000 and it's attached 2 Garage Security cameras to POE Switch, from main GB Switch.
This is the WIFI Access point I've been using in lieu of Mesh for more than 5 years now... Can't tell you how successful it has been with that.... It is used as a switch to add the 2x security cameras, too! This will reduce Main GB Switch LAN Traffic...
"What, Me Worry?'
 
I don’t see what’s funny, but if it makes you happy-go for it!
 
Last edited:
As time progresses, and new changes are tested over a few days to verify they don't cause other problems....... Then Other limitations are added, and testing begins again.... Step by step - Things are Tightened... Firewall Rules are added and tested...
I believe that now I'm at my final configuration.... Time will Tell!

Today I have a total of:
6 Devices removed from LAN (All old enough to be certain that they are at Latest/Last Op Sys Firmware)...
15 Other Devices using Bogus Gateway & DNS... Firewall rules set to Display Hits if it doesn't work...
Most all Devices Static IP... Devices with DHCP Allowed Internet access, but denied NAS access.
Streaming devices, Static or DHCP: Allowed Internet access, but Denied NAS access..
Computers Allowed Full access..
26 Total Devices being Limited or Denied Access to Internet (Or NAS's) Or BOTH: by Firewalls.... And Hits will indicate any time they fail.. (Except of course NAS Firewalls, that don't support HITS)

New devices automatically configured into one of the 4 different Security Configurations:
1. Complete Access: Access to Internet and NAS's
2. Internet Access, No NAS Access
3. No Internet, No NAS Access
4. DHCP: Internet Access, No NAS Access
Depending on the IP, Gateway, DNS that new device is assigned.

Using Hit's to confirm all is fine... at Router: No Hits: "What, Me Worry?" I'm Fine! :)!
With all this: And No ports forwarded, anywhere: SA & TP working fine & all remote access via DS APPS and computer access works fine! ----------- (Cue Mr. T!)
 
Last edited:
Continuing on with the Bogus Gateway Thing.... (and recent addition of Bogus DNS, that has not caused any increase in LAN traffic).... Today added a Bogus DHCP range to the old RVS4000 router -- that all the security cameras use... as a Gateway to No-Where!
Now Cameras are all Static, but point at this router... If something comes up that accesses this router asking for DHCP, it's being given an IP address that the (Real) Router and NAS's Firewalls deny access of that IP Range: to internet and NAS's.....

In Router, added a rule blocking this RVS DHCP IP Range from Internet, and put it in the list of 'Experimental' Rules at top, so it can report HITS... So I can see if it ever works.... Now have 7 Firewall rules set -- to never report a Hit!

Now I'm looking at LAN with Wireshark to determine if this has caused any increase or unusual LAN traffic.. As long as it doesn't create exceess LAN traffic, and everything still works... it can't hurt.... I think..... !!
 
Last edited:
Removed Bogus DHCP from RVS, as it ‘confused’ a couple other DHCP devices into using Bogus DHCP IP's, that went no-where!

iRobots & PixFrame DHCP changed from 2600 to RVS... and they all went offline because of that... That, and simulaneously all iRobot's & iRobot APP got thrown off line due to iRobot changing Password rules from 8 to 12 characters, and I'll bet everyone else had to change their passwords for this, too! ... and iRobot didn't tell us they were doing it! Ain't is sweet when 2 things happen simultaneously, and one doesn't indicate it has happened???? PixFrame that also got confused, immediately found proper DHCP on 2600 when RVS DHCP was Disabled... DHCP Devices all happy now!

Live and Learn!!! Bogus Gateway and Bogus DNS are- NOT CAUSING PROBLEMS... This is worth a Laugh, Mr. T!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top