IP networking help. Multiple ESP32-cam's.

Not sure this is the right place for this question, I am using Arduino IDE with ESP-32 Cam.

First camera is working fine and is accessable over the internet using no-ip to sort out the dynamic ip addresses.

Managed to get port forwarding sorted etc.

So to my question: Can anyone point me to a guide on adding more cameras?

Each has it's own internal IP.

All the cameras appear on my internal wifi network with the same device name, so I assume this is going to be a problem.

Do I rename the device name and then set up a port forwarding rule for each?

Any pointers welcome!

I would start by defining what target you're trying to achieve.
Putting ESP-32 devices into the public internet is definitely not recommended (I got the impression this might be your intention).

pylon:
I would start by defining what target you're trying to achieve.
Putting ESP-32 devices into the public internet is definitely not recommended (I got the impression this might be your intention).

Just for experimentation not permenant use!

no-ip is ok, your better bet is to use Team Viewer to access a computer on the internal network, its free for residential use, you can set up a computer for remote secure access. its easier than messing with the security of the router. you will still want to change the host name of each device or assign them a static ip so you can always find the one you want.
fyi, you dont need to set up more names with no-ip, you would need to add a different port number to the end of the url:port number and have the router forward the specific port to the ip and port wanted.

shrekware:
no-ip is ok, your better bet is to use Team Viewer to access a computer on the internal network, its free for residential use, you can set up a computer for remote secure access. its easier than messing with the security of the router. you will still want to change the host name of each device or assign them a static ip so you can always find the one you want.
fyi, you dont need to set up more names with no-ip, you would need to add a different port number to the end of the url:port number and have the router forward the specific port to the ip and port wanted.

Good idea. I use Teamviewer for other stuff already.

hi richard.did you reach your target?

I want to port forwarding my modem to see Streaming video by ESP-CAM to public internet and access it from anywhere.pleace help me.

pylon:
I would start by defining what target you're trying to achieve.
Putting ESP-32 devices into the public internet is definitely not recommended (I got the impression this might be your intention).

Can you please suggest free alternative(s) for accessing ESP32-CAM devices from outside of the local network?

"Can you please suggest free alternative(s) for accessing ESP32-CAM devices from outside of the local network?"

I would think you should be able to run each cam server on a separate port and set up virtual server/port forwarding in the router firewall setup. I don't have an esp32 cam, but you should be able to show all your cam videos in separate iframes in a single web page.

zoomkat:
"Can you please suggest free alternative(s) for accessing ESP32-CAM devices from outside of the local network?"

I would think you should be able to run each cam server on a separate port and set up virtual server/port forwarding in the router firewall setup. I don't have an esp32 cam, but you should be able to show all your cam videos in separate iframes in a single web page.

Yes but pylon said: "Putting ESP-32 devices into the public internet is definitely not recommended", and my question was what is then proper way to make the ESP32-CAM accessible but to not in the same time expose it into the public internet.

BTW, I find Thomson TG782 router does not display ESP32 among the connected devices despite it is connected and it is accessible via its (static) local IP address. That is both a security problem (the connected device can not be detected using router's UI) and presents a problem with setting up port forwarding because there isn't an option to forward the port to the specific IP address in Thomson TG782's user interface - the only option is to set the ports and to then select the MAC address of a device from the list of all devices in local network where ESP32 is missing.

I have a few ESP8266es too and the same router does display them among the connected devices, the only device that is not on the list is ESP32.

"Yes but pylon said: "Putting ESP-32 devices into the public internet is definitely not recommended", and my question was what is then proper way to make the ESP32-CAM accessible but to not in the same time expose it into the public internet."

If you don't want your internal setup to be accessed by the public, then don't make it public. Operate on a port other than 80. There are examples in the IDE of web page logins. Your router may be dated, but if you google "TG782 router" you will see references to port forwarding and similar. I don't know how the esp32 cam streams or serves up video frames, so I can't help there.

zoomkat:
If you don't want your internal setup to be accessed by the public, then don't make it public. Operate on a port other than 80. There are examples in the IDE of web page logins.

I asked the question because I wanted to know if pylon was maybe referring to using ngrok or setting up reverse tunneling with Raspberry Pi or some other way to avoid port forwarding.

zoomkat:
Your router may be dated, but if you google "TG782 router" you will see references to port forwarding and similar. I don't know how the esp32 cam streams or serves up video frames, so I can't help there.

The problem is TG782 does not provide an option to type the local IP address when setting up port forwarding. The only way to set up port forwarding is, as I said earlier, to set up the port translation scheme (e.g. 80 - 80 to 80 - 80) and to select one of the MAC addresses from the list of all the devices that were ever connected to the router. However, ESP32 is never displayed on the list of connected devices so it can not be selected. I can set up port forwarding to every other device but ESP32. If there was an option to type the IP address of the device then the problem wouldn't exist because ESP32 has a static local IP address.

"The problem is TG782 does not provide an option to type the local IP address when setting up port forwarding."

You probably need to get a more modern router. I know that some places in the world may have limited assess to hardware, but in the US one can get a used Netgear WGR614 wireless router for as little as $10 shipped on ebay. I have two of these and they are very easy to set for port forwarding like below.

If you don't want your internal setup to be accessed by the public, then don't make it public. Operate on a port other than 80. There are examples in the IDE of web page logins. Your router may be dated, but if you google "TG782 router" you will see references to port forwarding and similar. I don't know how the esp32 cam streams or serves up video frames, so I can't help there.

Even if you run it on another port it's still publicly available and such hardware should not be exposed to the Internet!

what is then proper way to make the ESP32-CAM accessible but to not in the same time expose it into the public internet.

Use a VPN!

pylon:
Even if you run it on another port it's still publicly available and such hardware should not be exposed to the Internet!

Use a VPN!

What could be the worst scenario that could happen if ESP device is compromised by exploiting a vulnerability in case of using port forwarding?
When I am at home I could disable port forwarding and when I am not at home the only devices which are powered are the router and ESP devices.
BTW, the only ESP vulnerabilities I am aware of are CVE-2019-12588, CVE-2019-12586 and CVE-2019-12587. The attacker could only reset ESP devices or capture the temperatures or video of an aquarium.
More dangerous situation would be if an attacker could dump the flash, modify it and reprogram the ESP. In that case an attacker could read the code and insert a jump to their code trying to compromise other devices in local network.

chupo_cro:
What could be the worst scenario that could happen if ESP device is compromised by exploiting a vulnerability in case of using port forwarding?

A casino was hacked because of its internet connected fish tank...

To prevent this I suggest to use different networks


In this one, a raspberry pi has the power to control which networks can talk to each other.
The webserver can protect the access to the cams with a password.

Rintin:
A casino was hacked because of its internet connected fish tank...

To prevent this I suggest to use different networks

In this one, a raspberry pi has the power to control which networks can talk to each other.
The webserver can protect the access to the cams with a password.

Thank you for the network configuration schematics! That kind of topology is for sure a must for critical applications.
I was experimenting with ngrok service running on Raspberry Pi which when started with:

./ngrok http 192.168.xxx.xxx:yyyy

opens a tunnel towards the ESP32 at fixed local static IP address and port yyyy and that works well. How would you compare the security when using ngrok with port forwarding case? Is using ngrok (no port forwarding) more secure than using port forwarding?

Can you access the ESP32-cam without a password? If yes, still consider it public.

When I am at home I could disable port forwarding and when I am not at home the only devices which are powered are the router and ESP devices.

You can disable the port forwarding only if you realize that the device got hacked. Otherwise you might have someone else listening to the complete traffic of your home network, someone behind the firewall inside your LAN. That attacker may use the ESP as an IP proxy to reach any device in your network. Do you have every device in your LAN completely up-to-date, every day?

BTW, the only ESP vulnerabilities I am aware of are CVE-2019-12588, CVE-2019-12586 and CVE-2019-12587. The attacker could only reset ESP devices or capture the temperatures or video of an aquarium.

That's the known state today, it may be completely different tomorrow.
Such devices must not be connected to the public internet!

More dangerous situation would be if an attacker could dump the flash, modify it and reprogram the ESP. In that case an attacker could read the code and insert a jump to their code trying to compromise other devices in local network.

Did you disable the remote update functionality of your ESP?
BTW, I'm not an ESP expert. Does the ESP8266 run code only out of the flash memory and never from a RAM area?