Can we get a Go Fund Me going? We need to get this man a rack.

Its so refreshing to see a youtuber that cobbles stuff together to make what they need rather than saying "Hey, Ubiquiti, send me some stuff!". You sir, are my spirit animal. I've subscribed.

Noticed a very distinct humming coming through your lav when you touched the MB at 6:16.

You need to build a windows 10 VM and run Blue iris :) then setup the vlans :) then block all traffic except RTSP from the cameras :) Good video !

Currently working with some other guys on reverse engineering the Sonoff security cams cause their hardware is pretty nice yet cheap. We already found some really nasty stuff in there including full private keys and certs for their API.

lookinf foward to the next video Shae. Thanks for this one

AFAIK, most US-based ISPs don't allow you to get two public IP addresses. One thought I had is that many DD-WRT-capable routers support assigning VLANs to their switch ports, this plus a couple unmanaged switches may be another way to attack this.

Hope you can make a video about your IP camera system setup and tips and tricks about that, like your videos a lot, thanks for the content!

Excellent channel! So my network has grown over the years and now it's a mess. All my IOT devices, IPC's, NAS etc are on the same network. Please post a full video on your home automation.

can you show me about your firewall rule in pfsense for your camera? I kinda noob to set this up.

Can you share ur firewall rules in pfsense?

It also doesn't inspire confidence that cameras that use onvif or rtsp instead of XMeye are often double the price

what are the biggest risks. I don't care others will look at those cameras, but does it a threat to my laptops and phone security as well ?

How about using a guest network for IOT stuff to separate them if all you have is wireless IOT devices? Most routers have the ability to set up a separate guest WiFi network but I'm not sure on that IP provided one you show.

well done buddy......well done

They also pose a privacy risk. Some garbage that forces a cloud connection to work, from a company with a stated policy about collecting location data, all routed to their server base in china. Brilliant.

Thanks Shae

Just say no to cloud based security or other devices. Local control or forget it. Should consider using Frigate NVR. Also limit which machines have access to the camera system.

Sir I have a question. Can i make a wlan without a network cable, i run it with wireless wifi.

Since you have two public ip addresses, does the ISP divide the total bandwidth allocated to you between these public IPs? If not you can double your internet speed by load balancing between these two wans. Can you talk about why you have wyze camera linked to your mqtt server?

Thank you! Great video!

I know it was meant as a joke, but seriously, what would happen if someone used the ethernet cable of an outside ip-cam and tried to gain access to the network, what could happen?

What if you have wireless cameras?

i just give the cam a static ip and block it from internet access my routers firewall.

Al you have to do is omit the gateway IP address from the config and the cameras will be unable to send data outside of you network.

will you want to try Shinobi NVR software? :)

How can people secure their server(s) (games, websites...)? Is it best to have the server(s) on one vlan and the rest of your lan on one?

cant i separate those 2 networks with pfsense router?

the last option is probably not feasible, PPP only get 1 IP address, even DHCP will let you get multiple address but not all ISP do that, in my case my ISP is in DHCP but if for some reason that you leased another IP with another router, the 1st router that leased a IP will automatically disconnected to the internet and the new leased will only the one gets a internet connection, some ISP actually bind the IP address to 1 MAC address until the lease expires once the lease expires you can use different mac address to assign a wan ip address to it. its probably much easier just get a cheap 8port (pseudo) managed switch, those cheap managed switch usually dont have L3 Routing but at least its VLAN aware. Or maybe your router support DD-WRT or OpenWRT which may turn that old router into a pseudo managed switch (as it can be used for VLANs). There are also some switch available out there in chinese market if you search for VLAN switch that actually have a switch on it that sets the VLAN on or off, that switch is actually just a isolation switch (pretty much like what a AP isolation can do) if the VLAN switch is ON, you can only communicate on the uplink which is your internet source if you want but not on the other ports connected to it.

The bottom 2 rules on your CCTV Vlan are doing nothing. Granted, you are still blocking those subnets due to not allowing them in the first place.

What cameras are you using from aliexpress?

holy shit those cameras sound amazingly insecure ^^. I'd never want my IP cams to connect to anywhere outside my network.

I don't understand, whatsoever, this whole VLAN thing.

Scary stuff indeed, but the alternative method doesn't prevent the Chinese govt from snooping on you :P

Port bridging has nothing to do with the routing functionality you are talking about. You can have isolated routed networks regardless of your ISP mode or features! Nonetheless, now we know your network knowledge.

Duhhh, isolate them so they don’t send data to the Internet (only through an app you control and on another network(. I always turn the P2P feature off and only use ONVIF. I would not let them use DHCP in order to have more control and monitor their traffic easier.