| View previous topic :: View next topic |
| Author |
Message |
Varsuuk
Tux's lil' helper
Joined: 12 Jan 2007
Posts: 85
|
 Posted: Wed Jul 04, 2007 11:52 pm Post subject: Creative Labs: Live! Wireless (Webcam) and iptables (dnsmaq) |
 |
|
I purchased a Creative Live! Wireless webcam with the intention of using its webserver interface to let the grandparents in Florida see our child.
The setup was easy and I got it working locally (by typing it's local ip).
However, I naively tried to do:
-A PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.242
as well as:
-A INPUT -i eth1 -p tcp -m tcp --dport 8080 -j ACCEPT
inside the iptables conf file. eth0 is my internal net (192.168.1.x and eth1 is my ISP net.)
I have a friend doing DDS for me already, he directs my domains to my apache server. This works fine.
I wanted something 'wireless' because 1) the baby moves around 2) his bedroom is not easily wired for net nor is there ROOM for a pc in there 
Note, the instructions say I should setup my router to make the IP of the webcam server the DMZ zone ip. This makes me wonder if it is an issue with other non-specified ports?
Ideas anyone? Hopefully someone has it working already.
---Dan
PS: using dnsmasq for dhcp and masquerading |
|
| Back to top |
|
 |
Varsuuk
Tux's lil' helper
Joined: 12 Jan 2007
Posts: 85
|
| Posted: Fri Jul 06, 2007 4:06 am Post subject: |
|
|
OK... upon further (TEDIOUS and fruitless) study...
I assumed port forwarding was working since I originally started Bittorrent and it said something about being behind firewall and I added
-A PREROUTING -i eth1 -p tcp -m tcp --dport 61900:61999 -j DNAT --to-destination 192.168.1.100
-A PREROUTING -i eth1 -p udp -m udp --dport 61900:61999 -j DNAT --to-destination 192.168.1.100
(wasn't sure if udp also needed?)
to the rules-save and this made the message at the bottom right corner go poof and no longer said behind a firewall.
HOWEVER...
I went to my laptop, also running gentoo (wlan) and checked the ip X.X.X.102. I added a rule for 9090 (and 60000 later on) to forward the port:
-A PREROUTING -i eth1 -p tcp -m tcp --dport 60000 -j DNAT --to-destination 192.168.1.102
and in the filter table section (for good measure since it didn't work the other way and is required for my web server to accept 80...)
-A INPUT -i eth1 -p tcp -m tcp --dport 60000 -j ACCEPT
Then I ran a prog I use at work (s2o... server 2 output - puts anything it reads on stdout) on port 60000 and I fed it from another term with f2c (file 2 client) using the ISP inet addy of my linux router/firewall and port 60000. No luck, no response from server.
So I think I do not in fact have forwarding working...
The current (I've tried alot of mods lol) rules-save:
# Generated by iptables-save v1.3.5 on Thu Jul 13 02:35:24 2006
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 61900:61999 -j DNAT --to-destination 192.168.1.100
-A PREROUTING -i eth1 -p udp -m udp --dport 61900:61999 -j DNAT --to-destination 192.168.1.100
-A PREROUTING -i eth1 -p tcp -m tcp --dport 60000 -j DNAT --to-destination 192.168.1.102
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Jul 13 02:35:24 2006
# Generated by iptables-save v1.3.5 on Thu Jul 13 02:35:24 2006
*filter
:INPUT ACCEPT
:FORWARD DROP
:OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i ! eth0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i ! eth0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth1 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 60000 -j ACCEPT
-A INPUT -i ! eth0 -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ! eth0 -p udp -m udp --dport 0:1023 -j DROP
-A FORWARD -d 192.168.1.0/255.255.255.0 -i eth0 -j DROP
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -j ACCEPT
-A FORWARD -d 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT
COMMIT
# Completed on Thu Jul 13 02:35:24 2006
HELP?
hehe I used: http://www.gentoo.org/doc/en/home-router-howto.xml as the basis for originally setting up my linux router/dnsmasq etc and all works well (meaning can ssh and http to the main box)
Results of tcpdump, stopped after one 'cycle':
merlin iptables # tcpdump -q port 60000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:08:17.371341 IP strider.XXXX.com.48814 > XXXX.dyn.optonline.net.60000: tcp 0
00:08:17.371381 IP XXXX.dyn.optonline.net.60000 > strider.XXXX.com.48814: tcp 0
2 packets captured
2 packets received by filter
0 packets dropped by kernel
------------------
I was told there should be another line something like:
00:08:17.371381 IP XXXX.dyn.optonline.net.60000 > 192.168.1.102: tcp 0
(with -vv setting on, it had: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 40) as extra info on the attempts)
if it is forwarded...? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
