From: John Lister <john.lister@kickstone.com>
To: Al Grant <bigal.nz@gmail.com>
Cc: netfilter <netfilter@vger.kernel.org>
Subject: Re: IPTables
Date: Wed, 11 Apr 2012 07:33:21 +0100 [thread overview]
Message-ID: <4F8525B1.9030300@kickstone.com> (raw)
In-Reply-To: <CAODtcdf9shdm-KWvrjGHyDwjJL_p9pE4BdeSKELSTC6ww0p03g@mail.gmail.com>
You say your router forwards port 5555 to port 80 on the pc, if that is
the case, then you need a rule to map port 80 on 192.168.1.71 to
192.168.70.140. Something like
iptables -t nat -A PREROUTING -i wlan0 -d 192.168.1.71 --dport 80 -j
DNAT --to 192.168.70.140
make sure that your FORWARD rule allows it through. You also probably
need to add this depending on your routing tables
iptables -t nat -A POSTROUTING -i wlan0 -d 192.168.70.140 --dport 80 -j
SNAT --to 192.168.1.71
to handle the reverse case and route the packets back out.
I'm half asleep so i'd test these fully first :)
John
--
www.pricegoblin.co.uk
On 11/04/2012 04:03, Al Grant wrote:
> Hiya All,
>
>
>
> I am after a little guidance please on the following problem:
>
>
>
> My topology is as follows:
>
>
>
> inet----router 192.168.1.254-------wlan0 192.168.1.71&& eth0
> 192.168.70.121------ip camera 192.168.70.140:80
>
>
>
> Note:
>
> (1) eth0 and wlan0 are on a PC running Ubuntu.
>
> (2) Port 5555 on the router is forwarded to 80 on 192.168.1.71
>
> (2) in sysctl I have set sysctl net.ipv4.ip_forward=1
>
>
>
> Now what I need to do is to be able to access the IP camera from the inet.
>
>
>
> So I have tried adding IPTables:
>
> iptables -t nat -A PREROUTING -i wlan0 -d 192.168.1.71 -p tcp --dport
> 5555 -j DNAT --to 192.168.70.140:80
>
>
>
> Now this should allow me to access the camera by pointing a web
> browser to the real world public ip on port 5555, however I get page
> cannot be displayed.
>
>
>
> I have verified that:
>
> 1. That camera is accessable from the Ubuntu computer via web browser and ping
>
>
>
> Various people have suggsted I may need to modify conntrack and others
> have suggested I may need a second rule.
>
>
>
> Can anyone please help?
>
>
>
> Thanks in advance
>
> AL
>
>
> --
> "Beat it punk!"
> - Clint Eastwood
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-04-11 6:33 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` John Lister [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
[not found] <BANLkTi=G1ecs9wx+QgAcUphK2-jg60nbAw@mail.gmail.com>
2011-06-02 11:47 ` Iptables Pablo Neira Ayuso
2009-04-27 8:05 iptables Manu
2009-04-29 20:32 ` iptables Jan Engelhardt
2009-05-05 13:38 ` iptables Patrick McHardy
2009-05-05 19:26 ` iptables Jan Engelhardt
2009-05-06 7:53 ` iptables Manu
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Iptables Jason Opperisano
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` iptables John A. Sullivan III
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` iptables John A. Sullivan III
2005-01-31 11:16 iptables Andrzej
2004-11-29 14:58 iptables MANJUNATH
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Iptables Aleksandar Milivojevic
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
2004-06-19 23:02 Iptables Xiaofang Chen
2004-06-21 18:26 ` Iptables Ian Pratt
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
[not found] <20040205052840.10884.25667.Mailman@netfilter-sponsored-by.noris.net>
2004-02-09 4:48 ` iptables VeNoMouS
2004-02-14 20:17 ` iptables Harald Welte
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2004-01-16 22:36 iptables Wilmar jose wagner
2004-01-22 22:33 ` iptables Pablo Neira
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-11-18 22:30 iptables Alexandre Carlos
2002-10-17 23:25 IPtables Alexandre Carlos
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-18 21:06 iptables Russell Coker
2002-06-20 12:44 ` iptables Stephen Smalley
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F8525B1.9030300@kickstone.com \
--to=john.lister@kickstone.com \
--cc=bigal.nz@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.