From: John Lister <john.lister@kickstone.com>
To: Al Grant <bigal.nz@gmail.com>
Cc: netfilter <netfilter@vger.kernel.org>
Subject: Re: IPTables
Date: Wed, 11 Apr 2012 07:33:21 +0100 [thread overview]
Message-ID: <4F8525B1.9030300@kickstone.com> (raw)
In-Reply-To: <CAODtcdf9shdm-KWvrjGHyDwjJL_p9pE4BdeSKELSTC6ww0p03g@mail.gmail.com>
You say your router forwards port 5555 to port 80 on the pc, if that is
the case, then you need a rule to map port 80 on 192.168.1.71 to
192.168.70.140. Something like
iptables -t nat -A PREROUTING -i wlan0 -d 192.168.1.71 --dport 80 -j
DNAT --to 192.168.70.140
make sure that your FORWARD rule allows it through. You also probably
need to add this depending on your routing tables
iptables -t nat -A POSTROUTING -i wlan0 -d 192.168.70.140 --dport 80 -j
SNAT --to 192.168.1.71
to handle the reverse case and route the packets back out.
I'm half asleep so i'd test these fully first :)
John
--
www.pricegoblin.co.uk
On 11/04/2012 04:03, Al Grant wrote:
> Hiya All,
>
>
>
> I am after a little guidance please on the following problem:
>
>
>
> My topology is as follows:
>
>
>
> inet----router 192.168.1.254-------wlan0 192.168.1.71&& eth0
> 192.168.70.121------ip camera 192.168.70.140:80
>
>
>
> Note:
>
> (1) eth0 and wlan0 are on a PC running Ubuntu.
>
> (2) Port 5555 on the router is forwarded to 80 on 192.168.1.71
>
> (2) in sysctl I have set sysctl net.ipv4.ip_forward=1
>
>
>
> Now what I need to do is to be able to access the IP camera from the inet.
>
>
>
> So I have tried adding IPTables:
>
> iptables -t nat -A PREROUTING -i wlan0 -d 192.168.1.71 -p tcp --dport
> 5555 -j DNAT --to 192.168.70.140:80
>
>
>
> Now this should allow me to access the camera by pointing a web
> browser to the real world public ip on port 5555, however I get page
> cannot be displayed.
>
>
>
> I have verified that:
>
> 1. That camera is accessable from the Ubuntu computer via web browser and ping
>
>
>
> Various people have suggsted I may need to modify conntrack and others
> have suggested I may need a second rule.
>
>
>
> Can anyone please help?
>
>
>
> Thanks in advance
>
> AL
>
>
> --
> "Beat it punk!"
> - Clint Eastwood
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-04-11 6:33 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-11 3:03 IPTables Al Grant
2012-04-11 3:45 ` IPTables Ethy H. Brito
2012-04-11 6:33 ` John Lister [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-04-14 12:20 IPTables nullv
2012-04-13 23:54 IPTables nullv
2012-04-14 9:35 ` IPTables Amos Jeffries
2012-04-13 23:53 IPTables nullv
[not found] <047d7b10cb31c8716404bd5f56a7@google.com>
[not found] ` <e89a8ff2474fc99c5604bd608a88@google.com>
2012-04-11 13:06 ` IPTables Ethy H. Brito
2008-01-13 18:53 Can't set up transparent proxy on XO laptop P Zemlja
2008-01-13 22:44 ` G.W. Haywood
2008-01-14 7:45 ` iptables sa
2008-01-14 9:17 ` iptables G.W. Haywood
2008-01-15 13:12 ` iptables sa
2008-01-15 14:54 ` iptables G.W. Haywood
2006-10-19 5:08 IPTABLES tarak
2005-06-19 2:17 iptables s s
2005-05-19 17:45 Iptables Chadley Wilson
2005-05-19 19:33 ` Iptables Jason Opperisano
2005-05-19 20:13 ` Iptables Chadley Wilson
2005-05-19 21:43 ` Iptables Jason Opperisano
2005-05-20 5:38 ` Iptables Chadley Wilson
2005-05-20 5:50 ` Iptables Jason Opperisano
2005-05-20 6:04 ` Iptables Rob Sterenborg
2005-05-20 6:26 ` Iptables Rob Sterenborg
2005-05-18 21:04 Iptables Limbert Fuentes Quiroga
2005-01-31 11:31 iptables Alabama
2005-01-31 12:02 ` iptables John A. Sullivan III
[not found] ` <5.2.0.9.0.20050131135158.02a9dec0@poczta.interia.pl>
2005-01-31 13:18 ` iptables John A. Sullivan III
2005-01-31 11:16 iptables Andrzej
2004-09-28 5:07 Iptables Contact
2004-09-28 5:25 ` Iptables Rob Sterenborg
2004-09-28 8:19 ` Iptables Contact
2004-09-28 14:04 ` Iptables Jason Opperisano
2004-09-28 14:09 ` Iptables Aleksandar Milivojevic
2004-09-28 10:36 ` Iptables John A. Sullivan III
2004-09-28 14:27 ` Iptables Jose Maria Lopez
2004-05-27 17:51 iptables Alejandro Cabrera Obed
2004-02-27 2:23 iptables mustafa hassan
2004-01-31 8:39 Iptables Ivan Zagvozkine
2004-01-28 11:12 Iptables jean-francois fleury
2004-01-28 13:25 ` Iptables Jeffrey Laramie
2003-05-26 13:34 iptables Wan System S.R.L.
2003-05-26 15:27 ` iptables Pedro C. Arias
2003-04-28 18:29 IPTABLES lfps
2003-04-23 5:17 iptables Star Fire
2003-02-27 18:04 iptables Guss
2003-01-19 17:30 iptables VASIF MUSAOGULLARI
2003-01-21 11:42 ` iptables Erdal Mutlu
2003-01-17 9:20 IPtables Jet
2002-06-28 13:28 iptables luigicart
2002-06-28 13:45 ` iptables Antony Stone
2002-06-28 13:48 ` iptables Tom Eastep
2002-06-28 14:00 ` iptables Joe Patterson
2002-06-13 9:03 Iptables Paulo Andre
2002-06-11 2:24 iptables Matthew Hellman
2002-06-10 14:06 iptables Paulo Andre
2002-06-10 19:27 ` iptables Antony Stone
2002-06-11 2:23 ` iptables Matthew Hellman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F8525B1.9030300@kickstone.com \
--to=john.lister@kickstone.com \
--cc=bigal.nz@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox