HPE Community
Operating System - Linux
1824976 Members
3798 Online
109678 Solutions
New Discussion юеВ

iptables nat stream video

 
SOLVED
Go to solution
Marco_113
Frequent Advisor

тАО01-16-2005 09:56 PM

тАО01-16-2005 09:56 PM

iptables nat stream video

Hi all,

i've aproblem with iptables NAT.

I have an internal server with some file video mp4. I want to see from internet those stream video.

the rules i've applied
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 554
-j DNAT --to ${SERVER_IP1}:554
iptables -A FORWARD -p tcp -d ${SERVER_IP1} --dport 554 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 7070
-j DNAT --to ${SERVER_IP1}:7070
iptables -A FORWARD -p tcp -d ${SERVER_IP1} --dport 7070 -o
${INSIDE_DEVICE} -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 6970:6999
-j DNAT --to ${SERVER_IP1}:6970-6999
iptables -A FORWARD -p tcp -d ${SERVER_IP1} --dport 6970:6999 -o
${INSIDE_DEVICE} -j ACCEPT


And the same for udp protocol, but it does not work.
I don't see any drop in the log and my quick time client says error 10060.

My network has 4 lans, so if i try to get stream video from another lan (not the same of the server one) i can see the video.

From internet it does not work.
Any suggestion?
Thanks
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

тАО01-17-2005 12:40 AM

тАО01-17-2005 12:40 AM

Re: iptables nat stream video

I doubt its a problem with iptables nat, its probably a configuration probelm. You may have certain ip addresses or ports blocked elsewhere in your iptabels file.

I know you are trying to protect your internal ip configuration, but it would be easier to help if you attached your /etc/sysconfig/iptables configuration file.

One thing that jumps out at me is this:

iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 6970:6999
-j DNAT --to ${SERVER_IP1}:6970-6999

this 6970-6999 methodology. I'm not saying its wrong, I'm just saying I experimented with this for a while and never got it working to my satisfaction.

If you don't have a set configuration file than iptables -L output after the configuration is applied would be helpful.

After each line of code, you might want this little diagnostic:

iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 6970:6999
-j DNAT --to ${SERVER_IP1}:6970-6999
rc=$?

echo "return code: $rc"

If you get a non-zero return code you know you have a problematic line of code.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Marco_113
Frequent Advisor

тАО01-17-2005 02:31 AM

тАО01-17-2005 02:31 AM

Re: iptables nat stream video

Hi sep,

On the firewall, just under the nat rules i put a line that logs everything coming from internet.

ther's something strange:

the url I request is http://xxxxxxxx/xxx.mp4

If i send this request with my browser, it doesn't work, and i don't see any log line in firewall /var/log/messages

if I open my quicktime client and I send the same request with it, but with rtsp protocol (rtsp://xxxxxxxx/xxx.mp4)
it works, and i see the log lines on the firewall!!

Suggestions?
Thanks


0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

тАО01-17-2005 03:15 AM

тАО01-17-2005 03:15 AM

Solution

Re: iptables nat stream video

hello,

You have to install NetFilter Patch-o-Matic "Extras" for iptables; this adds CONFIG_IP_NF_RTSP module for RTSP protocol.

check out the following link:
http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-rtsp-conntrack

Regards,
Sergejs
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.