iptables - port forwarding
I'm sure this has been addressed a zillion times, but alas, with heavy searching (and googling) I'm still struggling.
My RH9 server has two interfaces. eth0 for the private side (192.x.x.x) and eth1, eth1:1, eth1:2, eth1:3, eth1:4 on the public side, each with it's own public IP, but really the same hardware interface.
What I'm trying to do is route eth1:4 to a dlink webcam that's on the private network, and I am clearly just not getting the syntax correct.
The rest of my firewall script works (rh-lokkit-0-50-INPUT) and is almost "stock" except I closed most ports.
Anyway, here is the trouble area...
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
# webcam port forwarding
#-t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
#-t nat -A PREROUTING -p tcp -d 184.108.40.206 --dport 80 -j DNAT --to 192.168.1.21
#-t nat -A PREROUTING -p tcp -d 220.127.116.11 --dport 8481 -j DNAT --to 192.168.1.21
when I run /etc/rc.d/init.d/iptables restart, it bombs telling me I have used "-t" tables where I'm not supposed to.
If I type those lines immediately after iptables at the command prompt, iptables accepts it, however nothing seems to be forwarded to the webcam. The light on the webcam blinks once, indicating *something* hit it, but that's all that I can see so far.
I could easily avoid all this by repatching the webcam to the public side of my network, and deleting the eth1:4 virtual interface and IP address off my RH9 server, however then the webcam is completely exposed and I'd like not to do that. I have four other ethernet web cams I'd like to setup on the same public IP address, using different ports, thus recycling one IP for multiple cameras.
The default ports for the webcam are 80 and 8481. I'm trying to forward these ports from the public side of the server, to the webcam, and have replies go back to the originating ip client on the internet.
Can anyone give me a push in the right direction? I'm sure it's something very obvious, but not hitting me in the face like I hoped.
Thanks in advance!
Last edited by midiguy732; 11-23-2005 at 09:42 AM.