LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-08-2012, 09:13 AM   #1
mikepesch
LQ Newbie
 
Registered: Apr 2012
Location: Hemel Hempstead
Distribution: Centos 6.4
Posts: 11

Rep: Reputation: Disabled
forwarding internal network camera securely to my servers internet adapter


Hello

I have an ip camera connected to my internal network which I access just using a browser.

I have a server which connects internally and externally to the internet via a cable modem which acts as my main router and firewall

I wish to port forward my camera using ssh so I can access it externally with a mobile device (phone). I currently do this for a secure vnc connection ok but wish to connect my camera in a similar secure manner.

the current camera is a simple edimax ip camera that is just using http on port 80
 
Old 05-09-2012, 04:57 AM   #2
fukawi1
Member
 
Registered: Apr 2009
Location: Melbourne
Distribution: Fedora & CentOS
Posts: 854

Rep: Reputation: 190Reputation: 190
Well you haven't really provided enough information to be able to help you.

But on the firewall/router machine, you will need to do NAT (Network Address Translation, in this case DNAT, Destination NAT.), which will take a packet (in this case a http request) from the internet, and translate(change) the destination IP address to the Camera's internal IP.
Using iptables, the rule would look something like this (assuming you aren't running any other web servers/etc)...
Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination $Camera_IP
iptables -A FORWARD -i $Wan_If -o $LAN_If -p tcp --dport 80 -j ACCEPT
The first rule does the NAT itself, and the second rule will allow it through the firewall. The second rule is only required if your default policy on the filter/FORWARD chain is drop..

For something like this, I would normally recommend securing it by source IP, so only connections from allowed WAN IP address's are allowed, this is not an option with a mobile device which is most likely going to have a dynamic address. In a case such as this, you could also use a non standard port, and modify the DNAT rule in the above example, to forward from dport "12345" to port 80 on the camera IP. This would also mean telling the client to connect using the alternate port.

The issue I see with securing something like this, is not with the firewall, but with the camera itself. How well do you trust the developers of the camera?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port Forwarding Within Internal Network marzak Linux - Networking 5 02-27-2010 10:39 AM
internal LAN IPs to get accessed from Internet ( not through port forwarding ) edywas Linux - Networking 4 10-26-2007 03:30 PM
Allowing Internal Servers to access internet Swakoo Linux - Networking 6 04-20-2007 10:23 PM
IP forwarding issue -- IP address of internal network menonrr Linux - Networking 4 09-14-2004 07:46 AM
IPTABLES port forwarding to internal network ivanros Linux - Networking 2 12-28-2002 10:19 PM


All times are GMT -5. The time now is 04:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration