LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 07-02-2001, 01:54 PM   #1
Tom Reilly
LQ Newbie
 
Registered: Jul 2001
Posts: 4

Rep: Reputation: 0
Streaming video


Can anyone help I am using Linux 7.0 and am trying to stream video. Does anyone know the commands to enter in the firwall to allow me access to ports on the inside to view the cameras?
 
Old 07-03-2001, 04:21 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Tom,

What firewall software are you using on the 7.0 system?

type as root
#ipchains -L -n

what does it say ?
if it shows you some rules then set the video streaming and within 10 seconds of doing this type #ipchains -L -M -n on the linux box.
Then tell us what it said.

If it doesn't show you anything then find out what firewall software is installed.

That command will show you what's talking to what, even if it not getting through the firewall, also the video should use UDP as it's better for streaming data.

/Raz
 
Old 07-03-2001, 04:51 PM   #3
Tom Reilly
LQ Newbie
 
Registered: Jul 2001
Posts: 4

Original Poster
Rep: Reputation: 0
Angry Raz help

Raz here is what it says...............

Chain input (policy Accept):
Chain forward (policy Deny):
Target prot opt source destination ports
MASQ all -------- 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy Accept):

thanks for any help

Tom
 
Old 07-03-2001, 04:58 PM   #4
Tom Reilly
LQ Newbie
 
Registered: Jul 2001
Posts: 4

Original Poster
Rep: Reputation: 0
Help

/raz

This is what I get when i typs in the following

ipchains -L -M -n
IP masquerading entries
prot expire source destination ports
TCP 119:02.57 192.168.0.8 205.188.8.163 1995 (61778) -> 5190
TCP 01:59.37 192.168.0.3 216.174.194.40 1516 (62178) -> 110
UDP 00:00.52 192.168.0.3 216.174.194.53 1512 (62174) -> 53
UDP 00:00.57 192.168.0.3 216.174.194.54 1512 (62175) -> 53
UDP 00:07.41 192.168.0.3 216.174.194.54 1514 (62176) -> 53
UDP 00:07.45 192.168.0.3 216.174.194.53 1514 (62177) -> 53
 
Old 07-04-2001, 04:56 AM   #5
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Ok Tom, it's not your firewall.

Basically it shows your AOL messenger, POP and DNS resolve info passing through your Linux box from your Windows system's.

Oh you don't have a firewall running as your letting all TCP packets in, but your using NAT so your windows boxes can talk to the net. "i.e not very secure"

I'm afraid your going to have to start from the beginning and answer some more questions, as I have no clue as to the answer yet.

1) What make is your web cam ?
2) How are other people going to view the streams. i.e on a website link your running ?

3) on the box where the web cam is, start it streaming as if you were going to view it from another PC and type in its DOS prompt
netstat -na
what does it say ?

4) also describe your network set-up for us. "i.e I have 2 Windows 2000 system at 192.168.0.3 & 8, using the Linux box as a gateway over my ADSL link .... etc..."

Also change your MAQS settings in ipchains to allow forwarding .
type as root:

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -M -S 7200 10 60
ipchains -A forward -s 192.168.0.0/24 -j MASQ

/raz
 
Old 07-04-2001, 03:45 PM   #6
Tom Reilly
LQ Newbie
 
Registered: Jul 2001
Posts: 4

Original Poster
Rep: Reputation: 0
Help on Firewall

Raz
My web cams are the 3com Home connect.

I want people to view streaming to a web page. I can view from inside the network but not outside.

When I do #nestat -na I get
TCP 192.168.0.3:1177 192.168.0.2:139 ESTABLISHED
TCP 192.168.0.3:1179 64.24.0.26:21 ESTABLISHED

udp 192.168.0.3:1177 *:*
udp 192.168.0.3:138 *:*


My system consists of 4 windows (3Win98, 1winME)192.168.0.3 & 4 & 5 & 6 machines talking to the linux box which is the gateway connected by dsl to the internet.

I changed the MAQS settings to what you said in my rc.firewall file? is that correct?

Tom
 
Old 07-05-2001, 05:56 AM   #7
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Ok Tom I understand now.

If you can see the video cam from your internal network, it's cause your on the same network as the UDP stream.

Your firewall is providing NAT not port forwarding!.

What is NAT:
You lookup a website on your PC, it connects to the Linux gateway which then in turns changes the TCP packet headers to match its own IP info and forwards on to it's next hop, then the response packets come back to the senders header info, the gateway then matches this to it's packet table and gives it to the internal pc that first sent it.

Now if someone just wants to look at your video stream data, they connect to your firewall which in turn says no your not an internal system in my NAT table that sent the packet in the first place and the packet are dropped.

Your Windows 3com Cam is working in the following way from looking at that netstat -a info.

192.168.0.3 streams the data over UDP on port 1177
192.168.0.3 has a port ready for a connection to start the stream on tcp port 1177
Other systems connect to the 192.168.0.3's tcp port 1177 from there windows netbios port.

So what you need to do if you want others to see your video stream is to port forward through your firewall.

The way you would do this is with some free software called "ipmasqadm" this needs to be downloaded and installed on your system.

Then it needs to be linked to the MASQ mod in your system with the command: #modprobe ip_masq_portfw

Then you need to forward over the correct information to your internal system from you external IP address.

With the following lines:
(your_external_ip is whatever your linux's ISP's ip address is to your DSL router)

ipmasqadm portfw -a -P tcp -L your_external_ip 1177 -R 192.168.0.3 1177
ipmasqadm portfw -a -P udp -L your_external_ip 1177 -R 192.168.0.3 1177

Or something like this,
/Raz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
streaming video koncept Linux - Software 2 10-16-2005 05:03 PM
Streaming Video ripmaster Linux - Software 2 03-17-2005 09:07 AM
streaming video kasperk Linux - Networking 1 10-01-2003 11:38 AM
Streaming video shanenin Linux - Software 1 09-07-2003 03:58 PM
Streaming Video robeb Linux - Software 1 06-15-2002 01:09 PM


All times are GMT -5. The time now is 08:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration