I've got an IP camera behind a NAT and a carrier grade NAT (GCN). Therefore, traditional port forwarding is out of the question. No hope for IPv6 either, so I've nailed up persistent Reverse SSH connections from the IP Camera's ports (88,443,888) (via a linux box on the same subnet) to a linux VPS with a globally routeable IPv4 address. I can now access the IP camera on the VPS's VNC gnome session, but now i want to turn those IP camera ports towards the VPS' WAN port and make the IP camera accessible via the internet.
So, this involves dabbling in IPTables. I've been reading about this and attempting various port openings and NAT commands(but I've failed dismally). None have worked correctly (the ports are always closed or silent). I could use some help.
IP camera ports 88,443, and 888 show up on 127.0.0.1 loopback on the VPS at colocrossings. How can i use IPTables to translate that to the WAN IP port? I want to be able to type in from from anywhere on the internet:
https://my_vps.colocrossing.com:443 and have native access to the IP camera. Preferably, I'd like a string on iptable commands that i can put in a cronjob at startup.
Alternatively, I'm a barking up the wrong tree (a totally different NAT traversal solution?). Thank you for your help.
For reference:
Here are the reverse SSH connections that traverse the NAT:
-----------------------------------------------------------
ssh -i /home/user/.ssh/IP_cam_PKI_autologin -N -R 88:192.168.120.2:88
user@my_vps.colocrossing.com &
ssh -i /home/user/.ssh/IP_cam_PKI_autologin -N -R 888:192.168.120.2:888
user@my_vps.colocrossing.com &
ssh -i /home/user/.ssh/IP_cam_PKI_autologin -N -R 443:192.168.120.2:443
user@my_vps.colocrossing.com &
ReverseSSH for remote access to the Linux box:
---------------------------------------
ssh -i /home/user/.ssh/IP_cam_PKI_autologin -N -R 2244:localhost:22
user@my_vps.colocrossing.com -o ExitOnForwardFailure=yes &
IP Camera's internal NAT network:
------------------------
192.168.120.2
255.255.255.0
Viaero Wireless NATed WAN network:
--------------------------------
10.x.x.x
255.255.255.255
Viaero Wireless' CGN globally routable WAN:
---------------------------------
199.47.67.x
(unknown subnet)
VPS at colocrossings:
---------------------
198.23.x.x
255.255.255.255