Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
It might be best to describe your setup in a little more detail. Your assertion that you have a router which opens a machine to the internet without filtering seems more than a little strange.
It might be best to describe your setup in a little more detail. Your assertion that you have a router which opens a machine to the internet without filtering seems more than a little strange.
Not strange. P2P IP Cameras connect automatically with an internet cloud server, so people do not need to configure routers or port forwarding. But this is a security hole and in fact I suspect somebody or a bot from China is controlling my camera through the insecure cloud. I use port forwarding so I don't need P2P and camera does not allow to disable it.
My Router is a usual router (Vodafone Vox UI) , you can configure NAT and port forwarding but there is nothing similar to iptables in order to block ports or connections started by LAN devices.
Quote:
Originally Posted by ferrari
You'll need two NICs to fulfil your ambition to use your Ubuntu server as a firewall...
But I do not want to replace my router with a Linux PC and 2 NICs. Also, I do not want 2 networks or 2 subranges. My idea is to use the Linux Server as a filter to block outside connections to the cloud from the camera. So I configure the camera with gateway 192.168.1.7 (linux server pc) instead of 192.168.1.1 (router), and Linux PC working as a router LAN to LAN (Instead LAN to WAN).
Thanks for the added detail. I can understand that you want to block particular outgoing traffic from the camera, but I still don't get how you plan to implement this on an Ubuntu machine with only one network interface. I would consider purchasing an enterprise router to manage outgoing traffic.
Thanks for the added detail. I can understand that you want to block particular outgoing traffic from the camera, but I still don't get how you plan to implement this on an Ubuntu machine with only one network interface. I would consider purchasing an enterprise router to manage outgoing traffic.
Well. I just found another alternative.
I configure the camera without a gateway (or a invalid gateway). So, Camera has not internet access and cannot start outgoing traffic. Then, I map a Linux PC port to the camera port, they are in the same LAN. After this point Linux PC is acting as if it were the camera, but only with an open or allowed port, so it is an effective firewall. Then I configure port forwarding in router pointing to Linux Server instead of Camera.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by liken
Not strange. P2P IP Cameras connect automatically with an internet cloud server, so people do not need to configure routers or port forwarding. But this is a security hole and in fact I suspect somebody or a bot from China is controlling my camera through the insecure cloud. I use port forwarding so I don't need P2P and camera does not allow to disable it.
My Router is a usual router (Vodafone Vox UI) , you can configure NAT and port forwarding but there is nothing similar to iptables in order to block ports or connections started by LAN devices.
But I do not want to replace my router with a Linux PC and 2 NICs. Also, I do not want 2 networks or 2 subranges. My idea is to use the Linux Server as a filter to block outside connections to the cloud from the camera. So I configure the camera with gateway 192.168.1.7 (linux server pc) instead of 192.168.1.1 (router), and Linux PC working as a router LAN to LAN (Instead LAN to WAN).
Thank you for explaining and confirning that your router does not simply expose ports to the internet.
If you're worried about the webcam get a refund.
Or set up specific rules on your router that the webcam is not allowed toi "dial out".
The
So you configured two IPs on the same NIC of your Linux machine and the camera has an ip belonging to a subnet under the main subnet of your lan?
No. Linux PC, 1 NIC, 1 IP.
Linux PC doing network address translation (NAT) in same NIC, unique IP, in order to map or link a camera port to a local port (similar to tunnels with reverse SSH, but with iptables and NAT). So Camera can be disconnected from Internet (No configured Gateway) and it is only visible in local ethernet network. For all intents and purposes Linux PC has the port of the camera and any port forwarding in router is pointed to this PC.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.