LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Streaming video (https://www.linuxquestions.org/questions/linux-security-4/streaming-video-3898/)

Tom Reilly 07-02-2001 12:54 PM
Streaming video
 
Can anyone help I am using Linux 7.0 and am trying to stream video. Does anyone know the commands to enter in the firwall to allow me access to ports on the inside to view the cameras?

raz 07-03-2001 03:21 AM
Tom,

What firewall software are you using on the 7.0 system?

type as root
#ipchains -L -n

what does it say ?
if it shows you some rules then set the video streaming and within 10 seconds of doing this type #ipchains -L -M -n on the linux box.
Then tell us what it said.

If it doesn't show you anything then find out what firewall software is installed.

That command will show you what's talking to what, even if it not getting through the firewall, also the video should use UDP as it's better for streaming data.

/Raz

Tom Reilly 07-03-2001 03:51 PM
Raz help
 
Raz here is what it says...............

Chain input (policy Accept):
Chain forward (policy Deny):
Target prot opt source destination ports
MASQ all -------- 192.168.0.0/24 0.0.0.0/0 n/a
Chain output (policy Accept):

thanks for any help

Tom

Tom Reilly 07-03-2001 03:58 PM
Help
 
/raz

This is what I get when i typs in the following

ipchains -L -M -n
IP masquerading entries
prot expire source destination ports
TCP 119:02.57 192.168.0.8 205.188.8.163 1995 (61778) -> 5190
TCP 01:59.37 192.168.0.3 216.174.194.40 1516 (62178) -> 110
UDP 00:00.52 192.168.0.3 216.174.194.53 1512 (62174) -> 53
UDP 00:00.57 192.168.0.3 216.174.194.54 1512 (62175) -> 53
UDP 00:07.41 192.168.0.3 216.174.194.54 1514 (62176) -> 53
UDP 00:07.45 192.168.0.3 216.174.194.53 1514 (62177) -> 53

raz 07-04-2001 03:56 AM
Ok Tom, it's not your firewall.

Basically it shows your AOL messenger, POP and DNS resolve info passing through your Linux box from your Windows system's.

Oh you don't have a firewall running as your letting all TCP packets in, but your using NAT so your windows boxes can talk to the net. "i.e not very secure"

I'm afraid your going to have to start from the beginning and answer some more questions, as I have no clue as to the answer yet. :rolleyes:

1) What make is your web cam ?
2) How are other people going to view the streams. i.e on a website link your running ?

3) on the box where the web cam is, start it streaming as if you were going to view it from another PC and type in its DOS prompt
netstat -na
what does it say ?

4) also describe your network set-up for us. "i.e I have 2 Windows 2000 system at 192.168.0.3 & 8, using the Linux box as a gateway over my ADSL link .... etc..."

Also change your MAQS settings in ipchains to allow forwarding .
type as root:

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
ipchains -M -S 7200 10 60
ipchains -A forward -s 192.168.0.0/24 -j MASQ

/raz

Tom Reilly 07-04-2001 02:45 PM
Help on Firewall
 
Raz
My web cams are the 3com Home connect.

I want people to view streaming to a web page. I can view from inside the network but not outside.

When I do #nestat -na I get
TCP 192.168.0.3:1177 192.168.0.2:139 ESTABLISHED
TCP 192.168.0.3:1179 64.24.0.26:21 ESTABLISHED

udp 192.168.0.3:1177 *:*
udp 192.168.0.3:138 *:*


My system consists of 4 windows (3Win98, 1winME)192.168.0.3 & 4 & 5 & 6 machines talking to the linux box which is the gateway connected by dsl to the internet.

I changed the MAQS settings to what you said in my rc.firewall file? is that correct?

Tom

raz 07-05-2001 04:56 AM
Ok Tom I understand now. :)

If you can see the video cam from your internal network, it's cause your on the same network as the UDP stream.

Your firewall is providing NAT not port forwarding!.

What is NAT:
You lookup a website on your PC, it connects to the Linux gateway which then in turns changes the TCP packet headers to match its own IP info and forwards on to it's next hop, then the response packets come back to the senders header info, the gateway then matches this to it's packet table and gives it to the internal pc that first sent it.

Now if someone just wants to look at your video stream data, they connect to your firewall which in turn says no your not an internal system in my NAT table that sent the packet in the first place and the packet are dropped.

Your Windows 3com Cam is working in the following way from looking at that netstat -a info.

192.168.0.3 streams the data over UDP on port 1177
192.168.0.3 has a port ready for a connection to start the stream on tcp port 1177
Other systems connect to the 192.168.0.3's tcp port 1177 from there windows netbios port.

So what you need to do if you want others to see your video stream is to port forward through your firewall.

The way you would do this is with some free software called "ipmasqadm" this needs to be downloaded and installed on your system.

Then it needs to be linked to the MASQ mod in your system with the command: #modprobe ip_masq_portfw

Then you need to forward over the correct information to your internal system from you external IP address.

With the following lines:
(your_external_ip is whatever your linux's ISP's ip address is to your DSL router)

ipmasqadm portfw -a -P tcp -L your_external_ip 1177 -R 192.168.0.3 1177
ipmasqadm portfw -a -P udp -L your_external_ip 1177 -R 192.168.0.3 1177

Or something like this,
/Raz


All times are GMT -5. The time now is 12:37 AM.