LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-28-2005, 06:13 AM   #1
lacerto
Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Rep: Reputation: 30
webcam_server behind firewall


Hi - here's the deal

I've a server connected directly to the internet via eth0. I use the Suse firewall to protect
eth0. Eth1 is connected to a hub, allowing other PCs to connect to interweb using masquerading.

One of the other PC's has a working webcam connected to it, and I'm using webcam_server (http://webcamserver.sourceforge.net/) to serve up the images. It works well internally, but not so when trying to connect from outside of the network.

Here's how it's setup: The machine with the webcam is running apache (on port 80), and has the following index.html

Code:
<html>
<head>
<title>WebCam</title>
</head>
<APPLET CODE = "WebCamApplet.class" archive="applet.jar" WIDTH = "320" HEIGHT = "240">
<param name=URL value="http://192.168.1.16:8888">
<param name=FPS value="1">
<param name=width value="320">
<param name=height value="240">
</APPLET>
</body>
</html>
I have forwarded external requests on 8080/8888 to 80/8888 on 192.168.1.16 using the SUSE firewall (and have opened them to external requests):

Code:
FW_FORWARD_MASQ="0/0,192.168.1.16,tcp,8080,80,0/0 0/0,192.168.1.16,tcp,8888,8888,0/0"

From what I see in the logs, the 8080 request seems to be forwarded correctly to port 80 on 192.168.1.16, and the applet actually loads in the browser....but for some reason, the applet fails to connect to the webcam.

I feel sure this a firewall/routing issue, but my knowledge in the area is so limited that I don't really know where to start looking. It's a great opportunity to learn something interesting though.

One other thing..if I directly request port 8888 from the internet i.e http:///mywebsite.com:8888, I do see a still image, and the logs on the gateway machine show the request being forwarded to 192.168.1.16.

Any pointers anyone?

EDIT: I tried replacing the index.html with a plain html file, and it displayed correctly. So it's defininately something to do with 8888

Last edited by lacerto; 04-28-2005 at 09:16 AM.
 
Old 04-28-2005, 06:27 PM   #2
lacerto
Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Original Poster
Rep: Reputation: 30
Well, I suppose it's kinda obscure, but just in case anyone else ever has the same issue, I found solution by changing the very last thing I could think of:

Code:
<param name=URL value="http://192.168.1.16:8888">
to

Code:
<param name=URL value="http://www.myexternalwebsitename.com:8888">
Prevents internal network viewing for some reason, but I got round that by creating a another webpage for internal eg. camera.html with the private ip. I expect there's a more elegent way to do this using apache mods, but this hack did the job
for us.

Code:
<param name=URL value="http://192.168.1.16:8888">
L
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
BSD Firewall vs Linux Firewall ? rootlinux Linux - Security 5 08-29-2007 07:38 AM
webcam_server not working on website deadlove75 Mandriva 8 09-05-2005 11:50 PM
Firewall lets ips which are not in the firewall ... why ? sys7em Linux - Networking 2 06-30-2005 12:50 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 09:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration