November 23, 2024, 01:27:05 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Yahoo Webcam behind NAT Firewal  (Read 5318 times)

Offline cyberjun

  • Linux Noob !
  • *
  • Posts: 4
Yahoo Webcam behind NAT Firewal
« on: October 03, 2005, 02:29:00 AM »
Hi,
Recently I implemented iptables with NAT on my linux laptop. I share my internet connection with my two flat mates. The problem is that the Yahoo Webcam broadcasting doesn't work from their PCs. I researched and found out that I will most likely have to add port forwarding for atleast port number 5100. I can do that. However the problem with iptables port forwarding (as far as I know) is that I can only statically forward a port to one internal IP. What about the other one? When he wants to use his webcam, I will have to change the rule to forward 5100 port connect requests to his address.
Apart from this, when I boot XP, the port forwarding is done automatically. I want to know how is it possible. I mean how XP knows which internal IP to forward port 5100 to. I did not make any special settings except for enabling ICS.
I understand that theoretically it won't be possible for all of us to broadcast the webcam at the same time. This should be true irrespective of the OS at the gateway (let me know if this is not the case). I am interested in knowing if iptables can be configured in such a way that it forwards the required ports to correct IPs automatically.
I am sure there will be a number of people out there who would have come across this problem before.

Thanks a lot for your time and thanks in advance for your suggestions.

--cyberjun

Offline ronaldjayr_jover

  • Linux Noob !
  • *
  • Posts: 29
Yahoo Webcam behind NAT Firewal
« Reply #1 on: October 03, 2005, 07:03:23 AM »
You can do this,

####for masquerading your internal ip####
-A POSTROUTING -s xxx.xxx.xxx.xxx/xx -j MASQUERADE

####for  prerouting your public ip to your internal network with port 5100####
-A PREROUTING -d <public ip> -p tcp -m tcp --dport 5100 -j DNAT --to-destination <1st internal IP>
-A PREROUTING -d <public ip> -p tcp -m tcp --dport 5100 -j DNAT --to-destination <2nd internal IP>

###lets say your internal network card is eth1###
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT


try this and let me know.

thanks