Hello,

Daryl a écrit :
>
> I'm trying to set up port forwarding for a webcam feed (using Windows
> Media Encoder 9) from a computer inside my internal network. I can
> connect to it directly from inside the network, but whenever I try to
> connect to it through my router it doesn't connect (with Media Player
> kicking back some "network error" message that isn't useful.
>
> The iptables config in my router looks like this:
>
> *nat
> [...snippet...]
> -A PREROUTING -p tcp -m tcp --dport 6666 -j DNAT --to-destination
> 192.168.10.20:8080
>
> *filters
> [...snippet...]
> -A INPUT -p tcp -m tcp --dport 6666 -j ACCEPT

Wrong rule. The correct rule must be in the FORWARD chain and match
destination port 8080 in order to catch the forwarded packets. Also,
matching on the destination address won't harm and will add some extra
security :

-A FORWARD -d 192.168.10.20 -p tcp -m tcp --dport 8080 -j ACCEPT

And of course you also need to accept the reply packets.

> Now, when I access http://192.168.10.20:8080 through Windows Media
> Player from inside the network I can see the feed. But when I access
> it through http://myserver.com:6666 it continually fails to connect
> (where my router is "myserver.com"; if I use its IP directly I get the
> same error).

From inside the network ? It's a common issue due to asymmetric routing
(NAT does not like it). Add the following rule to force reply packets
from the server to go back to the router and try again :

-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.20 \
-p tcp -m tcp --dport 8080 -j SNAT --to