We we have app but device has 2 interface ppp0 ( that makes public apn network) second private netwotk ( snp1s0 that makes private to connect camera ) we’re trying to make NAT from public to camera without ufw snap just using iptables when we could make ip tables rules on it, it did not work because of forwarding setting like net.ipv4.ip_forward=1, sudo vi /etc/sysctl.conf
All other configuration is ok
However, this configuration is not persistent and will be lost after every reboot. You can handle this;
your application can always check the mentioned path and enable ip forwarding after every reboot.
you can use system-files (https://snapcraft.io/docs/system-files-interface) and modify /etc/sysctl.conf which will always enable the ip forwarding. Please note that, system-files interface is considered as super-privileged interface and requires Store Review as well as private IoT App Store.
If you would like to use iptables within your application snap, you would need to add iptables package to your snap by leveraging the stage-packages section. Then probably, you would need to adjust the paths that iptables tries to reach. Finally, do not forget to add required interface plug to your snapcraft.yaml file.
i think there is also a way to somehow talk to ufw via dbus, so you could configure it after first boot through that and the settings should persist … alternatively what bugra said is correct … your app would have to set it regulary or put something into /etc/sysctl.d/ …
here is an example where i ship iptables in a captive-portal snap:
In order to make the problem clear, i want to give some details as in the following.
We have a Single Board PC, an NVR device and some IP Cameras, our aim is to watch IP cameras from our server.
NVR device that is connected to our Single Board PC over ethernet connection, it is plugged directly to PC , there is no switch, router etc between.
As you know there is a web application working on NVR on 80 port to watch ip cameras.
We thought we could watch the cameras from our server by using a web browser by accessing DVR’s port 80.
There is a apn connection between our single board PC and server, therefore in order to access NVR 80 port from our server bypassing apn connection we need to make a port forwarding between ppp0 (apn network) and eth0 (nvr connection).
We accomplished to watch IP cameras from our server on a web browser by applying the following commands on Ubuntu Classic Desktop,
but we are not sure what is the best way to implement the configuration on Ubuntu Core. Is it better to use ufw as in the following, or is it easier to make it by changing the configuration only using ip tables.
If we use ufw what is the key points that we need to focus?
NVR Ip: 192.168.1.3:80
Our Single Board PC IP on APN:192.168.11.6
root@pudo-EPIC-BT07:/etc/ufw# ip link set enx020c29a39b6d down
/etc/default/ufw to accept forwarding requests
default_forward_policy = “accept”
edit /etc/ufw/sysctl.conf to allow forwarding
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
Port Forwardings 80 Management, 3000 data, 1935, 554 RTSP