1

I have a embedded board with yocto based minimal linux without GUI. It has Ethernet and WiFi interface up and running.

Now, I have connected Axis F44 (192.168.30.35) camera to my ethernet port (192.168.30.34). My WiFi interface uap0 having AP mode static IP:192.168.42.1 and when I connect any device to WiFi as station that device receives IP:192.168.42.25. Below image describe the network details.

Network Details

Now, in order to play the RTSP stream of camera from the mobile device application I am not sure what network changes I should do in board so that mobile device (192.168.42.25) can start ping Camera (192.168.30.35) and vice-ver-sa.

Can anyone suggest how to achieve the goal? Or what should be the required network configuration (bridge or IP forwarding) ?

Interface on device:

eth0      Link encap:Ethernet  HWaddr E2:5D:60:CB:29:99  
          inet addr:192.168.30.34  Bcast:192.168.30.255  Mask:255.255.255.0
          inet6 addr: fe80::e05d:60ff:fecb:2999%lo/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2030 (1.9 KiB)  TX bytes:17571 (17.1 KiB)


uap0      Link encap:Ethernet  HWaddr D4:CA:6E:5E:4E:01  
          inet addr:192.168.42.1  Bcast:192.168.42.255  Mask:255.255.255.0
          inet6 addr: fe80::d6ca:6eff:fe5e:4e01%lo/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2617 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:18 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:180796 (176.5 KiB)  TX bytes:4590 (4.4 KiB)
Improve this question

2 Answers 2

Reset to default
0

Here are a few suggestions on how to configure your Yocto system. You'll have to research more thoroughly on each topic. All of them have advantages and drawbacks, but I'd suggest the last one (NAT).

  • Set as bridge

    As the Linux system is an AP, it's perfectly possible to bridge the Ethernet interface and the Wifi interface together. Specific method requires configuring hostapd properly to use a bridge. Some pointers here and there.

    You'd probably have to configure (manually at build time or using DHCP) the camera to use 192.168.42.1 this time, but the Yocto system should still have an (other) IP address in 192.168.42.0/24 because it still requires a DHCP server.

    So it would still expose the dual nature of the board. There are probably methods to keep the Yocto system completely transparent and still provide DHCP (appearing from 192.168.42.1) but that's something that would be complex to do.

  • Set as router

    You must enable IP forwarding.

    • With the camera system visible

      It means you must publish the route to the camera with DHCP, but not as default route. End users would not appreciate losing Internet to use the Camera because of a new default route. To publish specific routes with DHCP you need both of these features at the same time:

      The configuration depends on the DHCP server used in the system. It's probably Kea, which doesn't have built-in support for these options but can handle any arbitrary option as described there (this requires good understanding of the option from RFC).

      And you must not forget to have the Camera configured with a default route through 192.168.30.34 (manually or DHCP, not requiring options above).

      But it might not be interesting to do so because:

      • relies on complex DHCP options and a 2nd network that has a new chance to clash with user's own network setup.
      • still exposes the existence of a dual system in the board

    • Or Camera hidden behind NAT

      By using as ALG the external (ie: not mainstream) Linux kernel module nf_nat_rtsp provided by the project rtsp-linux (and for example packaged in Debian as nat-rtsp-dkms) along adequate NAT rules similar to:

      iptables -t nat -A PREROUTING -i uap0 -d 192.168.42.1 -p tcp --dport 554 -j DNAT --to-destination 192.168.30.35
iptables -t nat -A PREROUTING -i uap0 -d 192.168.42.1 -p udp --dport 554 -j DNAT --to-destination 192.168.30.35

      and adequate helper module configuration as described in this blog: Secure use of iptables and connection tracking helpers, or simply re-enabling back the "unsecure" method after pondering about any security consideration:

      sysctl -w net.netfilter.nf_conntrack_helper=1

      Summary:

      • avoids a complex DHCP configuration and avoid exposing the (fact that there is a) second system in the board

      • Camera doesn't even need a default route if double NAT is done:

        iptables -t nat -A POSTROUTING -o eth0 -s 192.168.42.0/24 -j MASQUERADE

      • requires a kernel module, thus kernel module support if it wasn't enabled before in the embedded system.

      • RTSP compatibility of the module should be verified

Improve this answer
3
  • I am able to achieve the goal by creating the bridge between eth0 and uap0. since dhcp server offering IP range 192.168.42.25-100 I have to assigned static IP 192.168.42.10 to camera in same subnet before creating/accessing via bridge. I haven't tried the second option of Routing as first option Bidge is layer 2 protocol which I assume will give more throughput/faster, please correct me if I'm wrong Commented Jul 2, 2021 at 11:22
  • If you have a solution that works and is easy fine. I don't think throughput is an issue here anyway. Commented Jul 2, 2021 at 11:33
  • Of course if this is anything related to production and business you shouldn't trust a random user on Internet. You'd have to pass this through some security audit etc. (I can see how the user could reconfigure the Camera and brick the overall result if the camera isn't hardened in its config (eg: axis.com/files/manuals/… p 45) Commented Jul 2, 2021 at 13:13
0

I would recommend to enable IP forwarding on your single board computer. Put:

net.ipv4.ip_forward=1

to /etc/sysctl.conf and run sudo sysctl -p. I am not sure how this works in yocto.

Then you need to make sure the traffic is routed from your computer to the camera via your yocto computer. It depends, how other network interfaces on your computer are configured. Generally, it should be something like this:

ip route add 192.168.30.0/24 via 192.168.42.1 dev wlp2s0

I am not familiar with RTSP, but I believe that should be enough.

Improve this answer
2
  • ip_forward is already enabled (verified) and adding route in computer didn't helped. computer (192.168.42.25) is not able to ping (192.168.30.35)... computer is only able to ping uap0 of the board (192.168.30.34) Commented Jun 28, 2021 at 10:34
  • Is camera pingable? Does it respond to pings? I would recommend to record traffic on yocto board. First, on uap0 port to see your route works OK: tcpdump -i uap0 port not 22 and host 192.168.42.25. Then on eth0 port to see that the traffic is forwarded through yocto board: tcpdump -i eth0 port not 22 and host 192.168.42.25. I assume you ssh to yocto board, that is why ssh traffic is excluded in tcpdump. Try to ping when tcpdump is running to see whether the traffic reaches the interface. Then analyze the traffic and try to find an error. Commented Jun 28, 2021 at 11:37

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.