Re: RTSP and iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I solved it.
It is only necessary to add a PREROUTING rule indicating that any UDP packet coming from the media server in a determined range of ports has to be DNATed to the local IP of the client. 

Something like this:
iptables -t nat -A PREROUTING --src 10.1.xx.xx -p udp --sport xxxx:yyyy -j DNAT --to-destination 192.168.50.4:xxxx-yyyy 

I hope it can help people in the same situation that I was.

Rebeca

rebeca.martinez-garcia@xxxxxxxxxxxxxxxxx escribió:



Hello all,

I have the following scenario:

Private client <-------- > Firewall machine <----------> Streaming Server
The streaming Server offers two types of services: VoD (by means of RTSP) as well as broadcasting. The last one is running without problems once I included some rules in my iptables configuration and with the help of igmpproxy.
However, there is no way I can make the client display the unicast video. The firewall permits the ports agreement (TCP), but then with the UDP messages it answers both the client and the server with an ICMP Destination unreachable message. 

My iptables configuration is like this:

# Forward:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A FORWARD -i eth1 -o ppp0 -j ACCEPT
iptables -A FORWARD -p udp --dport 5060 -j ACCEPT
iptables -A FORWARD -p udp --dport 4060 -j ACCEPT

# Enabling VLC streaming broadcast:
iptables -I FORWARD -s 10.1.xx.xx/24 -d 224.0.0.0/4 -j ACCEPT
iptables -I INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -I FORWARD -d 224.0.0.0/4 -j ACCEPT

#Enabling VLC VoD:
iptables -A INPUT -s 192.168.50.0/24 -m tcp -p tcp --dport 30000:65000 -j ACCEPT iptables -A INPUT -s 192.168.50.0/24 -m udp -p udp --dport 30000:65000 -j ACCEPT iptables -A INPUT -s 10.1.xx.xx/24 -m tcp -p tcp --dport 30000:65000 -j ACCEPT iptables -A INPUT -s 10.1.xx.xx/24 -m udp -p udp --dport 30000:65000 -j ACCEPT iptables -A FORWARD -s 192.168.50.0/24 -m tcp -p tcp --dport 30000:65000 -j ACCEPT iptables -A FORWARD -s 192.168.50.0/24 -m udp -p udp --dport 30000:65000 -j ACCEPT iptables -A FORWARD -s 10.1.xx.xx/24 -m tcp -p tcp --dport 30000:65000 -j ACCEPT iptables -A FORWARD -s 10.1.xx.xx/24 -m udp -p udp --dport 30000:65000 -j ACCEPT 

Please, there is anybody who has any tip or could help me?

Thanks in advance,
Rebeca Martinez




--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux