natd interferes with incoming RTSP/RTP
Mikhail T.
mi+thun at aldan.algebra.com
Sat Apr 11 18:56:52 PDT 2009
Hello!
I'm trying to watch video via RTSP/RTP from a remote net-camera on my
7.0-STABLE/i386 from July 6th:
vlc --verbose 2
rtsp://user:password@remote.example.com/nphMpeg4/g726-320x240
Things work fine, when my machine has the firewall disabled.
Unfortunately, the machine is also in charge of protecting and NAT-ing
for a small LAN, s keeping the ipfw down for long is not an option. Yet,
with my usual firewall setup (the modified "simple" -- altered to not
care, what the outside IP-address is, because it changes via DHCP),
things time-out...
However, if I disable just one of the rules below -- 1300, the one
diverting all traffic to natd -- the video works fine... So it is not
any of the other rules, that are the problem, nor is it the remote
server... Why would this happen and how do I solve the problem? Thanks!
Yours,
-mi
P.S. Output of /etc/rc.d/ipfw showing the rules, etc.
net.inet.ip.fw.enable: 1 -> 0
Stopping natd.
Waiting for PIDS: 62054, 62054, 62054, 62054, 62054.
Starting natd.
Loading /lib/libalias_cuseeme.so
Loading /lib/libalias_ftp.so
Loading /lib/libalias_irc.so
Loading /lib/libalias_nbt.so
Loading /lib/libalias_pptp.so
Loading /lib/libalias_skinny.so
Loading /lib/libalias_smedia.so
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from 192.168.1.0/24 to any in via nve0
00500 deny ip from any to 10.0.0.0/8 via nve0
00600 deny ip from any to 172.16.0.0/12 via nve0
00700 deny ip from any to 192.168.0.0/16 via nve0
00800 deny ip from any to 0.0.0.0/8 via nve0
00900 deny ip from any to 169.254.0.0/16 via nve0
01000 deny ip from any to 192.0.2.0/24 via nve0
01100 deny ip from any to 224.0.0.0/4 via nve0
01200 deny ip from any to 240.0.0.0/4 via nve0
/01300 divert 8668 ip from any to any via nve0/
01400 deny ip from 10.0.0.0/8 to any via nve0
01500 deny ip from 172.16.0.0/12 to any via nve0
01600 deny ip from 192.168.0.0/16 to any via nve0
01700 deny ip from 0.0.0.0/8 to any via nve0
01800 deny ip from 169.254.0.0/16 to any via nve0
01900 deny ip from 192.0.2.0/24 to any via nve0
02000 deny ip from 224.0.0.0/4 to any via nve0
02100 deny ip from 240.0.0.0/4 to any via nve0
02200 allow tcp from any to any established
02300 allow ip from any to any frag
02400 allow tcp from any to any dst-port 22 setup
02500 allow tcp from any to any dst-port 25 setup
02600 allow tcp from any to any dst-port 53 setup
02700 allow udp from any to any dst-port 53
02800 allow udp from any 53 to any
02900 allow tcp from any to any dst-port 80 setup
03000 allow tcp from any to any dst-port 2875 setup
03100 allow tcp from any to any dst-port 2885 setup
03200 allow tcp from any to any dst-port 2890 setup
03300 allow tcp from any to any dst-port 2895 setup
03400 allow tcp from any to any dst-port 2990 setup
03500 deny log logamount 100 tcp from any to any in via nve0 setup
03600 allow tcp from any to any setup
03700 allow udp from any to any dst-port 53 keep-state
03800 allow udp from any to any dst-port 123 keep-state
Firewall rules loaded.
net.inet.ip.fw.enable: 0 -> 1
More information about the freebsd-net
mailing list