Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT for MMS o RTSP not working

    NAT
    3
    5
    6.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rizzo
      last edited by

      Good day,

      I have a few services running behind a Pfsense firewall, however I haven't been able to get a windows 2003 media server to get tru the firewall to clients. I changed my ipcop firewall to pfsense last week and I have found this new fw to be me pwerfull. I have configured all of my services tru NAT and they all work fine but not my windows media server.

      I'm trying with MMS:// and RTSP:// with no luck…Within the LAN works just fine. THanks

      I've tried this:

      WAN  TCP/UDP  1755  192.168.10.22
      (ext.: 201.221.142.155) 1755  Streaming desde colnets 
      [edit rule]
      [add a new nat based on this one]
      WAN TCP/UDP 554  192.168.10.22
      (ext.: 201.221.142.155) 554  Streaming desde colnets 
      [edit rule]
      [add a new nat based on this one]
      WAN UDP 2 - 65534 192.168.10.22
      (ext.: 201.221.142.155) 2 - 65534 Streaming desde colnets 
      [edit rule]
      [add a new nat based on this one]
      WAN TCP 89  192.168.10.22
      (ext.: 201.221.142.155) 80 (HTTP) Streaming desde colnets

      I found the ports info here
      http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/25_s3wms.mspx

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Do i get that right?

        Client
            |
        Internet
            |
          pfSense
            |
          Server

        And if you connect with a client from the internet side to the public IP of the pfSense they cannot reach your server?

        I dont know anything about windows 2003 media servers.
        Do they initiate a connection to the client?

        Could you make screenshots of your Firewall-rules and your NAT-rules?
        Text-only is a bit unreadable and i dont understand which rules are firewall rules and which NAT and where (which interface) you created them.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          rizzo
          last edited by

          Hi again,

          Client
              |
          Internet
              |
            pfSense
              |
            Server

          Answe: YES.. the diagram is correct.

          And if you connect with a client from the internet side to the public IP of the pfSense they cannot reach your server?
          Answer: Yes.

          I dont know anything about windows 2003 media servers.
          Do they initiate a connection to the client?
          Answer: Yes. The run as any service listening on a particular port. This particular service is quite more complex since it uses UDP and TCP .However, one should be able to set port forwarding rules ang get it to work (NAT).

          Could you make screenshots of your Firewall-rules and your NAT-rules?
          Yes… attaching the image NAT --- (the rules dont matter-- open)

          Diagram.JPG
          Diagram.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            @rizzo:

            I dont know anything about windows 2003 media servers.
            Do they initiate a connection to the client?

            Answer: Yes. The run as any service listening on a particular port. This particular service is quite more complex since it uses UDP and TCP .However, one should be able to set port forwarding rules ang get it to work (NAT).

            Well if the server initiates a connection to the client then the clients need to have the ports on their side open.
            Are you really sure about that?
            I've never seen any kind of server-software as dumb as that :D
            (because then 99% of all clients would not be able to connect)

            One thing i noticed:
            Your NATing rules are overlapping.
            –> the UDP 2-65534 includes the TCP/UDP-rules.
            I'm not sure if that works (i think it should). But that "could" be a problem (well... probably not).

            Of course it could be that the client server connection works a bit like Skype (where you first open a "pseudo connection" from both sides to an open server and then the connection from both to the server gets changed so that they talk to each directly on their originally own outbound connection)

            The other thing: if the Server really initiates an outgoing connection the source of it should be the same IP as the clients connect to (201.221.142.155 since you seem to use VIP's).
            Do you have any rules in place that traffic from this particular server goes over this VIP out?
            And just in the same direction: if the server initiates a connection the outgoing port WILL be scrambled. ( http://forum.pfsense.org/index.php/topic,7001.0.html --> NAT--> http://doc.pfsense.org/index.php/Static_Port )

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              NAT on pfSense doesn't support RTSP so you really should be looking at a proxy for such thing.

              But again, i have never used that kind of server so might be mistaken.
              Try enabling static port as is recommended for VoIP phones, probably that might fix it.
              Or try setting a 1:1 rule only for the server to communicate if you have a spare ip.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.