DNAT for RTSP (RTCP) not working
-
Hello,
i have a RTSP Server on WAN, exact it's my router to Cable-ISP.
Environment (productiv):
- RTSP Server on WAN
- pfSense 21.02-RELEASE-p1 (yesterday 2.5.0) Netgate Device f8274777fa906f98xxxx
- Client on macOS and iOS
Environment (test)
- RTSP Server on WAN
- pfSense 2.5.0 (fresh installed by ISO Image)
- Client clean installed W10
I have capture the WAN traffic and found the all correct, expect the final UDP streaming from WAN to LAN.
In detail:
- The client connecting the RTSP server using 554 (RTCP)
- The client ask for OPTIONS and more. All OK
- The client send its port waiting for stream using SETUP client_port on RTCP (port are dynamic!)
- The Server confirmed this
- The client send a START on RTCP
All works correctly up to this point.
- Server sends stream to the confirmed port (see 3.)
This traffic will not routed to the client. I think that pfSense do no spoof the RTCP traffic and do not define a NAT nor a port forwarding.
If i configure a port forward for ports 30000-65535 to the client, the streaming working correctly. But it is a wide range to open to a special client. It will not work for two simultan clients and the port often changed (on any channel change).
What needed is a spoofing the RTCP traffic and setup and NAT or forwarding for the "client_port" in the RTCP-SETUP message. As i have seen, other firewall (like USG) do this.
What i can do, that RTSP/RTCP working correctly with pfSense?