Need Reflection/Rule for IP Camera/ffmpeg - pfSense 2.1



  • I am trying to run a ffmpeg batch file on my local network and I need to use an external IP address in the input file (rtsp://) and have it redirect to the IP camera on the same local network. I have done some research and have set NAT Reflection mode for port forwards to Enable + Proxy, but that does not work.

    In summary i believe i need a rule to forward "externalIP:port to cameraIP:port and i need this to function from within the network. Any advice greatly appreciated! Will "rep" for suggestions…Thank you!

    nlitend1

    p.s. I also have a local domain on the network with a domain controller (Windows Server 2012) if that provides a DNS forwarding option.


  • LAYER 8 Global Moderator

    "I need to use an external IP address in the input file (rtsp://)"

    I have to wonder why?  And do you mean you have to use something like rtsp://24.1.2.3 or something like rtsp://something.otherthing.tld ?

    Why can you not use rtsp://192.168.1.14 in your batch file?  And point directly to your camera's actual local IP?  If needing to use something.otherthing.tld then have your local dns be it pfsense or your AD dns resolve something.otherthing.tld to whatever your local camera's IP is - ie 192.168.1.14 for example.

    But if you want nat reflection to work, then first you have to actually forward the port..  So whatever port this rtsp:// url uses you need to forward that first.  And then yes make sure nat reflection is enabled and then you can hit rtsp://yourpfsensewanIP be it by fqdn or IP and it would be reflected back to whatever local IP you setup your port forward for.



  • Thanks for the reply!

    To answer the "why"….The foscam IP camera I have drops frames over UDP, and if i use an external IP to request the stream, the card will timeout UDP and switch over to TCP, which should work better per the foscam forums.

    I have:
    1. forwarded the port to the camera
    2. set nat reflection to Enabled + proxy
    3. (even tried change the "reflection" setting in the port forwarding from "system default" to "enabled + proxy")

    And currently the ip camera is not accessible via FQDN:port or ExtIP:port.


  • LAYER 8 Global Moderator

    so your saying your camera is going to drop packets over your LOCAL lan??  Sure I can see that happening over the public net, but locally why should you be dropping packets?

    As to why you would use + proxy I have no idea - purenat would be normal choice.  And also enable automatic outbound nat checkbox.

    What is your port forward setup udp or tcp?  I would assume tcp?  UDP an nat reflection have some issues I believe.

    So your saying in your software you use to access this camera you have no way of saying use udp or tcp?  It just auto tries udp, and then if that doesn't work it tries tcp?  And you feel udp or have already tested that udp does not work on your local lan, and you want to try this nat reflection trick to get it to use tcp?

    edit:
    what camera do you have exactly??  A quick look of foscam shows that they stream over HTTP - so that is NOT going to be UDP..  On their website they show changing the port to 8090 vs the default 80..  Make sure your not trying to use the port your pfsense gui is listening on.



  • The camera is a Foscam FI9821W v2.

    See the following link for why I would like to use TCP.

    http://foscam.us/forum/free-tools-that-work-with-all-foscam-camera-models-t7258.html#p34621

    Additionally, here is the thread where I discussed specifically my situation.

    http://foscam.us/forum/h-264-tools-t8146-10.html


  • LAYER 8 Global Moderator

    Ok so what ports are you trying to use for http and this media port.. On the website they show using 8080 for the http and 888 for the media port.

    This would be the port I assume the rstp:// uses..  Have you forwarded this port as well for tcp and enabled nat reflection?

    What is not working do you not get the web page of the camera to login?  What is not working exactly.. And can you post up your nat rules and firewall rules.


Log in to reply