Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 2 subscribers
  • Views 511043 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding for RTSP Stream

dkirk
Hello,

I have read through and followed the suggestions on other posts regarding port forwarding (NAT) within UTM 9 however, I cannot seem to get things to work.

I have three internal cameras with which I need to allow external access to their RTSP streams. The internal url for these feeds are as follows:

rtsp://192.168.1.30:554/11
rtsp://192.168.1.28:554/11
rtsp://192.168.1.32:554/11

Using my single external IP address, I will need to specify a different port and then forward for each camera such as:

rtsp://200.13.12.42:2007 => rtsp://192.168.1.30:554/11
rtsp://200.13.12.42:2008 => rtsp://192.168.1.28:554/11
rtsp://200.13.12.42:2009 => rtsp://192.168.1.32:554/11

I have tried to accomplish this numerous ways and I am still unable to view these streams externally. Internally, the streams function perfectly. How do I go about configuring this correctly? Thanks in advance for any assistance.


This thread was automatically locked due to age.
Parents
  • 0
    First, are you sure that the cameras have the IP of "Internal (Address)" as default gateway?

    Next is what I call Rule #3:

    Never create a Host/Network definition bound to a specific interface.
    Always leave all definitions with 'Interface: >'.



    Last is what I call Rule #4:

    When creating DNATs for traffic arriving from the internet, in "Going to:" always use the
    "(Address)" object created by WebAdmin when the Interface or the Additional Address was defined.
    Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.


    Any luck with those?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    First, are you sure that the cameras have the IP of "Internal (Address)" as default gateway?

    Next is what I call Rule #3:

    Never create a Host/Network definition bound to a specific interface.
    Always leave all definitions with 'Interface: >'.



    Last is what I call Rule #4:

    When creating DNATs for traffic arriving from the internet, in "Going to:" always use the
    "(Address)" object created by WebAdmin when the Interface or the Additional Address was defined.
    Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.


    Any luck with those?

    Cheers - Bob



    [Offtopic]Bob, do you have an overview of your rules somewhere on the forum?[/Offtopic]

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0 in reply to BAlfson
    First, are you sure that the cameras have the IP of "Internal (Address)" as default gateway?

    Next is what I call Rule #3:

    Never create a Host/Network definition bound to a specific interface.
    Always leave all definitions with 'Interface: >'.



    Last is what I call Rule #4:

    When creating DNATs for traffic arriving from the internet, in "Going to:" always use the
    "(Address)" object created by WebAdmin when the Interface or the Additional Address was defined.
    Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.


    Any luck with those?

    Cheers - Bob



    [Offtopic]Bob, do you have an overview of your rules somewhere on the forum?[/Offtopic]

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Cookie Information Banner