Community discussions

MikroTik App
 
HollyAssasin
just joined
Topic Author
Posts: 3
Joined: Wed Nov 02, 2022 6:58 pm

Port forward for RTSP stream.

Wed Nov 02, 2022 8:20 pm

Hello,

I recently bought a hAP ac² router, which is my first mikrotik device, so I don't really have any experience with it.
I would like to stream some games to my friends, so I decided to use a RTSP plugin for OBS. It starts an RTSP server with the local PC's ip and port 554. So basically rtsp://192.168.88.230:554/live.
The stream works fin when viewing from the same network, yet connecting by my public ip doesn't work.
Using tutorials I opened the port 554 for both UDP and TCP and when using a website for pinging them they are both open. I also have a public IP that my provider gave me that I have replaced for X.X.X.X .

Would like to thank in advance.
# nov/02/2022 15:33:40 by RouterOS 6.47.9
# software id = C8UJ-ID4L
#
# model = RBD52G-5HacD2HnD
/interface bridge
add admin-mac=2C:C8:1B:8D:4E:35 ageing-time=2h5m auto-mac=no comment=defconf \
    name=bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=B0:25:AA:2D:3F:33
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
    MikroTik-8D4E39 wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX disabled=no distance=indoors frequency=5200 mode=\
    ap-bridge ssid=BananaPie wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat
add action=dst-nat chain=dstnat dst-address=X.X.X.X dst-port=554 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.88.230 to-ports=\
    554
add action=dst-nat chain=dstnat dst-address=X.X.X.X dst-port=554 \
    in-interface-list=WAN protocol=udp to-addresses=192.168.88.230 to-ports=\
    554
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forward for RTSP stream.

Wed Nov 02, 2022 10:25 pm

You want to create a hole in your router and let the whole internet pour in??

Can you choose any port or is it fixed to that number (or is it just the usual default).

How are people connecting to your stream DYNDNS name:port# ??

Recommend if nothing else that you limite access on the destination nat rule to their Public IP address!!!
Either they have a static or they can get free dyndns host service and give you the name to put in a firewall adddress list.

++++++++++++++++

After limiting access, the other issue may be that your expecting to be able to push data, whereas they have to pull the data like off a server................ Not sure how your service works exactly.
 
HollyAssasin
just joined
Topic Author
Posts: 3
Joined: Wed Nov 02, 2022 6:58 pm

Re: Port forward for RTSP stream.

Wed Nov 02, 2022 10:36 pm

I have a username and password restriction set in place with the server.
The port 554 is usually reserved for RTSP streams.
To connect to the stream you need VLC and then just the ip+port.

I have little experience with servers, but I'm pretty sure it's similar to game servers, like minecraft. I tried a minecraft server but that did not work as well.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Port forward for RTSP stream.

Wed Nov 02, 2022 10:46 pm

Username and password is not enough for security that has no encryption............................ Is RTSP at least encrypted traffic............ Like Secure FTP or something.
 
HollyAssasin
just joined
Topic Author
Posts: 3
Joined: Wed Nov 02, 2022 6:58 pm

Re: Port forward for RTSP stream.

Wed Nov 02, 2022 10:51 pm

Honestly, no idea, but I'd I assume it is, since it is used for security cameras. I don't think that the problem lies in RTSP, since as I have tried, minecraft servers don't work, and they only need open ports.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 10 guests