RTSP stream being blocked BLUE to GREEN

I’m trying to make some RTSP streams available from GREEN zone to BLUE zone, but they are being blocked. Access to the cameras work fine. Picture is displayed in the cameras internal software, however, when I pull up the stream in VLC… nothing!
Outgoing Firewall Rule #1 ALLOW, All protocols, Source firewall BLUE, Destination CIDR range
HTTP works. Camera images displays.
RTSP blocked.

What am I missing?

this is not a good idea. everything might as well be in the same network.
Assuming the CIDR is Green?

A service group rule would be better.
and a network group for Cameras.

But the point is that it didn’t work. Once something is working, it can be tightened down.

It would help to see a screenshot of the rule involved.

The description says that the source is firewall blue, not the blue subnet which if true would not do what is expected.

We need to see the details of the actual rule defined.

1 Like

Hi @wolfie

Welcome to the IPFire community.

Yes, you have used the firewall as your source.

Your firewall rule for a Blue to green pinhole should end up in the section circled.

22efeedcad328f9dd3a0da644829a7d616b5ee4f_2_690x340

In the wiki it says that the use of the firewall entry is for

The firewall dropdown menu allows an easy selection of the firewall's IP addresses. They can be selected to create rules which filter packets that are originating from or directly sent to the firewall system.

You don’t want the rules to be controlling things originating from the firewall system but from the blue subnet.

https://www.ipfire.org/docs/configuration/firewall/rules/bg-holes

Note in step 1 that the source is chosen to be an IP or a network and not the firewall entry on the right hand side.

This wiki section should help you get your firewall rule correctly defined.

Come back if you still have problems after reading through it and trying it out.

EDIT:

When you are trying out firewall rules for the first time, then I would definitely suggest to enable the logging so that you can see what the firewall is actually doing with the packets that are sent.

3 Likes

So it sounds like you have a wifi camera on blue and want to view it on green with a computer.

It should be the same way when I had my nvr on green and my doorbell cam on blue.

I reserved an ip outside the dchp pool for my wireless doorbell cam that is on blue.

Then I added to the firewall rules: ALL, (ip address of web cam on blue) to green, Accept

Because you can send from green to blue, but not receive by default.

Of course this would work the same way if you were trying to use a mobile phone on blue to connect to a green camera.

What @bonnietwin says: You need to select the BLUE zone and not just the BLUE interface of the firewall.

I’m with @hvacguy saying its a bad idea to merge the blue network to green.

Its better to static the device on blue and grant it access to green.

Same problem. HTML works fine, RTSP blocked.

At this point, it’s turning into more trouble than it’s worth. RTSP is being blocked. I don’t know why. There’s nothing in the logs. I have no way to troubleshoot this problem. So that’s that! I do have access to the cameras via HTML, so that’s just going to have to suffice. Time to put this puppy to bed and call it a day.

Much appreciation to everyone who has contributed their valuable time trying to diagnose this problem. I’m very impressed with the level of support I’ve received.

THANK YOU EVERYONE! You’re the best!

1 Like

It could be using unicast/multicast.