Those 2 required functions are:
1. IGMP proxy. Thanks Mikrotik for their hard work for getting this function working. Works well, haven't seen any problems.
2. RTSP ip connection tracking. This is still missing.
RTSP IP connection tracking ie. rtsp conntrack module is basically L7 NAT feature that replaces destination ip address in outgoing package and automatically does destination NAT to get the RSTP stream to client. For example: https://github.com/maru-sama/rtsp-linux
The following data have been collected by looking packages between STB and "ISP provided router" and compared with packages that go out from the ISP provided router.
STB sends out package:
Code: Select all
SETUP rtsp://X.X.X.X:554/SomeAbstractNameHere RTSP/1.0
User-Agent: Kreatel_IP-STB
Transport: MP2T/H2221/UDP;unicast;destination=192.168.1.207;client_port=34808
x-properties: mac_address=6C63XXXXXXXX
x-mayNotify:
CSeq: 3
The same package goes out from the ISP router as:
Code: Select all
SETUP rtsp://X.X.X.X:554/SomeAbstractNameHere RTSP/1.0
User-Agent: Kreatel_IP-STB
Transport: MP2T/H2221/UDP;unicast;destination="EXTERNAL IP AADRESS";client_port=34808
x-properties: mac_address=6C63XXXXXXXX
x-mayNotify:
CSeq: 3
Second the client port is read, and proper port is directed to internal IP address.
Currently all we have managed with a RouterOS device is a polite reply from RTSP server:
Code: Select all
RTSP/1.0 403 Forbidden
Server: Orbit2x
CSeq: 3
Would this feature be eventually implemented?
Or is there a way to achieve these 2 "things" already using L7 firewall and some scripting magic?