Join Log in
Score:1
avatar Server

RTSP Stream Cannot Be Accessed from KVM Guest using NAT - iptables forwarding

in flag
OwN

How should iptables on the host be configured to allow rtsp:// traffic from a KVM guest that initiated the connection via a NAT network interface?

It doesn't appear to be a simple mapping. I don't know what port the guest uses when it opens the connection to the rtsp stream. It could be random. For example, the kvm guest may use port 48000 when it tries to connect to a rtsp stream running on port 30110. The next time a connection is established, it could be an entirely different port like 33844. However, traffic coming back from the rtsp port of 30110 doesn't appear to reach 48000 on that guest or whatever random port it uses. Not sure where the traffic is dying.

If I need to allow incoming connections to a specific port, I using use a /etc/libvirt/hooks/qemu bash with something like:

if [ "${1}" = "name" ]; then   # Update the following variables to fit your setup
    GUEST_IP=192.168.12.55
    GUEST_PORT=55555
    HOST_PORT=55555
    if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
        /sbin/iptables -D FORWARD -o virbr0 -d  $GUEST_IP -j ACCEPT
        /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
    fi
    if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
        /sbin/iptables -I FORWARD -o virbr0 -d  $GUEST_IP -j ACCEPT
        /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
    fi
fi

And that works, but for some reason, I cannot figure out a way to allow a kvm guest to connect and receive data from an rtsp stream over NAT despite traffic supposedly being forwarded by the NAT interface for traffic that originates from the guest.

Anyone know what needs to be done?

ffmpeg -i rtsp://{STREAM_URL} -acodec copy -vcodec copy temp.mp4
ffmpeg version 4.1.3-0york1~16.04 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 5.4.0 (Ubuntu 5.4.0-6ubuntu1~16.04.11) 20160609
  configuration: --prefix=/usr --extra-version='0york1~16.04' --toolchain=hardened --libdir=/usr/lib/x86_64-linux-gnu --incdir=/usr/include/x86_64-linux-gnu --arch=amd64 --enable-gpl --disable-stripping --enable-avresample --disable-filter=resample --enable-avisynth --enable-gnutls --enable-ladspa --enable-libaom --enable-libass --enable-libbluray --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libcodec2 --enable-libflite --enable-libfontconfig --enable-libfreetype --enable-libfribidi --enable-libgme --enable-libgsm --enable-libjack --enable-libmp3lame --enable-libmysofa --enable-libopenjpeg --enable-libopenmpt --enable-libopus --enable-libpulse --enable-librsvg --enable-librubberband --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libssh --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvorbis --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzmq --enable-libzvbi --enable-lv2 --enable-omx --enable-openal --enable-opengl --enable-sdl2 --enable-nonfree --enable-libfdk-aac --enable-libdc1394 --enable-libdrm --enable-libiec61883 --enable-chromaprint --enable-frei0r --enable-libx264 --enable-shared
  libavutil      56. 22.100 / 56. 22.100
  libavcodec     58. 35.100 / 58. 35.100
  libavformat    58. 20.100 / 58. 20.100
  libavdevice    58.  5.100 / 58.  5.100
  libavfilter     7. 40.101 /  7. 40.101
  libavresample   4.  0.  0 /  4.  0.  0
  libswscale      5.  3.100 /  5.  3.100
  libswresample   3.  3.100 /  3.  3.100
  libpostproc    55.  3.100 / 55.  3.100
[rtsp @ 0x557cc99ec240] UDP timeout, retrying with TCP
[rtsp @ 0x557cc99ec240] Could not find codec parameters for stream 0 (Video: h264, none, 1920x1080): unspecified pixel format
Consider increasing the value for the 'analyzeduration' and 'probesize' options
Guessed Channel Layout for Input Stream #0.1 : mono
Input #0, rtsp, from 'rtsp://{STREAM_URL}':
  Metadata:
    title           : 10
  Duration: N/A, bitrate: 64 kb/s
    Stream #0:0: Video: h264, none, 1920x1080, 90k tbr, 90k tbn, 180k tbc
    Stream #0:1: Audio: pcm_alaw, 8000 Hz, mono, s16, 64 kb/s
File 'temp.mp4' already exists. Overwrite ? [y/N] y
[mp4 @ 0x557cc9a00000] Could not find tag for codec pcm_alaw in stream #1, codec not currently supported in container
Could not write header for output file #0 (incorrect codec parameters ?): Invalid argument

Same RTSP url works fine from VLC on my home computer.

71
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.