RTSP IP tables
This is similar to a “data diode”.
For this example I am using a Raspberry Pi with two NICs. On board NIC (secondary network 192.168.50.1) and USB NIC (primary network 192.168.1.40).
The dest device is another host on the secondary network (192.168.50.2).
My PC I use to test the configuration is on the primary network (192.168.1.39).
This allows me to join two networks securely while only allowing TCP traffic over a specific port flowing in one direction.
Image raspbian lite to a SD card.
ssh file to boot partiton.
Edit before putting imaged SD card into Pi
sudo nano /etc/dhcpcd.conf interface eth0 static ip_address=192.168.50.1 interface eth1 static ip_address=192.168.1.40
Edit after the Pi has booted for first time using SSH
Enable IP forward in Linux
Uncomment the following line in the file
sudo nano /etc/sysctl.conf net.ipv4.ip_forward = 1
Optionally change hostname
sudo nano /etc/hosts and
sudo nano /etc/hostname
Allow traffic to be NAT to dest device
We specify the port the Pi(firewall) is listening on with
Then we specify the device behind the Pi(firewall) and what port it’s listening on with
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.50.2:80
Reboot the Pi(firewall).
Test use MPV to try connect through the Pi(firewall)
Generally RTSP is TCP.
We use the Pi(firewall) IP here.
Flow of traffic
PC desktop (192.168.1.39) –> Pi primary NIC (192.168.1.40) –> NAT and IP forwarding –> Pi secondary NIC (192.168.50.1) –> Dest RTSP server (192.168.50.2)
Let me know what you think of this article on twitter @M3PGS or leave a comment below!