[mdlug] iptables l7 filter
Dan Pritts
danno at umich.edu
Thu Jan 15 22:09:09 EST 2009
based on my look at the l7 pages, i agree that it can probably do
what you want. You'll have to jump to the a chain that uses REDIRECT
to spooge it over to the intended destination port.
I think this is probably possible, but you will need to grok how the
packets flow through iptables to make sure it will work.
http://l7-filter.sourceforge.net/PacketFlow.png
for other things, I'd poke around to see if any of the apache proxy
modules can handle proxying rtsp - you never know.
it also would appear that you can run rtsp over http:
http://stackoverflow.com/questions/259038/rtsp-over-http-over-a-proxy
of course, is rtsp actually carrying the content? I thought that
it just handled signalling, and a separate connection was used to
stream the data. In which case, you've got a lot bigger problem
than getting rtsp through a firewall...
On Wed, Jan 14, 2009 at 05:39:08PM -0500, Stan Green wrote:
> I have recently added steaming video to my web server. It is running rtsp on
> port 554. All is working fine. However, many companies block ports like 554.
> So my thought is to allow it to accept traffic on port 80, which most
> companies allow, and inside the box route the traffic to 554. I also have a
> web server on the box, so I cannot route all traffic.
>
> In steps iptables and the l7 filter. (http://l7-filter.sourceforge.net/HOWTO)
> Using this filter, I think I should be able to route rtsp traffic to port
> 554.
>
> Has anyone use l7 with iptables to do something like this.
>
> Is there a better way, assume 1 box and 1 ip address with multiple host names,
> to accomplish this same thing?
>
> Thanks,
> Stan Green
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
danno
--
dan pritts
danno at umich.edu
734-929-9770
More information about the mdlug
mailing list