All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Routing issues and a challenge on a rare scenario (I guess...)
Hello all!
I am to try something like what I will describe in this post. And I am willing to get some help: if it is doable and if yes, how!
So, the scenario is this:
I want to use a H.264 encoder that is also a streaming server. It has LAN and wifi capability for connection to the net, and it can configured to use whatever internal static ipv4 address I want or use DHCP from the router it will be connected to. So, I need to have ports forwarded from the external ip (internet) to the interlan ip (NAT) of the encoder, to let the outside world reach my content (e.g. rtsp://1.2.3.4:5445 to internal rtsp://192.168.43.2:5445).
I want to use a mobile connection from an android phone via wifi tethering. The ipv4 from LTE mobile connection will not be static, of course, and the internal NAT range in android is -as we know- fixed on 192.168.43.1/24 .
One solution is to use routed android phone and try to use a couple of port forward apps, that they are unfortunately not really stable. Have anybody any experience on port forwarding by an android mobile phone, the stability e.g.?
This solution, if will work, has a serious disadvantage for me. I would prefer a solution where the mobile internet can be provided from any phone or LTE 4G router, not only from a certain routed device that will be bonded with the rest of the equipment.
Now, another solution I thought it maybe work is to use a second hardware router that will connect via wifi to the tethered mobile phone and serve the internet to LAN. is there any way to configure the second router (the repeater) to do port forwarding from the external ip (internet) to NAT ip? or the only capable routing device for port forwarding will be the mobile phone itself?
The scheme should be something like ANDROID PHONE TETHERING >> WIFI ROUTER REPEATER TO LAN WITH PORT FORWARDING >> ENCODER.
Have to notice that I don't want something expensive like a DC routing solution, but a small, portable, 5 or 12v router that can be carried inside the rest of the equipment bag (camcorder, encored etc.) and operates via batteries/powerbank.
Any help would be really appreciated!
Comments
That ain’t going to fly. Your 4G doesn’t have a public IP address most likely, it’s already NATed.
You can connect to a VPN at a DC and forward required ports as needed, that’s what I think is the simplest solution.
Thanks for the response.
You mean a VPN from my mobile phone? If yes, then, the need for port forwarding is still the same, as I described it in the original post.
If you mean to install a VPN on the encoder, this cannot be done, it is a closed source OS made just for the encoder, not a linux rooted box or an OS like Enigma2...
Also, how can I determine if my LTE ipv4 is NATted?
NATted?
He’s just telling you that you most probably don’t have a dedicated IP when you’re using LTE (i.e. you’re sharing the same v4 address with a bunch of other customers).
If you really do want to check, ask a friend who is on the same mobile network to come over and give his IP. If his IP is the same as your LTE IP, then you can safely assume that it is NAT’ed.
If you really do want to check, ask a friend who is on the same mobile network to come over and give his IP. If his IP is the same as your LTE IP, then you can safely assume that it is NAT’ed.
OK, this is the most... patented way to determine if a LTE ipv4 is shared or dedicated! Anyway, I have three phones from the same company and all do have different ips. And I surely understand what clouvider posted. A way to find out if an ip is natted, would be to use a routed phone, install a service there to certain port and see if this service is visible to the outside world or not. But this is not a universal solution.
In Greece, there is not a rule that a LTE ipv4 is shared. A few years ago, when 3g still ruled, almost all ips were dedicated. But vodafone, wind and at last cosmote started to nat ip on mobiles since some years ago in scale, but not always.
The question I am asking is different, though. Even if I use a vpn, shouldn't I use port forwarding thru the device to the internal tethering NAT? Or can I use it from the server?
And the main question is the second one on my OP: Can I use port forwarding using a repeater router that gets the external internet connection from a tethered mobile device?
I find the public nat IP I have from EE on my mobile changing depending on a location, for example. One can simply check if the ports open on their PC are open on the public IP.
No idea how you'd get this information out of android but basically you just look at the IP they are giving your device (not some whatsmyip site - that's pointless in this scenario). If it's an internal or CGNAT address, well, it's NAT. In any case chances are extremely high you are being NATed. Mobile ISPs without NAT are a rare breed so VPN is likely unavoidable. Also i'd consider dropping the phone. It's not ment to be a network device. Replace it with [insert-SBC-of-your-choice] + Huawei 398/3372 so you get access to some proper tools. Just make sure to avoid hilink. You certainly don't want another NAT on top of your NAT.
Only if it’s an USB modem, because when Android is tethering it acts as a router.
Solution:
You still may have the problem that the Android phone acts as router.
Yeah, android is a clunky solution even if it's possible to get it to work somehow imo. That's why i pointed towards those Huawei dongles and some kind of real OS. Possibility for external antennas is just a nerd bonus.
Hilink mode is a turd though as it's the same castrated NAT router dilemma and at least the E3372 has different variants sold under the same labels (E3372h/E3372s both exist with identical generic branding). It's easy to find howtos for converting the hilink to the stick (modem) versions though.
@Clouvider Thanks for your contrib, always helpful!
Thanks guys for your suggestions. I think I have now in mind a solution, with some cheap hardware involved.
There are several cheap DD-wrt pre-installed routers or routers that can wear DD-wrt (or maybe even OpenWrt). I will search this scenario: DD-wrt router will grab wan (internet) as access point from the tethered mobile device.
I will setup openvpn to the DD-wrt router and use port forwarding from the openvpn server or the router itself.
Hope it works!
If I were you I’d buy a router with a sim slot capable of LTE straight away. Your phone will be another NAT.
I would say it'll most likely not work as most mobile providers run their mobile IPv4 ranges on CG-NAT due to the shortage of IPv4. Your best bet here if you don't want to use a VPN is to check if your carrier supports IPv6 as most carriers tend to provision 1 unique dynamic IP per client that connects to their network.
@jvnadr
Do I get you right? You have some machine (supposedly a PC) on which you run some kind of video server and you want to connect that box to the internet via a android phone so as to make your video server accessible from the internet?
Sounds like a plan.
Seconded. It's also not like the phone is going to add much value when you can't really move it in fear of breaking your setup. Seems to be more useful to just connect it to said router by wifi. An LTE enabled router might be a bit pricy though but from what i hear (not much experience there, sorry) there are models that can fit USB devices so if you can get one of these and 20-25€ for a dongle fits your definition of cheap it might be worth considering.
You had right (of course)...
I have one and tested, but there is the issue you described, now I get NATted ipv4. I didn't realize that they did this dramatic change in my mobile carrier... Last year, when I was using a LTE dongle on a pc, I was able to do port forwarding most of the time and didn't even think about NATted ip...
So, port forward on the LTE router is not going to work likely... My original thoughts on how to do it have officially ruined!!!
Almost. There are some boxes that are hardware h.264 or h.265 encoders. They have video and audio inputs (SDI, HDMI and/or CVBS) and transcoding the signal to various streaming formats (rtmp, rtsp, rtp, http etc.). Those boxes are working either as streaming devices (they push the signal to a server, e.g., rtmp streaming) or they are acting like a server themselves (e.g. rtmp://192.168.1.10:video.ts). They usually carry a special hack of a linux, most of them something called "hi-linux".
When pushing to a server, any internet connection works. When on server operation, you have to be either inside a lan and grab the encoded video thru internal ip or using port forwarding from the external ip to the internal nat ip of the box to access the content from the outside world.
Yes, this is maybe a plan. Just have to buy one of those cheap chinese DD-wrt routers to test it via openvpn.
BTW, a LTE router nowadays is not that pricey, you can find from ebay a lot of cheap devices costing €30-50 that having only wifi transmission (not a lan port, it will be pore pricey). Routers that have the capability to use a LTE dongle on their usb ports, are much more expensive and you are stick on certain dongle models those routers can operate with.
Ouch, i see. Thought it might cut prices not increase them. At 50€ you'd already be better off to build your own so anything beyond that is out of the question. Actually that's what i am doing right now. If i can get a dongle for 20€ i'll be at ~37€ with gbit lan and a nice wifi setup (sadly no ac just n though).
Based on what little I know (e.g. will ~10Mb/s do or what speed do you need? Shall only you or maybe a couple of friends access the streamed video or shall it be any and every one on the www?) it seems to me that your triangle is price, speed (e.g. 4G) and portability, and easy concept/reliability. 4G drives the price up a lot. Android offers little freedom. I personally, IF I had the interest (which I don't have) would simpy try to find an LTE solution for the video box (does it have mini-PCIe? USB3?) and then have a cheap VPS act as public interface to the stream.
You are some steps behind on what I am already doing, far away from what I want to add on my concurrent usage!
Encoder box is not a pc or something like that. It's just a hardware piece with certain options. You cannot just plug a dongle there or do hacks.
As of the speeds, servers etc., it's not what I asked for, there are certain usages and infrastructure this box will work with.
Just to give you some more enlighten, encoder is used for real time connection when doing a live news coverage to a TV network's master control. The stream is something like peer to peer and replace skype (poor quality, limited options for configure) and LiveU servers (we use it in some cases, but the usage is limited due to costs - we currently have ~ 12 LiveU units in whole country).
We do much more coverage using skype connected to laptop with external broadcast camcorders).
Encoder is being used today as rtmp h.264 streamer to a nginx-rtmp server and from there, to a web player that is configured for almost zero latency (I achieved latency of ~1 sec, something that is really rare for rtmp streams).
What I want to do is this: Instead of streaming to a rtmp server and from there, the studio takes video and audio, I want to allow them grab the stream directly from the source (encoder box) via rtsp protocol.
I can do that when connecting the box to a landline DSL (router do port forwarding to the internal NAT address) but I want to be able to do it in remote locations when using mobile internet (LTE, 3G).
@jvnadr
So, if I get you right there are basically 2 problems:
some portable system capable to do 3G and 4G. If I'm not mistaken you are doing it in a professional context so the problem boils down to getting say an Arm based board with 3G and 4G support (which are available) and costs of 200$ for such a board aren't a problem.
Some (many?) LTE providers don't give you an IP address but NAT you. No problem or at least just a minor problem that can be solved by turning things upside down. Rather than studio connecting to you, you create a little software (e.g. small Python script) and connect to the studio say once a minute to look whether they are interested in your stream. If yes, you push your stuff to them. If not, you sleep 1 minute.
@jsg Encoders cannot be tweaked with scripts, python or anything else. You only get access to an interface, no terminal, no console, no OS able to hack.
Also, there is no way to check if studio is interested for a stream. This is not how video transmission works. it can be done either using a server (stream to the server and the viewer takes footage from there) or connect p2p either by push or pull.
Certain formats can be pushed (that needs a server or a receiver with server capabilities), some others have to be pulled (like the formats I want to use to eliminate latency).
The goal here is to abandon any middleman like a server, to throw away any extra latency on the infrastructure (in a live environment, the latency should be something like 200-300ms and no more than 1-1,5 sec).
Rtmp (the format that served the ol' good flash streaming) with normal players or decoders, do have latency more than 5-6 seconds (in most streaming environments this latency can rise even more than 30 seconds!). HLS/dash formats are using fragments on transmission and this can be done with no less latency than 6-8 seconds, in the most tight setup.
The goal here is to use a format without server. Server must be the encoder (that's designed for), so, it should be reached from the outside world by an address. So, main issue here is that LTE is using mostly NATted ipv4 that forbid the use of port forwarding...
I have alternatives, as I said before:
One is to use rtmp H.264 format sending to a nginx-rtmp server (it has zero delay when not transcoding). Rtmp is still the most mature format that is capable to use it without latency. Unfortunately, the receivers (players) of this format add delay themselves! Even VLC with heavy tweaks or FFPlay setups, like MPlayer, add a delay of 3-4 seconds, something unacceptable for the usage I want. There is only a couple of web players that eliminate any delay, keeping it to ~1 second and that's what I use. This is the setup I have been using with the box.
The other solution that I'm going to try, is to use as middleman an OpenVPN server with the help of a DD-wrt router. I already ordered one to test it. This router can use openvpn to all of the traffic, so, either with port forwarding or iptables on the vpn server, I think I can achieve my goal as described on the original post.
One of the goals is to keep all the infrastructure as portable as it can be: the encoder is a small box in a size a little bigger than RPi and the DD-wrt router is the half of a RPi. So, those two can be mounted with a cold shoe on the top of the camcorder, so, the cameraman is totally free to move whenever he wants without cables, laptops and other equipment when doing a live show.
I did all the detailed explain, because maybe somebody in the future want to try something like this, so, I state my experience here with this scenario! If it works, I can achieve something with a total cost of equipment no more than 300-350 euros, when a LiveU and similar solutions costs >2000€ and they need a monthly subscription of €50 each machine!
@jvnadr
Misunderstanding; probably my poor wording. What I suggested is pretty much your DD-WRT solution. The other issue ("turn it upside down") was an idea how to solve the LTE NAT problem by not having the other side "call" you but you setting up the connection. Unfortunately I don't know a lot about your audio/video world but I assume that the following still is true:
Your side (encoder + DD-WRT, whatever) either has or has not a stream available. And the other side (the studio) either is interested in that stream or not.
No matter whether DD-WRT or another box, if it's connected via LTE it's still NATed. That's what my "who calls whom" thinking was about because while you can not be "called" (NAT) you can perfectly well establish a connection to the outside (studio).
Of course you can have something similar by going through OpenVPN.
Anyway I just tried to help but probably I'm too audio/video stupid.
Well, cannot be hacked is pretty much a question of invested time and resources. As you said it runs some kind of linux in theory all you'd have to do is get to it's storage (there has to be some kind of chip, compact flash, disk or whatever storing the system and given it runs linux you should at least be able to get kernel sources. Admittedly that's pretty much out of scope and it would likely be easier to just clone the whole thing than reverse engineer enough details to do anything of value but in theory it's not impossible
hahaha, not stupid a all. It is a field that it is not very common, and my demand is cheap and rare! Thanks for the talk, anyway!
Impossible? probably not. But my knowledge is so limited, that even getting to kernel sources seem like a mountain to climb for me!
That's what I thought too but who am I (quite clueless in audio/video) to tell him (professional in the field) ...
Plus so it seems to me it's probably not the smartest approach anyway to fiddle around inside a specialized box. But yes, if there's room and resources for something like nginx there should also be room for a small script, possibly just changing/pushing a firewall config line.