Долго открывается RTSP видео с вызывной панели в приложении на смартфоне внутри сети на микротик
Добавлено: 16 апр 2019, 22:18
Brain88
Добрый день.
Проблема в следующем: настроена сеть на микротик crs328-24p-4s+rm, в сети имеется вызывная панель (домофон). Вызов с панели при звонке приходит на мобильное приложение через SIP сервер. Видео передается через RTSP ссылку по внешнему IP адресу с проброшенными портами для RTSP. Если телефон находится вне локальной сети микротика (за WAN сетью), то видео в приложении открывается практически мгновенно. Если же телефон внутри локальной сети LAN, то есть подключен к домашнему Wi-fi, то звук идет сразу, а видео появляется спустя 20-30 секунд. Собственно вопрос, почему так долго гуляет видео внутри локальной сети и что можно с этим поделать?
Конфиг микротика прилагаю.
IP адрес панели - 192.168.1.199. Правила для нее:
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.199 to-ports= 554
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.199 to-ports=554
add action=masquerade chain=srcnat dst-address=192.168.1.199 dst-port=554 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1
Проблема в следующем: настроена сеть на микротик crs328-24p-4s+rm, в сети имеется вызывная панель (домофон). Вызов с панели при звонке приходит на мобильное приложение через SIP сервер. Видео передается через RTSP ссылку по внешнему IP адресу с проброшенными портами для RTSP. Если телефон находится вне локальной сети микротика (за WAN сетью), то видео в приложении открывается практически мгновенно. Если же телефон внутри локальной сети LAN, то есть подключен к домашнему Wi-fi, то звук идет сразу, а видео появляется спустя 20-30 секунд. Собственно вопрос, почему так долго гуляет видео внутри локальной сети и что можно с этим поделать?
Конфиг микротика прилагаю.
# apr/16/2019 22:00:18 by RouterOS 6.44
# software id = RUHY-15Y6
#
# model = CRS328-24P-4S+
# serial number = 8223087F58FB
/interface bridge
add name=WAN_phone
add admin-mac=CC:2D:E0:E2:04:48 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] speed=100Mbps
set [ find default-name=ether12 ] speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] speed=100Mbps
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] speed=100Mbps
set [ find default-name=ether18 ] speed=100Mbps
set [ find default-name=ether19 ] speed=100Mbps
set [ find default-name=ether20 ] speed=100Mbps
set [ find default-name=ether21 ] speed=100Mbps
set [ find default-name=ether22 ] speed=100Mbps
set [ find default-name=ether23 ] speed=100Mbps
set [ find default-name=ether24 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] speed=10Gbps
set [ find default-name=sfp-sfpplus4 ] speed=10Gbps
/interface vlan
add interface=sfp-sfpplus1 name=vlan1 vlan-id=1504
add interface=sfp-sfpplus1 name=vlan2 vlan-id=1112
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan1 name=pppoe-out1 \
password=66de6671 use-peer-dns=yes user=st46820
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.175
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus2
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus3
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus4
add bridge=WAN_phone interface=ether1
add bridge=WAN_phone interface=vlan2
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
192.168.1.0
/ip dhcp-server lease
add address=192.168.1.50 mac-address=14:C0:89:14:E7:09
add address=192.168.1.198 mac-address=4C:11:BF:5D:E8:94
add address=192.168.1.197 mac-address=4C:11:BF:5D:E8:FF
add address=192.168.1.199 mac-address=4C:11:BF:5D:BC:D4
add address=192.168.1.200 mac-address=B8:27:EB:F5:9C:C6
add address=192.168.1.254 allow-dual-stack-queue=no mac-address=\
58:03:FB:2A:54:86
add address=192.168.1.180 allow-dual-stack-queue=no mac-address=\
94:E1:AC:43:44:00
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip firewall filter
add action=accept chain=forward dst-address=192.168.1.200 dst-port=5060 \
protocol=udp
add action=accept chain=forward dst-address=192.168.1.200 dst-port=554 \
protocol=tcp
add action=accept chain=forward dst-address=192.168.1.254 dst-port=57998 \
protocol=tcp
add action=accept chain=forward dst-address=192.168.1.200 dst-port=\
10000-20000 protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=5060 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.200 to-ports=\
5060
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.199 to-ports=\
554
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=WAN_phone
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 \
in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=\
192.168.1.199 to-ports=554
add action=masquerade chain=srcnat dst-address=192.168.1.199 dst-port=554 \
protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=57998 \
in-interface=pppoe-out1 protocol=tcp src-port="" to-addresses=\
192.168.1.254 to-ports=8000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=\
10000-20000 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.1.200 to-ports=10000-20000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=5060 \
in-interface=bridge protocol=udp src-address=192.168.1.0/24 src-port="" \
to-addresses=192.168.1.200 to-ports=5060
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=\
10000-20000 in-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.200 to-ports=10000-20000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=57998 \
in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=\
192.168.1.254 to-ports=8000
add action=src-nat chain=srcnat dst-address=192.168.1.200 dst-port=5060 \
out-interface=bridge protocol=udp src-address=192.168.1.0/24 \
src-address-list="" to-addresses=192.168.1.1
add action=src-nat chain=srcnat dst-address=192.168.1.200 dst-port=\
10000-20000 out-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
add action=src-nat chain=srcnat dst-address=192.168.1.254 dst-port=57998 \
out-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
add action=netmap chain=dstnat disabled=yes dst-address=109.106.139.43 \
dst-port=57998 in-interface=ether1 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.254 to-ports=8000
add action=netmap chain=dstnat disabled=yes dst-port=57998 in-interface=\
ether1 protocol=tcp to-addresses=192.168.1.254 to-ports=8000
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=netmap chain=dstnat disabled=yes dst-port=5060 in-interface=ether1 \
protocol=tcp to-addresses=192.168.1.200 to-ports=5060
add action=netmap chain=dstnat disabled=yes dst-port=10000-20000 \
in-interface=ether1 protocol=tcp to-addresses=192.168.1.200 to-ports=\
10000-20000
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set boot-os=router-os
# software id = RUHY-15Y6
#
# model = CRS328-24P-4S+
# serial number = 8223087F58FB
/interface bridge
add name=WAN_phone
add admin-mac=CC:2D:E0:E2:04:48 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] speed=100Mbps
set [ find default-name=ether12 ] speed=100Mbps
set [ find default-name=ether13 ] speed=100Mbps
set [ find default-name=ether14 ] speed=100Mbps
set [ find default-name=ether15 ] speed=100Mbps
set [ find default-name=ether16 ] speed=100Mbps
set [ find default-name=ether17 ] speed=100Mbps
set [ find default-name=ether18 ] speed=100Mbps
set [ find default-name=ether19 ] speed=100Mbps
set [ find default-name=ether20 ] speed=100Mbps
set [ find default-name=ether21 ] speed=100Mbps
set [ find default-name=ether22 ] speed=100Mbps
set [ find default-name=ether23 ] speed=100Mbps
set [ find default-name=ether24 ] speed=100Mbps
set [ find default-name=sfp-sfpplus1 ] speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] speed=10Gbps
set [ find default-name=sfp-sfpplus4 ] speed=10Gbps
/interface vlan
add interface=sfp-sfpplus1 name=vlan1 vlan-id=1504
add interface=sfp-sfpplus1 name=vlan2 vlan-id=1112
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan1 name=pppoe-out1 \
password=66de6671 use-peer-dns=yes user=st46820
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.1.3-192.168.1.175
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=3d name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus2
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus3
add bridge=bridge comment=defconf disabled=yes interface=sfp-sfpplus4
add bridge=WAN_phone interface=ether1
add bridge=WAN_phone interface=vlan2
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=\
192.168.1.0
/ip dhcp-server lease
add address=192.168.1.50 mac-address=14:C0:89:14:E7:09
add address=192.168.1.198 mac-address=4C:11:BF:5D:E8:94
add address=192.168.1.197 mac-address=4C:11:BF:5D:E8:FF
add address=192.168.1.199 mac-address=4C:11:BF:5D:BC:D4
add address=192.168.1.200 mac-address=B8:27:EB:F5:9C:C6
add address=192.168.1.254 allow-dual-stack-queue=no mac-address=\
58:03:FB:2A:54:86
add address=192.168.1.180 allow-dual-stack-queue=no mac-address=\
94:E1:AC:43:44:00
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip firewall filter
add action=accept chain=forward dst-address=192.168.1.200 dst-port=5060 \
protocol=udp
add action=accept chain=forward dst-address=192.168.1.200 dst-port=554 \
protocol=tcp
add action=accept chain=forward dst-address=192.168.1.254 dst-port=57998 \
protocol=tcp
add action=accept chain=forward dst-address=192.168.1.200 dst-port=\
10000-20000 protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=5060 \
in-interface=pppoe-out1 protocol=udp to-addresses=192.168.1.200 to-ports=\
5060
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 \
in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.199 to-ports=\
554
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=WAN_phone
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 \
in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=\
192.168.1.199 to-ports=554
add action=masquerade chain=srcnat dst-address=192.168.1.199 dst-port=554 \
protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=57998 \
in-interface=pppoe-out1 protocol=tcp src-port="" to-addresses=\
192.168.1.254 to-ports=8000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=\
10000-20000 in-interface=pppoe-out1 protocol=tcp to-addresses=\
192.168.1.200 to-ports=10000-20000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=5060 \
in-interface=bridge protocol=udp src-address=192.168.1.0/24 src-port="" \
to-addresses=192.168.1.200 to-ports=5060
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=\
10000-20000 in-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.200 to-ports=10000-20000
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=57998 \
in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=\
192.168.1.254 to-ports=8000
add action=src-nat chain=srcnat dst-address=192.168.1.200 dst-port=5060 \
out-interface=bridge protocol=udp src-address=192.168.1.0/24 \
src-address-list="" to-addresses=192.168.1.1
add action=src-nat chain=srcnat dst-address=192.168.1.200 dst-port=\
10000-20000 out-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
add action=src-nat chain=srcnat dst-address=192.168.1.254 dst-port=57998 \
out-interface=bridge protocol=tcp src-address=192.168.1.0/24 \
to-addresses=192.168.1.1
add action=netmap chain=dstnat disabled=yes dst-address=109.106.139.43 \
dst-port=57998 in-interface=ether1 protocol=tcp src-address=\
192.168.1.0/24 to-addresses=192.168.1.254 to-ports=8000
add action=netmap chain=dstnat disabled=yes dst-port=57998 in-interface=\
ether1 protocol=tcp to-addresses=192.168.1.254 to-ports=8000
add action=masquerade chain=srcnat src-address=192.168.1.0/24
add action=netmap chain=dstnat disabled=yes dst-port=5060 in-interface=ether1 \
protocol=tcp to-addresses=192.168.1.200 to-ports=5060
add action=netmap chain=dstnat disabled=yes dst-port=10000-20000 \
in-interface=ether1 protocol=tcp to-addresses=192.168.1.200 to-ports=\
10000-20000
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh address=192.168.1.0/24
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set boot-os=router-os
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.199 to-ports= 554
add action=dst-nat chain=dstnat dst-address=109.106.139.43 dst-port=554 in-interface=bridge protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.199 to-ports=554
add action=masquerade chain=srcnat dst-address=192.168.1.199 dst-port=554 protocol=tcp src-address=192.168.1.0/24 to-addresses=192.168.1.1