Cannot connect RTSP camera between interfaces/subnets

[GiantJack]

Hi there!
I have some trouble with my IP cameras.

I setup some (little) time ago a VLAN 5 interface for my IoTs.
I wanted to move my IP camera to this VLAN5.

VLAN5 subnet  is 192.168.5.0/24
LAN subnet is 192.168.1.0/24

For tests, I have setup rules in the VLAN5 firewall to all open:
VLAN5 net to LAN net, any protocol, IPv4&v6, any ports (so I expect all open between VLAN5 & LAN).
LAN is open also to VLAN5.

My PC and my phone on LAN can ping & access web admin page of the camera on 192.168.5.81
But RTSP connexion with VLC or with my NAS won't work.

If I connect my PC or phone on the VLAN5 directly:  VLC can catch the RTSP stream !


I have a second and different camera, that is still on my LAN for now (192.168.1.80).
When my PC and phone are on LAN,  I can ping, access admin page and RTSP without troubles.
But if my PC or phone are on VLAN5, I can still ping or access admin page of the second camera, but RTSP is down!

 

Is there anything with RTSP that I could have forgot to allow connection between my 2 interfaces/subnets ?

[GiantJack]

gosh, after checking traffic with interface / diagnostics / packet capture, I had some malformed packet / fragmented IP protocol stuff in wireshark
I'm not sure about the meaning of this but a few google search bring me to the "normalization" settings.

I have ticked "Disable interface scrub" in Firewall / settings / Normalization.

And...magic ! my RTSP now works !!!

The point is that I have a close to no understanding about this option...is there any particular risks in disabling this scrub thing ?

An other question: is there a way to disable this scrubbing for a specific interface only ? or even some specific IP ? so I can limit this modification only to my camera.