soundscreen
Embedding QuickTime
Illustrated Embed Tag
Embed Tag Attributes
Interactive Form
Detecting QuickTime via JavaScript
Basic Streaming
- Basic Server Setup
- Compression for Streaming
- Using QTSS Publisher
- Posting Files to the Server
- Linking Pages to Streams
- Using Playlists
- Live Streaming
Advanced Streaming
Authenticating Media Access
Streaming through Firewalls
Setting up Relays
Using CGI to Create Pages
Resources & Downloads
- Downloads on this Site
- Links to Other Sites
Cool Examples
Streaming Directory Listing
Movie Database
Synchronized Web Presentation
Interactive Examples
Other Sites with Cool Stuff

Streaming Server and Firewalls

The streaming server uses the IETF RTSP/RTP protocols. RTSP runs on top of TCP, while RTP runs on UDP. Many firewalls are configured to restrict TCP packets by port number, and are very restrictive on UDP. There are three options for streaming through Firewalls with the streaming server. These options are not mutually exclusive. Typically one or more are used to provide the most flexible setup. The three configurations outlined below are for clients behind a Firewall.

  1. Stream via Port 80. This option enables the streaming server to encapsulate all RTSP and RTP traffic inside TCP port 80 packets. Because this is the default port used for HTTP-based web traffic, it will get through most firewalls. However, encapsulating the streaming traffic will lower performance on the network, and require faster client connections to maintain streams. It also increases load on the server.
  2. Open the appropriate ports on the Firewall. This allows the streaming server to be accessed via RTSP/RTP on the default ports and provides better use of network resources, lower speeds for client connections and less load on the server. The Ports that need to be open for unrestricted streaming include:
    TCP Port 80: Used for signalling and streaming RTSP/HTTP (if enabled on server)
    TCP Port 554: Used for RTSP
    UDP Ports 6970 - 9999: used for UDP streaming.
    Note a smaller range of UDP ports can usually be used (typically 6970-6999).
    TCP Port 7070: Optionally used for RTSP (this port is used by Real Server, and QuickTime/Darwin can also be configured to use this port)
  3. Set up a Streaming Proxy Server. The Proxy server is placed in the network DMZ - an area on the network that is in between an external firewall to the Internet, and an internal firewall between the DMZ and the internal network. Using firewall rules, packets with the ports defined above are allowed from the Proxy server to clients through the internal firewall, and also between the proxy server and the Internet via the external firewall. However, clients are not allowed to make direct connections to external resource over those ports. This approach insures that all packets bound for the internal network come through the proxy server, providing an additional layer of network security.

Running Streaming Server behind Firewalls

Publicly accessible streaming servers can be placed behind firewalls. However, the ports outlined in 2. above should be opened so that clients have open access to the server over both HTTP and RTSP/RTP. Alternatively, you can run behind a restrictive firewall if you specify port 80 in references to your stream. For example, if the server stream.example.com was placed behind a restrictive firewall, and we wanted to access a movie named "foo.mov" we could use the URL:

rtsp://stream.example.com:80/foo.mov

The following table summarizes ports used by the streaming server. The arrows indicate the packet flow between client and server.
Streaming Ports

Running the Streaming Server behind a NAT Router

While it is not recommended to run the streaming server behind a NAT Router, the streaming server can be configured by hand-editing the streamingserver.xml file and restarting the server: