 |
|
 |
|
|
 |
fcm and stateful firewall |
 |
 |
|
|
03-08-06 12:45 PM
Hi all,
Is there a way to get fcm to stream video to users that are behind a
stateful firewall ?
I've tried connecting with rmtp port 80 and tunnelling with no luck. Is
there a way around this besides getting the client or user to configure
there firewall to allow rtmp traffic ?
Regards,
Ben
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
When you say stateful, do you mean one that uses Stateful Packet Inspection?
Most firewalls these days are stateful, but an SPI firewall will ensure tha
t traffic on port 80 'looks' like HTTP traffic, for example.
Try setting your connect string to use rtmpt:// instead of rtmp://. That wil
l tell FCS to mimic HTTP traffic.
ben wrote:
> Hi all,
>
> Is there a way to get fcm to stream video to users that are behind a
> stateful firewall ?
>
> I've tried connecting with rmtp port 80 and tunnelling with no luck. Is
> there a way around this besides getting the client or user to configure
> there firewall to allow rtmp traffic ?
>
> Regards,
> Ben
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Here is a link to a firewall test for FCS provided by Macromedia. We send
this to our clients and ask them to email us the results. This will tell
you what ports are available on their firewall for FCS or FMS. Hope this
helps in the future. It has gotten us through a few pinches with clients.
http://www.macromedia.com/go/tn_16466
Ryan Osswald
Engineer
midhudsonmedia
30 South 3rd St.
Hudson, NY 12534
ryan-T+4d/MEryPkq3Qc7VneoHtBPR1lH4CV8@public.gmane.org
-----Original Message-----
From: James Wrubel [mailto:james-zNCL/LQg+xsdnm+yROfE0A@public.gmane.org
]
Sent: Wednesday, March 08, 2006 10:17 AM
To: FlashComm Mailing List
Subject: Re: [FlashComm] fcm and stateful firewall
When you say stateful, do you mean one that uses Stateful Packet Inspection?
Most firewalls these days are stateful, but an SPI firewall will ensure that
traffic on port 80 'looks' like HTTP traffic, for example.
Try setting your connect string to use rtmpt:// instead of rtmp://. That
will tell FCS to mimic HTTP traffic.
ben wrote:
> Hi all,
>
> Is there a way to get fcm to stream video to users that are behind a
> stateful firewall ?
>
> I've tried connecting with rmtp port 80 and tunnelling with no luck. Is
> there a way around this besides getting the client or user to configure
> there firewall to allow rtmp traffic ?
>
> Regards,
> Ben
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Hi,
Stateful Packet Inspection.
I was under the impression that if you don't specify a port when using rtmp
and if it fails it would attempt to use rtmpt.
I will tell it to use rtmpt. Will there be any performance issues by this
though ? I'm still learning all the stuff. I read somewhere i think it was
on MM's site about there may be a hit when using rtmpt. Only just started
using fcm. Eventually will probably write some code to automatically use
rtmp with the default port then 80 if that doesn't work then tell it to use
rtmpt. As a general rule what order would you recommend for optimal
performance?
Thanks again
----- Original Message -----
From: "James Wrubel" <james-zNCL/LQg+xsdnm+yROfE0A@public.gmane.org>
To: "FlashComm Mailing List" <flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@pub
lic.gmane.org>
Sent: Thursday, March 09, 2006 2:16 AM
Subject: Re: [FlashComm] fcm and stateful firewall
> When you say stateful, do you mean one that uses Stateful Packet
> Inspection? Most firewalls these days are stateful, but an SPI firewall
> will ensure that traffic on port 80 'looks' like HTTP traffic, for
> example.
>
> Try setting your connect string to use rtmpt:// instead of rtmp://. That
> will tell FCS to mimic HTTP traffic.
>
> ben wrote:
>
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Thanks for the url.
I tried that url just on my machine and i get fails for tunneling and a fail
for rtmp port 80. I just wrote a quick and dirty app to test the ports on
our fms application(external provider) and email us the results
automatically. On my machine all pass accept for rtmp port 80.
hhaha, for some of our clients(well the users that will be using the
application) to go to that url and send us the results will be to technical
for them. I know that sounds stupid but unfortunatly it's true 
Out of curiosity do you normally detect for ports when you build your
applications ? If so do you use that Macromedia url to try and find out why
they can't connect and most likely get them to open a port ?
Ben
----- Original Message -----
From: "Ryan Osswald" <ryan-R5dcbj8KPvRe5f+ys5851A@public.gmane.org>
To: "'FlashComm Mailing List'" <flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@p
ublic.gmane.org>
Sent: Thursday, March 09, 2006 2:33 AM
Subject: RE: [FlashComm] fcm and stateful firewall
> Here is a link to a firewall test for FCS provided by Macromedia. We send
> this to our clients and ask them to email us the results. This will tell
> you what ports are available on their firewall for FCS or FMS. Hope this
> helps in the future. It has gotten us through a few pinches with clients.
>
> http://www.macromedia.com/go/tn_16466
>
>
> Ryan Osswald
> Engineer
> midhudsonmedia
> 30 South 3rd St.
> Hudson, NY 12534
> ryan-T+4d/MEryPkq3Qc7VneoHtBPR1lH4CV8@public.gmane.org
>
>
> -----Original Message-----
> From: James Wrubel [mailto:james-zNCL/LQg+xsdnm+yROfE0A@public.gmane.o
rg]
> Sent: Wednesday, March 08, 2006 10:17 AM
> To: FlashComm Mailing List
> Subject: Re: [FlashComm] fcm and stateful firewall
>
> When you say stateful, do you mean one that uses Stateful Packet
> Inspection?
> Most firewalls these days are stateful, but an SPI firewall will ensure
> that
> traffic on port 80 'looks' like HTTP traffic, for example.
>
> Try setting your connect string to use rtmpt:// instead of rtmp://. That
> will tell FCS to mimic HTTP traffic.
>
> ben wrote:
>
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
I know Peldi's FLV player (and maybe the default component-based one in Flas
h 8) will do automatic testing then failover, but if you are writing your ow
n app or just using a net connnection, it will not automatically fail over.
If you are specifying the c
onnection string, you need to be explicit about protocol (and potentially po
rt).
The trend in firewalls is towards packet inspection. Older models of cisco P
ix and IPTables simply allowed anything over port 80 through, but now the Pi
x ships with the Packet Inspection capability turned on. So to ensure users
behind those models can get
to your content, you need to use rtmpt. There is a performance hit because r
tmpt adds the overhead of http. The best thing you can do to improve perform
ance (other than plan for slightly higher capacity) is increase your buffer
size, since the stateless
nature of rtmpt leaves you vulnerable to buffering problems. I also wouldn't
recommend any functionality such as online gaming over rtmpt, because laten
cy will kill you.
ben wrote:
> Hi,
>
> Stateful Packet Inspection.
> I was under the impression that if you don't specify a port when using
> rtmp and if it fails it would attempt to use rtmpt.
>
> I will tell it to use rtmpt. Will there be any performance issues by
> this though ? I'm still learning all the stuff. I read somewhere i think
> it was on MM's site about there may be a hit when using rtmpt. Only just
> started using fcm. Eventually will probably write some code to
> automatically use rtmp with the default port then 80 if that doesn't
> work then tell it to use rtmpt. As a general rule what order would you
> recommend for optimal performance?
> Thanks again
>
>
> ----- Original Message ----- From: "James Wrubel" <james-zNCL/LQg+xsdnm+yR
OfE0A@public.gmane.org>
> To: "FlashComm Mailing List" <flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@p
ublic.gmane.org>
> Sent: Thursday, March 09, 2006 2:16 AM
> Subject: Re: [FlashComm] fcm and stateful firewall
>
>
>
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Just one correction: if you specify the default rtmp connection string then
the Flash Player WILL try all other connection methods for you. It's kind of
got that failover stuff built in. However this can take a while to happen (I
believe especially so on Macs) so it's best to simply try simoultaneous
connections on all ports etc and use the first one that succeeds, canceling
other connection attempts.
Stefan
> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gman
e.org] On Behalf Of
> James Wrubel
> Sent: 08 March 2006 16:48
> To: ben
> Cc: FlashComm Mailing List
> Subject: Re: [FlashComm] fcm and stateful firewall
>
> I know Peldi's FLV player (and maybe the default
> component-based one in Flash 8) will do automatic testing
> then failover, but if you are writing your own app or just
> using a net connnection, it will not automatically fail over.
> If you are specifying the connection string, you need to be
> explicit about protocol (and potentially port).
>
> The trend in firewalls is towards packet inspection. Older
> models of cisco Pix and IPTables simply allowed anything over
> port 80 through, but now the Pix ships with the Packet
> Inspection capability turned on. So to ensure users behind
> those models can get to your content, you need to use rtmpt.
> There is a performance hit because rtmpt adds the overhead of
> http. The best thing you can do to improve performance (other
> than plan for slightly higher capacity) is increase your
> buffer size, since the stateless nature of rtmpt leaves you
> vulnerable to buffering problems. I also wouldn't recommend
> any functionality such as online gaming over rtmpt, because
> latency will kill you.
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Thanks Stefan,
I'll implement it that way. Just hope not many users hit the site at once as
i only have 20 connections to play with 
Sweet, i read your article at Macromedias site about "Delivering Flash
Video: Dynamic Bandwidth Detection with Macromedia Flash Communication
Server".
Nice article, It's helped me alot to undertand detection. However i got a
query in regards to the value that is returned by the server code. Sometimes
it returns my kb as 2000 to 3000kb and i'm on a 1500kb connection. Would you
have any ideas why that could be happening ?
Also I was very curious as to what exactly this line of code was doing
for (var i=0; i<1200; i++) {
p_client.payload[i] = Math.random(); //16K approx
}
Is that just filling in random numbers(16K each?) to send to the client
which is used to determine the bandwidth. Would a random string be better ?
Thanks,
Ben
----- Original Message -----
From: "Stefan Richter" <stefan-fMeCE+ULXElEfu+5ix1nRw@public.gmane.org>
To: <james-zNCL/LQg+xsdnm+yROfE0A@public.gmane.org>; "'FlashComm Mailing Lis
t'"
<flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org>
Sent: Thursday, March 09, 2006 3:53 AM
Subject: RE: [FlashComm] fcm and stateful firewall
> Just one correction: if you specify the default rtmp connection string
> then
> the Flash Player WILL try all other connection methods for you. It's kind
> of
> got that failover stuff built in. However this can take a while to happen
> (I
> believe especially so on Macs) so it's best to simply try simoultaneous
> connections on all ports etc and use the first one that succeeds,
> canceling
> other connection attempts.
>
> Stefan
>
>
>
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Hmm. I didn't know it was built in to the player. You learn something new ev
ery day. Thanks!
Jim
Stefan Richter wrote:
> Just one correction: if you specify the default rtmp connection string the
n
> the Flash Player WILL try all other connection methods for you. It's kind
of
> got that failover stuff built in. However this can take a while to happen
(I
> believe especially so on Macs) so it's best to simply try simoultaneous
> connections on all ports etc and use the first one that succeeds, cancelin
g
> other connection attempts.
>
> Stefan
>
>
>
>
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: fcm and stateful firewall |
|
|
|
|
03-08-06 10:45 PM
Hmm, I am not sure why you are seeing such high numbers. The code which
handles the bandwidth detection wasn't written by me so I am unable to
comment further but I must say that it generally seemed to work pretty well.
It never returned unrealistic figures for me. Has anyone else had trouble
with this?
Ben,
If you use the main.asc file that ships with Flash8 (search help files for
'main.asc') and run that in conjunction with FVLPLayback, does that also
show this issue?
Stefan
> -----Original Message-----
> From: flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> [mailto:flashcomm-bounces-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gman
e.org] On Behalf Of ben
> Sent: 08 March 2006 17:29
> To: FlashComm Mailing List
> Subject: Re: [FlashComm] fcm and stateful firewall
>
> Thanks Stefan,
>
> I'll implement it that way. Just hope not many users hit the
> site at once as i only have 20 connections to play with
>
> Sweet, i read your article at Macromedias site about "Delivering Flash
> Video: Dynamic Bandwidth Detection with Macromedia Flash
> Communication Server".
> Nice article, It's helped me alot to undertand detection.
> However i got a query in regards to the value that is
> returned by the server code. Sometimes it returns my kb as
> 2000 to 3000kb and i'm on a 1500kb connection. Would you have
> any ideas why that could be happening ?
>
> Also I was very curious as to what exactly this line of code was doing
>
> for (var i=0; i<1200; i++) {
> p_client.payload[i] = Math.random(); //16K approx }
>
> Is that just filling in random numbers(16K each?) to send to
> the client which is used to determine the bandwidth. Would a
> random string be better ?
>
> Thanks,
> Ben
>
>
> ----- Original Message -----
> From: "Stefan Richter" <stefan-fMeCE+ULXElEfu+5ix1nRw@public.gmane.org>
> To: <james-zNCL/LQg+xsdnm+yROfE0A@public.gmane.org>; "'FlashComm Mailing L
ist'"
> <flashcomm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org>
> Sent: Thursday, March 09, 2006 3:53 AM
> Subject: RE: [FlashComm] fcm and stateful firewall
>
>
> connection string
> you. It's kind
> while to happen
> simoultaneous
>
> ________________________________________
_______
> FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
> To change your subscription options or search the archive:
> http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
>
> Brought to you by Fig Leaf Software
> Premier Authorized Adobe Consulting and Training
> http://www.figleaf.com
> http://training.figleaf.com
>
________________________________________
_______
FlashComm-1Ss2GqJETD3yZ38Mhd3e/9ZfFG6BLHNm@public.gmane.org
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcomm
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 09:37 AM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
