Also, if Apache is working (and was working when it used port 80), then
QTSS using port 80 should work. From a networking point of view, QTSS
using port 80 is nearly identical to Apache- it tunnels everything
through TCP port 80.
-Joel Hedden
On Wed, 2002-10-30 at 14:12, Joel Hedden wrote:
> Hi,
> Are you trying to use HTTP/port 80 streaming? With your firewall
> config, that's the only type of streaming that should work.
> Also- I'm assuming that you did turn on port 80 streaming for QTSS, and
> that it was done after moving Apache to port 8080. When testing from
> within the local network, are you sure you're using QT with HTTP/port 80
> transport?
>
> To debug, try this from a remote host (outside the firewall):
> telnet <IP address of your server> 80
> If it connects, hit Enter a couple of times. If you get an RTSP
> response, then the network and server are configured fine.. Maybe the
> client is trying to use port 554 instead of 80. If you get an HTTP
> response, the Apache is still listening on port 80 and QTSS couldn't
> bind to the port. If you don't get a response, something is
> misconfigured.
> You may also want to find a good sniffer to help you debug. Sniffing
> the packets on the multiple interfaces of your gateway should show you
> exactly what the firewall is doing. Also, by logging the packets as
> they're passed, you can see if the firewall is working correctly (as in
> "pass in log ... ").
>
> There should not be any QTSS bug that is causing problems, and you
> should indeed be able to run a firewall on the local system or a remote
> gateway, as long as everything is properly configured.
>
> If you wanted to use port 554 or 7070 for streaming, you'd need to pass
> in TCP packets for those ports, as well as UDP ports 6970-6999.
>
> -Joel Hedden
>
> On Tue, 2002-10-29 at 22:47, Jim Arnold wrote:
> > For the past few days I've been banging my head against the wall
> > trying to get the Darwin Streaming server (4.1.1 from the FreeBSD
> > ports system) to work behind an IPF firewall. The server works fine
> > inside of the LAN.
> >
> > I opened up these ports in my ipf.conf. I moved apache to 8080 so I
> > could stream DSS via 80:
> > pass in quick on dc0 proto tcp from any to 192.168.0.2/32 port = 80
> > flags S keep state keep frags
> > pass in quick on dc0 proto tcp from any to 192.168.0.2/32 port = 8080
> > flags S keep state keep frags
> >
> > In Ipnat I'm redirecting the traffic to the server:
> > rdr dc0 0.0.0.0/0 port 80 -> 192.168.0.2 port 80 tcp
> > rdr dc0 0.0.0.0/0 port 8080 -> 192.168.0.2 port 8080 tcp
> >
> > Apache has no trouble working from the net on 8080.
> >
> > I just don't think it's an issue with how my firewall is configured.
> >
> > I found a poster on the DSS list who had the same kind of trouble.
> > Here was his response to my query if he ever solved his problem:
> >
> > "I'm convinced that this is a problem with DSS/QTSS's code.
> >
> > They have kind of alluded to this in their posts when they say that DSS
> > doesn't really like this setup. I've been dealing with this issue since
> > July. I still don't have a solution. I've tried everything. It just makes
> > no sense that you can't put the server behind a firewall.
> >
> > I tried everything--from open ports to using DNS tricks to you name it. For
> > whatever reason, the server doesn't like having one address on the network
> > and having a different address on the Internet.
> >
> > Like I said in the post, I've been doing this with lots of builds of
> > RealNetworks with no problems since 1998. It's driven me crazy and I've all
> > but given up"
> >
> > Any help or guidance would be greatly appreciated. Anyone running DSS
> > behind a firewall out
> > to the internet?
> >
> > Jim
> > _______________________________________________
> > streaming-server-users mailing list | email@hidden
> > Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/streaming-server-users
> > Do not post admin requests to the list. They will be ignored.
_______________________________________________
streaming-server-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/streaming-server-users
Do not post admin requests to the list. They will be ignored.
