Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
RE: Problem with RTSP but not HTTP - 10.3.9 QTSS behind a Cisco firewall
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problem with RTSP but not HTTP - 10.3.9 QTSS behind a Cisco firewall



Cisco PIX firwalls only support RTSP over NAT and not PAT, this means that you need to have a 1-1 NAT set up with a real outside address.  You also need to make sure you are facilitating the use of the RTSP fixup protocol.

We have an internal RTSP proxy that we use which has a 1-1 NAT address to the outside,  This allows internal clients to get RTSP, over UDP with no issues.  I recently did a RTSP stream of our live graduation ceremonies.  My QTSS server is in our DMZ with real IP addresses, so there is no NAT or PAT, and there was not an issue.

Of course, I do have a help page which tells uses to set Quicktime client to port 80 if all else fails since this is always a good failsafe.

We were lead to believe that the Cisco box would support RTSP in a PAT environment (for those that don't know, when you hide several machine behind 1 or more legal IP addresses, that is NAT and PAT.  NAT alone alows you to take a single legal address and map it to a single internal address.  RTSP using the Cisco Fixup Protocol allows a NAT'ed machine to do RTSP, but not when using PAT.

   -Mike

------------------------------------------
Michael Perbix
Lower Merion School District
Telecommunications Specialist
PH (610) 645-1964
Fax (610) 896-2019



-----Original Message-----
From: streaming-server-users-bounces+perbix=email@hidden on behalf of Greg J. Ogonowski
Sent: Fri 6/10/2005 9:45 PM
To: Stuart Ramdeen; email@hidden
Subject: Re: Problem with RTSP but not HTTP - 10.3.9 QTSS behind a Cisco firewall

This sounds like your NAT is having a problem routing UDP packets back to
your sources.  This is a very common problem with certain firewalls.

-greg.



At 17:57 2005-06-10, Stuart Ramdeen wrote:
>Hi all,
>
>I am desperately trying to track down a problem I'm having getting a
>qtss to work over RTSP/554.
>
>The setup is this:
>
>Xserve running 10.3.9 vanilla install with qtss turned on. No
>firewall turned on on the machine and the box has a private ip
>address. There's a Cisco firewall doing NAT and all ports that are
>specified in the QTSS manual (The one that's part of the general 10.3
>server collection) are open and are told to redirect all traffic on
>those ports to the Xserve.
>
>If I stream over port 80 then everything works as expected. I have
>noticed that I need to turn on the option 'Broadcast over TCP' in
>Quicktime Broadcaster otherwise QTB will disconnect after 10 or so
>seconds. This is obviously if I use QTB from home over DSL. If QTB is
>used on the Xserve itself then the default preset settings work a
>treat. (I'm not sure if this information is helpful in trying to
>track down my main problem)
>
>If I try to stream over UDP 554 (as specified in my QT 6.5.2 or 7
>transport setup), the client seems to make an initial connection, but
>then Quicktime Player fails with an error -5408 after a minute or two
>of trying.
>
>If I run a tcpdump on my client you can see QT player chatting away
>happily with the server on its mapped public ip address, but then the
>server chats back to the client and all of a sudden the client tries
>to talk to the server on its private ip:
>
>
>01:50:19.873552 IP 10.0.1.251.54465 > 212.85.23.xxx.rtsp: P 534:868 (334)
>ack 3477 win 65535 <nop,nop,timestamp 252738034 2241072736>
>01:50:19.888177 IP 212.85.23.xxx.rtsp > 10.0.1.251.54465: P 3477:3976
>(499) ack 868 win 32832 <nop,nop,timestamp 2241072736 252738034>
>01:50:19.904757 IP 10.0.1.251.54465 > 212.85.23.xxx.rtsp: P 868:1124 (256)
>ack 3976 win 65535 <nop,nop,timestamp 252738034 2241072736>
>01:50:19.922319 IP 212.85.23.xxx.rtsp > 10.0.1.251.54465: P 3976:4338
>(362) ack 1124 win 32832 <nop,nop,timestamp 2241072736 252738034>
>01:50:19.976384 IP 10.0.1.251.54465 > 212.85.23.xxx.rtsp: . ack 4338
>win 65535 <nop,nop,timestamp 252738034 2241072736>
>01:50:20.821225 IP 10.0.1.251.52279 > 10.0.1.1.domain:  32441+ PTR?
>1.1.0.10.in-addr.arpa. (39)
>01:50:20.824888 IP 10.0.1.1.domain > 10.0.1.251.52279:  32441
>NXDomain* 0/0/0 (39)
>01:50:22.198711 IP 10.0.1.251.6973 > 10.1.0.12.6979: UDP, length: 84
>01:50:22.198979 IP 10.0.1.251.6971 > 10.1.0.12.6979: UDP, length: 84
>01:50:22.838596 IP 10.0.1.251.52280 > 10.0.1.1.domain:  14238+ PTR?
>12.0.1.10.in-addr.arpa. (40)
>01:50:22.840559 IP 10.0.1.1.domain > 10.0.1.251.52280:  14238
>NXDomain* 0/0/0 (40)
>01:50:32.210000 IP 10.0.1.251.6973 > 10.1.0.12.6979: UDP, length: 84
>01:50:32.210279 IP 10.0.1.251.6971 > 10.1.0.12.6979: UDP, length: 84
>
>10.0.1.251 is my client at home on my DSL connection
>212.85.23.xxx is the server
>10.0.1.1 is my airport base station which acts as my router at home
>10.1.0.12 is the private address of the server
>
>The server is set to 'Enable Streaming on All IP Addresses' with the
>only ip on the server being its private one.
>
>At this stage I'm not even trying to use Broadcaster to stream out a
>live feed. I'm just trying to access the sample_300kbit.mp4
>
>Could it be the firewall causing this? Are other people having joy
>using qtss over RTSP on a nat'd setup rather than a dmz or directly
>connected box?
>
>Are there any obvious things I could look for in the firewall? I
>don't have the exact model to hand but I know that it's a Cisco Pix
>something or other...
>_______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Streaming-server-users mailing
>list      (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden


__________________________________________________________________________
Greg J. Ogonowski
VP Product Development
ORBAN / CRL, Inc.
1525 Alvarado St.
San Leandro, CA  94577  USA
TEL +1 510 351-3500
FAX +1 510 351-0500
email@hidden
http://www.orban.com

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Streaming-server-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Streaming-server-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >Problem with RTSP but not HTTP - 10.3.9 QTSS behind a Cisco firewall (From: Stuart Ramdeen <email@hidden>)
 >Re: Problem with RTSP but not HTTP - 10.3.9 QTSS behind a Cisco firewall (From: "Greg J. Ogonowski" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.