5 Replies Latest reply on Feb 25, 2011 11:22 AM by Meijuan Yin

    RTMFP tunnel

    Meijuan Yin

      I asked the admin open port udp 1935 for me, he only would like to open udp 1935 outbound for me. After that I could connect to Cirrus( rtmpf://p2p.rtmfp.net) for about 2 days, for sure I couldn't do the p2p connection, after that I could not connect to Cirrus any more.The problem here is that the admin said he didn't make any changes to the firewall setting, and he won't open any more port for me.

      I used nmap to check if the udp 1935 is open only get open|filtered, and nmap said tcp 1935 closed, telnet said the same, but my rtmp part working properly.

      Is there any way I can get it work? Is that possible I can use th RTMFP tunnel to let the udp 1935 stream go through the firewall by port 80? I have to make it work, any help  is greatly appreciated.


      By the way the code for rtmfp should be fine. It' s working all the time except this special location.

        • 1. Re: RTMFP tunnel
          Michael Thornburgh Adobe Employee

          UDP 1935 has never been enough to make a connection to an RTMFP server.  the redirectors are on port 1935, but they immediately send you to other ports (on Cirrus those ports are 10000+, on FMS by default the ports are 19350+).


          last week i did a non-disruptive soft restart of the Cirrus cluster, which changed the high ports in use (from 10000-10003 to 10004-10007).  (a "soft restart" is when new software is installed and activated for new connections but no existing connections are dropped).  if you were depending on ports 10000-10003 being the only ones in use, that could explain the sudden "not working anymore" situation.


          there is currently no way to tunnel RTMFP UDP packets over TCP port 80.  the only tunnel/proxy mechanism currently supported is an old version of TURN (IETF BEHAVE TURN draft 8), a UDP-UDP proxy protocol, and only on UDP port 3478.


          note that since Cirrus *only* does P2P introductions, it's not particularly useful to be able to connect to it if you can't also make P2P connections (which requires being able to connect to any UDP port on a peer computer).

          • 2. Re: RTMFP tunnel
            Meijuan Yin Level 1

            Thanks Michael. I know it's not enough to only connect to the Cirrus,

            but the first step I need make sure that site can connect to the Cirrus,

            then I can try P2P connections, I installed a proxy server, I will try

            to see if it can work.

            • 3. Re: RTMFP tunnel
              Meijuan Yin Level 1

              Thanks Michael,

              I tried and tested when the client connected to the Cirrus, it really used only udp ports 10004 to 10007 and 1935, normally about 4 ports used.  But if I only open these port from the firewall, the client still had problem to connect to the Cirrus to get the peerId back, would you please tell me why? It seems that for the older Cirrus version I could do like that.


              After the clients connected to the Cirrus and get back the peerId, two clients connected to each other to do the streaming, this time only one udp port used, it could be any port, every time it's changing. Can I limit it to use ports something like 2040 to 2100 ?

              • 4. Re: RTMFP tunnel
                Michael Thornburgh Adobe Employee

                Cirrus doesn't always use 10004-10007 and 1935.  it often also uses 10000-10003 and sometimes even others.  and those are just ports i decided to use;there's nothing magical or official about them.


                you can't limit the ports used by the client.  they could be anywhere in the range 1024-65535.  even if the client computer somehow limited the ports it used, that port choice would be lost if the client computer was behind a NAT.

                • 5. Re: RTMFP tunnel
                  Meijuan Yin Level 1

                  Thanks Micheal,


                  I opened ports from 10000-10007, and 1935 when I was testing, the client

                  still couldn't connect to the Cirrus, but when I opened all ports for

                  testing, I can see it was always using ports between 10004 to 10007 and

                  1935, why the client still couldn't connect to cirrus? Thanks again

                  Micheal, I understand it's possible these ports number could be changed

                  any time later, I just want to know why it wouldn't connect to the Cirrus.


                  And I tried to use sock5 to tunnel udp ports till now no luck, I can't

                  try to tunnel all of them any way.