Real Audio Real Video and Quick Time TCP Ports 554 and 7070

This document is created with trial version of CHM2PDF Pilot 2.15.72.

RealAudio, RealVideo, and QuickTime use the same ports. The control connection to the server is built on top of the Real-Time Streaming Protocol (RTSP). See RFC 2326, "Real Time Streaming Protocol (RTSP)," for more information on the protocol. The incoming data stream is built on top of the Real-Time Transport Protocol (RTP). See RFC 3550, "RTP: A Transport Protocol for Real-Time Applications," for more information on the RTP protocol. See http://www.realnetworks.com for more information on RealAudio and RealVideo firewall requirements.

The client programs can be configured to use TCP solely, to use TCP for the control connection and UDP for the data stream (the UDP port can be configured to be a single port or one from a range of ports), or to use the HTTP application protocol solely. The TCP server ports, 554 or 7070 and 7071, depend on the client and server versions. The UDP client ports range between 6970 and 7170 for newer clients. If your site uses the older RealAudio version 3.0 player, the UDP client port range is 6770 to 7170. The actual port range supported can vary by application and platform.

Typically, the client program uses the most efficient transport combination available. The client determines this by attempting the different methods. Because bidirectional protocols usually have problems getting through a firewall without ALG support, the data stream will usually arrive over the TCP or HTTP protocols.

In other words, without a firewall support module for RealAudio, your options are to use HTTP for the incoming stream, to open the specific TCP or UDP ports and not use the state module (or, at least, not use the invalid match), or to open the required ports and place the rules for the data stream before the state match rules.

Table 4.12 lists the control and data streams for a local client.

Table 4.12. RealAudio Protocol

REMOTE REMOTE LOCAL LOCAL TCP

DESCRIPTION PROTOCOL ADDRESS PORT IN/OUT ADDRESS PORT FLAG

REMOTE REMOTE LOCAL LOCAL TCP

DESCRIPTION PROTOCOL ADDRESS PORT IN/OUT ADDRESS PORT FLAG

Local client control request

TCP

ANYWHERE

554,7070

Out

IPADDR

1024:

65535

Any

Remote server control response

TCP

ANYWHERE

554,7070

In

IPADDR

1024:

65535

ACK

Local client TCP data request

TCP

ANYWHERE

7071

Out

IPADDR

1024:

65535

Any

Remote server TCP data response

TCP

ANYWHERE

7071

In

IPADDR

1024:

65535

ACK

Remote server UDP data stream

UDP

ANYWHERE

1024:65535

In

IPADDR

6970:

71709

The next rule pair establishes the control connection with the server:

if [ "$CONNECTION_TRACKING" = "1" ]; then $IPT -A OUTPUT -o $ INTERNET -p tcp \

-m multiport --source-port 554,7070 \ —syn -s $IPADDR --sport $UNPRIVPORTS \ -m state--state NEW -j ACCEPT

-m multiport --destination-port 554,7070 \ --syn -s $IPADDR --dport $UNPRIVPORTS -j ACCEPT

-m multiport --destination-port 554,7070 \ ! —syn -d $IPADDR —dport $UNPRIVPORTS -j ACCEPT

The next rule allows the preferred incoming UDP data stream from the server:

This document is created with trial version of CHM2PDF Pilot 2.15.72.

$IPT -A INPUT -i $ INTERNET -p udp \ --sport $UNPRIVPORTS \

-d $IPADDR --dport 6970:7170 -j ACCEPT

The next rule pair establishes the TCP data stream connection with the server:

if [ "$CONNECTION_TRACKING" = "1" ]; then $IPT -A OUTPUT -o $ INTERNET -p tcp \

-s $IPADDR --sport $UNPRIVPORTS \ —dport 7071 -m state --state NEW -j ACCEPT

-s $IPADDR --sport $UNPRIVPORTS \ --dport 7071 -j ACCEPT

$IPT -A INPUT -i $ INTERNET -p tcp ! --syn \ --sport 7071 \

-d $IPADDR --dport $UNPRIVPORTS -j ACCEPT

4 PREV

Continue reading here: Enabling Common UDP Services

Was this article helpful?

+1 0