Firewall issues webcam streaming service - best solution?

Various experience with applications based on Live Server

Firewall issues webcam streaming service - best solution?

Postby timter51 » Sun Mar 08, 2015 5:53 am

Hi all,

I'm in the process of launching a live webcam streaming service, and I'm hitting big problems with firewalls. The service is for schools to stream live nature webcams from their school grounds (e.g. nestboxes), but it's becoming increasingly obvious that the extremely tight security controls around school networks is causing, and going to cause many more, big headaches.

The current setup is using the standard installation of Unreal Media Server, with schools using Unreal Live Server to connect to my media server on port 5130. The streams are then viewable on a website with Flash Player (streaming over port 5119). To connect to the media server, schools are having to request with their network service provider that TCP port 5130 is opened to the IP of my media server. This is not a big problem and it works ok (a bit of a PITA for schools, though). The huge and fatal problem to this setup is that many schools are finding that they can't watch the streams on the website because 5119 is also blocked. The idea behind the project is that the thousands of schools across the region can go on the website and watch the live streams, and so I can't expect every school to get their firewalls / ports opened just to even watch the streams. So my current setup has been shot down in flames before it even got off the ground.

I need to find a solution where:

1. Schools with webcams wanting to stream can connect to my media server without having to open firewall ports
2. Any schools wanting to watch the streams on my website can do so without having to open firewall ports
3. The stream must be able to use Flash Player, I do not want schools to have to install browser plugins
4. The website / streams can be watched on a range of devices - PCs and Macs, Android devices, Apple mobile devices

From my initial research, it looks like I have 2 possible options: RTMP over port 80 (using UHttpProxy I think) or RTMPT (does this also need UHttpProxy?)
If it helps, my website will not be hosted on the same server I am running UMS. So I assume I can run streaming through port 80 without any problems, and the server can be a dedicated media server, not a web server.

I would be very grateful for advice on what is my best option to take here. What is the difference between using RTMP + UHttpProxy and just using RTMPT? Will either of these solutions cover the 4 critical points I have listed above?
timter51
 
Posts: 0
Joined: Sun Mar 08, 2015 5:16 am

Re: Firewall issues webcam streaming service - best solution

Postby admin » Mon Mar 09, 2015 7:59 am

Hello,

1. UHttpProxy has nothing to do with RTMP; you only need it to stream via HTTPS over our own UMS protocol to our Streaming Media Player (can be embeded in any web browser on Windows OS only). Of course schools will play with Flash player, so forget about UHttpProxy.

2. It is very weird that schools need to open port 5130 for outgoing connection - normally you only need to open ports for incoming connections.
So a school should be able to run Unreal Live Server and push the stream to Unreal Media Server (port 5130) without any port opening.
Of course, to play a stream, they need to open the port on which Unreal Media Server serves players - 5119 or whatever you configure.
80 may be a good idea. On your hosting server, you can serve web pages via HTTPS only (port 443 on web server), and let Unreal Media Server to serve streams on port 80. So Unreal Media Server and web server can co-exist on the same server.
admin
Site Admin
 
Posts: 944
Joined: Fri Aug 21, 2009 10:13 am

Re: Firewall issues webcam streaming service - best solution

Postby timter51 » Mon Mar 09, 2015 8:39 am

[quote="admin"]Hello,

1. UHttpProxy has nothing to do with RTMP; you only need it to stream via HTTPS over our own UMS protocol to our Streaming Media Player (can be embeded in any web browser on Windows OS only). Of course schools will play with Flash player, so forget about UHttpProxy.

2. It is very weird that schools need to open port 5130 for outgoing connection - normally you only need to open ports for incoming connections.
So a school should be able to run Unreal Live Server and push the stream to Unreal Media Server (port 5130) without any port opening.
Of course, to play a stream, they need to open the port on which Unreal Media Server serves players - 5119 or whatever you configure.
80 may be a good idea. On your hosting server, you can serve web pages via HTTPS only (port 443 on web server), and let Unreal Media Server to serve streams on port 80. So Unreal Media Server and web server can co-exist on the same server.[/quote]

It is strange that schools networks are blocking outbound on 5130, but it is definitely the case, I've spoken to the network service provider to clarify. School networks are protected like fort knox (quite rightly, I guess). On top of that, the fact that schools have to open 5119 to watch the streams means this method is unworkable anyway.

RTMP or RTMPT over port 80 seems to be my only option. All your RTMP streams on your demo page are using this method, correct? I could try those links in some schools and see if they can connect?
timter51
 
Posts: 0
Joined: Sun Mar 08, 2015 5:16 am

Re: Firewall issues webcam streaming service - best solution

Postby admin » Mon Mar 09, 2015 10:12 am

All your RTMP streams on your demo page are using this method, correct? I could try those links in some schools and see if they can connect?


Yes, correct.
admin
Site Admin
 
Posts: 944
Joined: Fri Aug 21, 2009 10:13 am

Re: Firewall issues webcam streaming service - best solution

Postby timter51 » Mon Mar 09, 2015 10:16 am

Thanks admin. Also can I just clarify, if I use RTMP on port 80, does it work for both inbound and outbound? So clients connect their webcams with Unreal Live Server on port 80, the stream is through Flash Player also through port 80?
timter51
 
Posts: 0
Joined: Sun Mar 08, 2015 5:16 am

Re: Firewall issues webcam streaming service - best solution

Postby admin » Mon Mar 09, 2015 9:21 pm

No, in Unreal Media Server this cannot be the same port.
Port for publishing streams is different from port for players.
admin
Site Admin
 
Posts: 944
Joined: Fri Aug 21, 2009 10:13 am

Re: Firewall issues webcam streaming service - best solution

Postby timter51 » Tue Mar 10, 2015 3:03 am

Ok, so that means there's no way to set this up so users don't have to open a port to connect their webcams? If I'm using 80 for players, schools will still need to connect their webcams through 5130?
timter51
 
Posts: 0
Joined: Sun Mar 08, 2015 5:16 am

Re: Firewall issues webcam streaming service - best solution

Postby admin » Tue Mar 10, 2015 8:08 am

Correct.

FYI, it's not just the port. If the schools are protected very seriously as you describe, then they only allow HTTP protocol on port port 80.
So RTMP over 80 and UMS publishing over 80 may not work. RTMPT should work.
You probably don't realize everything about their protection, so I guess you need to direct these questions to school network admins and ask them to provide the best policy for you.
admin
Site Admin
 
Posts: 944
Joined: Fri Aug 21, 2009 10:13 am

Re: Firewall issues webcam streaming service - best solution

Postby timter51 » Fri Mar 13, 2015 6:32 am

Another quick question, is there a web administration module available for UMS, or can it only be managed whilst logged on to the server? I would like give someone the ability to add / delete / manage streaming accounts, but I do not want to give him admin access to my server. If I let him RDP to my server with a non-admin account, he gets a Windows UAC pop-up when he tries to open the UMS config program, so he can't get in.
timter51
 
Posts: 0
Joined: Sun Mar 08, 2015 5:16 am

Re: Firewall issues webcam streaming service - best solution

Postby admin » Fri Mar 13, 2015 7:23 am

admin
Site Admin
 
Posts: 944
Joined: Fri Aug 21, 2009 10:13 am

Next

Return to Live applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron