Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RTMP streaming is blocked

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 14.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      klazoid
      last edited by

      I expercienced that RTMP streaming get's blocked.
      I started a topic in the past (locked now) but the problem remained.
      rtmp, rtmpt, rmtpe, … all are blocked.

      In one of the video's I'm trying to access, I get a Server not found: rtmpt://.... error.

      Pfsense uses the squid proxy, tried already transparant and non transparant mode.
      The Squid filter has been turned of for testing purpose and I allowed (temporally) all TCP/UDP traffic from * to * on LAN and WAN with allow IP-options but still the streaming gets blocked.

      A tcpdump of one computer trying to access such a stream is included.

      I tried both tests on this page and got this outcome:

      WIN 11,4,402,265

      RMTP Default Success 47.8s
      RMTP Port 1935 Failed 15.4s
      RMTP Port 80 Failed 15.4s
      RMTP Port 443 Failed 15.4s
      RMTPT (Tunneling) Default Success 2.7s
      RMTPT (Tunneling) Port 80 Success 2.7s
      RMTPT (Tunneling) Port 443 Success 2.7s
      RMTPT (Tunneling) Port 1935 Success 2.7s

      WIN 11,4,402,265

      RTMP DEFAULT TimeOut
      RTMP 80    Failed
      RTMP 443    Failed
      RTMP 1935  Failed
      RTMPT DEFAULT Success
      RTMPT 80    Success
      RTMPT 443    Success
      RTMPT 1935  Success
      packetcapture_klazoid.txt

      1 Reply Last reply Reply Quote 0
      • K Offline
        klazoid
        last edited by

        I did a clean install of pfSense (2.1 snapshot) and installed Squid as proxy (port 8080). With this setup I'm unable to watch any movie from this page: http://www.deredactie.be/cm/vrtnieuws/mediatheek

        I'm starting to wonder if it my/pfsense faults or a faulty setup of the way the website tries to stream the data over rtmp.

        1 Reply Last reply Reply Quote 0
        • stephenw10S Online
          stephenw10 Netgate Administrator
          last edited by

          From behind a 2.0.1 Nano install I am seeing:

          
          WIN 11,3,300,271
          
          RMTP Default Success 2s 
          RMTP Port 1935 Success 2s 
          RMTP Port 80 Success 2s 
          RMTP Port 443 Success 2s 
          RMTPT (Tunneling) Default Success 5.8s 
          RMTPT (Tunneling) Port 80 Success 5.6s 
          RMTPT (Tunneling) Port 443 Success 6.2s 
          RMTPT (Tunneling) Port 1935 Success 6.2s 
          
          
          WIN 11,3,300,271
          
          RTMP 		DEFAULT		Success
          RTMP 		80     		Success
          RTMP 		443    		Success
          RTMP 		1935   		Success
          RTMPT		DEFAULT		Success
          RTMPT		80     		Success
          RTMPT		443    		Success
          RTMPT		1935   		Success
          
          

          Not running Squid.

          Steve

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            running on win7 x64 box in firefox, behind pfsense

            2.1-BETA0 (i386)
            built on Thu Sep 13 04:24:49 EDT 2012
            FreeBSD 8.3-RELEASE-p4
            With gitsync as of a couple of days ago.

            Not using any proxies at all in pfsense.

            
            WIN 11,4,402,265
            
            RMTP Default Success 1.3s 
            RMTP Port 1935 Success 1.4s 
            RMTP Port 80 Success 1.4s 
            RMTP Port 443 Success 1.3s 
            RMTPT (Tunneling) Default Success 2.8s 
            RMTPT (Tunneling) Port 80 Success 2.8s 
            RMTPT (Tunneling) Port 443 Success 2.9s 
            RMTPT (Tunneling) Port 1935 Success 2.9s 
            
            
            
            WIN 11,4,402,265
            
            RTMP 		DEFAULT	Success
            RTMP 		80     		Success
            RTMP 		443    		Success
            RTMP 		1935   		Success
            RTMPT		DEFAULT	Success
            RTMPT		80     		Success
            RTMPT		443    		Success
            RTMPT		1935   		Success
            
            

            Looks like all those test pass for me.  You behind any sort of double nat?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • K Offline
              klazoid
              last edited by

              Modem is connected directly on pfSense WAN card, all pc's on same LAN subnet. So I guess I have a single NAT (automatic).

              The strange part: Last week, I contacted the publisher of the website. They said they wouldn't change a thing and suddenly (same day of the mail) the movies started to work. I didn't change a thing… My joy wasn't of long duration when I noticed the movies get blocked again since yesterday. This time I have proof they changed something. The standard "server not found rtmpt://" is changed by a custom error message: "This video could not be played. Maybe there is a service on the network that makes it impossible for you to view the movies (ie. corporate firewall)."

              Conclusion: if they want, they can make it work for me, apparantly they dont for some reason. Don't know what I can try more since I've tested this already with an allow * to * rule.

              edit

              I have now tracked the problem down to the squid proxy. I was able to get the movie working in transparant mode but this is a setting I prefer not to use...

              This topic seems related to this problem: http://serverfault.com/questions/264079/force-rtmp-streams-playing-flash-to-be-requested-via-proxy-server

              I've added 'acl Safe_ports port 1935' to the custom options but this didn't work.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                "Modem is connected directly on pfSense WAN card"

                Depends if what your calling a "modem" is really a modem and not a gateway.  What is your pfsense wan IP, does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?

                "I have now tracked the problem down to the squid proxy"

                thought you said they could make it work for you since they changed something?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • stephenw10S Online
                  stephenw10 Netgate Administrator
                  last edited by

                  In the linked forum threads it says that server side configuration can determine whether or not flash respects local proxy settings. Running squid transparently ensures all traffic is proxied (or allowed to pass).
                  Presumably the problem here is that flash ignores the proxy settings and attempts to connect directly. This fails because you are blocking this traffic? You would see this in the logs. Since rtmp traffic attempts initially to use a high port you could just allow that.
                  Or try some sort of SOCKS encapsulation as the thread suggests.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • K Offline
                    klazoid
                    last edited by

                    @johnpoz:

                    "Modem is connected directly on pfSense WAN card"

                    Depends if what your calling a "modem" is really a modem and not a gateway.  What is your pfsense wan IP, does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?

                    "I have now tracked the problem down to the squid proxy"

                    thought you said they could make it work for you since they changed something?

                    Modem is the real cable modem. IP of wan is 81.x.x.x

                    If you watch the tests in the first post, you see the tunneling of rtmp isn't blocked. I guess they didn't use tunneling in the past, turned it on for a moment (the moment it worked for me) and now turned it back off.

                    From what i've read flash ignores proxy settings and tries to use port 1935, 80 or 443 and if this doesn't work alot of website will try to send the data in a capsulated http packet. They don't use that method for some reason. I've tried to add port 1935 to the squid savelist but that didn't fix it.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.