#1 2009-04-29 14:12:14

**_rviana_**

Cannot Connect due to port 1935

Hey folks,

I am not a connect pro user, but I run a network for an org with some users who occasionally need to connect to 3rd party connect pro meetings.

I've noticed that the adobe client *assumes* that it can connect directly to the internet on port 1935, rather than ask the web proxy server to make that connection on its behalf instead.  Seems that this is a bug...let me explain:

Many large corporations use private address space & internal DNS, and use explicit proxies to get to the internet.  Meaning that client desktops cannot get to someserver:1935, even if the firewalls allowed it.  (this is typically since we don't send a default internet route down to clients...so packets just bounce around internally, and never get to the edge).  In these cases the solution is typically to "do what the browser would have done" which in this case, would be to make the request through the proxy server.  We have many non-browser plugins that all do exactly that (java, activeX, citrix, etc).  It seems that the Connect Pro client simply assumes it can connect directly, and then fails in my case.  Is this something that can be funneled to a proxy perhaps?  Arbitrary TCP connections can be opened if the client asks the proxy to "Connect someserver.com:xxxx" where xxxx is an arbitrary port (commonly 443, but can be any port).

Is there anything we can do to tune the client to send all of its requests (http and not) to a proxy server?

Thanks in advance
-rich

**_connectguy_**

Re: Cannot Connect due to port 1935

I can understand proxying web requests, but why would you want to proxy a stream? 
If you are concerned from a security stand point, then you should consider securing the RTMP traffic and communicating over port 443.

**_rviana_**

Re: Cannot Connect due to port 1935

Our network design is closed (so that people don't default route out to the internet).  Most large corporations do exactly this...

The technique is dual purposed
1. only traffic we expect to get out (properly proxied) gets out.  If you don't have a proxy, your traffic doesn't know where to go

2. traffic that DOES attempt to get to the default gateway, ends up in a honeypot.  On a network with over 100K machines, its a very good indication of who's infected with a virus.  If your PC does talk to the default route (honeypot) then we probably can tell that your machine is trying talking to a device that doesn't exist on our network.

Problem is, I'm not the owner of the application.  In this case, our employees are trying to use adobe connect pro to connect to other meetings hosted by other companies.  It seems that you cannot control the connection method at the client (seems like its controled on the adobe side).  I'd love to have the app use RTMPT, and have it tunneled through the proxy...but it doesn't appear to allow me.

Is there a way to do that?

**_connectguy_**

Re: Cannot Connect due to port 1935

You correct that this is configured at the server end. 
Trust me when I say that you would not want RTMPT anyways.  It causes very bad performance.

**_rviana_**

Re: Cannot Connect due to port 1935

Is there a way to use connect pro without the streaming?  (ala webex or livemeeting? where everything is tunneled)