#1 2009-03-11 06:37:05

**_RobZ_**

Tunneling Connect port 1935 over port 80

Hello everybody.

Still learning Connect Pro 7 so bear with me :-)

I'm testing CS7 + SP2 on a Windows 2003 Server box and I'm trying to follow the guidelines given in the following article:

http://kb.adobe.com/selfservice/viewCon … d=2405470e

I've activated the Win2003 firewall and made sure only TCP port 80 is allowed; after restarting the services I tried by accessing a meeting (as attendee) from an external host which could not connect over port 1935 (I checked it against "netstat" which reported "SYN_SENT").

After some minutes, the attendee's browser did timeout.

From what I gathered, the following lines *should* instruct the client to connect to port 1935 *first*; if a connection cannot be made, the client should switch to port 8506 and so on and so forth until port 80.

HTTPS_PORT=8443
       DEFAULT_FCS_HOSTPORT=:1935,443,80
       RTMP_SEQUENCE=rtmp://external-host:1935/?rtmp://localhost:8506/,
       rtmp://external-host:443/?rtmp://localhost:8506/,
       rtmp://external-host:80/?rtmp://localhost:8506/,
       rtmpt://external-host:443/?rtmpt://localhost:8506/,
       rtmpt://external-host:80/?rtmpt://localhost:8506/

While experimenting I found out that I could really tunnel all the RTMP traffic over port 80 by changing the above as follows:

HTTPS_PORT=8443
       DEFAULT_FCS_HOSTPORT=:80,443,1935
       RTMP_SEQUENCE=rtmp://external-host:80/?rtmp://localhost:8506/,
       rtmp://external-host:443/?rtmp://localhost:8506/,
       rtmp://external-host:1935/?rtmp://localhost:8506/,
       rtmpt://external-host:443/?rtmpt://localhost:8506/,
       rtmpt://external-host:80/?rtmpt://localhost:8506/

After restarting the services I was able to get to the meeting over port 80 only from an external client.

My question: is there a way with which you can tell the client to try port 1935 first and, in case of problems, switch to other ports (as the "RTMP_SEQUENCE" name seems to suggest)?

Thanks,
Rob

**_connectguy_**

Re: Tunneling Connect port 1935 over port 80

Hi Rob,

Unfortunately you came across an incorrect technote. 
The last two sequences in it should read

       rtmpt://external-host:443/?rtmp://localhost:8506/,
       rtmpt://external-host:80/?rtmp://localhost:8506/

Notice the removal of the "t" in the localhost section.
If that doesn't work please write back. 

However, if you are looking for your best chance of connection without the performance degradation that tunneling causes, may I suggest securing the meeting server. 

That way you will connect over port 443.  I have not seen a firewall that allows port 80 but doesn't allow port 443. 

Cheers,
Brad

**_RobZ_**

Re: Tunneling Connect port 1935 over port 80

Hi Brad.

Thank you very much for your answer.

Unfortunately, things did not change even after amending the lines as you suggested :-(

At the minute, my custom.ini file is as follows:

=== cut here === 8< ===

HTTPS_PORT=8443
DEFAULT_FCS_HOSTPORT=:1935,443,80
RTMP_SEQUENCE=rtmp://external-host:1935/?rtmp://localhost:8506/,
       rtmp://external-host:443/?rtmp://localhost:8506/,
       rtmp://external-host:80/?rtmp://localhost:8506/,
       rtmpt://external-host:443/?rtmp://localhost:8506/,
       rtmpt://external-host:80/?rtmp://localhost:8506/

=== cut here === 8< ===

As per the knowledgebase, I configured the HTTP port as 8080 in the "Server configuration"; after making the above changes, I did restart Connect services but the attendee's session always hangs while trying to connect over port 1935.

After a few minutes, the attendee gets the following message:

System error
The Meeting Room could not connect to the Connect Pro Server. Please re-launch the Meeting Room, or refresh your browser to restore the connection.

If I click over the "Troubleshooting" page, the "Connect Pro Connection Test" fails with the "Unable to Connect" message.

While the attendee's session was hanging, I performed a "netstat -an --tcp" command on the attendee's workstation (a Linux box) to reveal the following:

tcp        0      1 192.168.0.37:15151    192.168.0.61:1935     SYN_SENT

Some other pieces of info:

. the Connect Pro server is version 7 + SP2 hosted on a Windows 2003 R3 Server
. the Win2003 server is a virtual one hosted on a VMWare Server 2.0 box
. I activated the embedded Win2003 firewall and only allowed port 80 to get through
. by checking the %WINDIR%\pfirewall.log file I'm able to see connection attempts from the client to the server at port 1935 (and this port only)
. the attendee's box is a OpenSuSE 11.0 x86 box with Firefox 3.0.6 and the Shockwave Flash 9.0 r159 plugin
. I've also tried by using a Windows XP SP3 box with Firefox 3.0.5 and iExplorer but things did not change
. both the OpenSuSE and the XP box work fine when the Win2003 firewall is turned off

Concerning your suggestion to switch over port 443, since this is a test installation and due to the fact Connect Pro cannot work with self-signed certificates, I'll prefer sticking over port 80 and getting a better understanding on how things really work in connect before buying a "real" certificate.

Thanks again for your help,
Rob

**_connectguy_**

Re: Tunneling Connect port 1935 over port 80

Hi Rob,

Sorry to hear that isn't working. 
I will try to get it working on a local install of 7 SP2 and let you know the results. 

While connect doesn't support self signed certs, many companies offer trial certs which do work. 
I have used Entrust and Verisign trial certs in the past.

Cheers,
Brad

**_RobZ_**

Re: Tunneling Connect port 1935 over port 80

Hi.

Thanks again for your feedback.

I knew about trial certificates and for sure I'll give them a try before putting the system into production.

Please let me know if you're able to reproduce the issue I'm experiencing.

Cheers,
Rob

**_alanvanwyk_**

Re: Tunneling Connect port 1935 over port 80

I have exactly this problem.

It seems that some users are able to hit the Adobe.com website test page, but not my installation . .while other web based users can.

I'd like to know exaclty how the Connect Pro box at Adobe is set up - as it seems to accept my connection (even from restricted Vlans on my newtork) without any problems?

The main thing is that it seems that the client tries to negate the proxy server when it requests port 1935 access.

I have tried the above configs without any luck.

Please help . . .

Last edited by **_alanvanwyk_** (2009-05-15 05:15:12)

**_alanvanwyk_**

Re: Tunneling Connect port 1935 over port 80

Anyone?

**_alanvanwyk_**

Re: Tunneling Connect port 1935 over port 80

This is now resolved.
The above config should work, but there should be no line breaks in the connection string.
i.e. RTMP_SEQUENCE=rtmp://external-host:1935/?rtmp://localhost:8506/,
       rtmp://external-host:443/?rtmp://localhost:8506/,
       rtmp://external-host:80/?rtmp://localhost:8506/,
       rtmpt://external-host:443/?rtmp://localhost:8506/,
       rtmpt://external-host:80/?rtmp://localhost:8506/

Should actually be:
RTMP_SEQUENCE=rtmp://external-host:1935/?rtmp://localhost:8506/,rtmp://external-host:443/?rtmp://localhost:8506/,rtmp://external-host:80/?rtmp://localhost:8506/,rtmpt://external-host:443/?rtmp://localhost:8506/,rtmpt://external-host:80/?rtmp://localhost:8506/

Hope this saves someone the pain it gave me!

**_chang_**

Re: Tunneling Connect port 1935 over port 80

I'm also trying to do this procedure, but can not, you just inserted these lines in custom.ini and Adobe already try to use port 80? It did not conflict with your web server?