RTMP being blocked by firewalls – Flash media server

Posted on Feb 19, 2010

If you ever worked with Flash media server or any other media server for that matter, you probably know they are not working with the regular Internet protocol which is HTTP. All of the media servers (almost all at least) are working on top of a protocol called RTMP.

Now, if you have users working behind a firewall, they probably can’t get passed it’s restrictions and they will (in most cases) be blocked and unable to see your application / video.

If you are working on a server like WebOrb (I’m working with it) then the data will also be blocked, and that is a bug issue.

Today we’re going to solve the problem together. Here’s a way to solve it.

Well, let’s first talk a bit more about RTMP, before ditching it and moving on.

With flash media server you can use RTMP over a few ports (1935, 80). 1935 will probably always be blocked, because it is not a known port and even simple routers often block it.

Port 80 makes things a bit more complicated, you have to make FMS listen to a specific IP or your web-server (if on the same server) will not work.

So, first rule is always to use port 80, this is one way to make more users be able to connect to your application, watch your videos and interact with your service.

The connection is being made like so:

rtmp://your_ip_address:80/app_name

DO NOT use any type of arrays of ports, simply use port 80. If the client can’t connect to RTMP on port 80, he will not be able to connect on RTMP no matter the port you are using.

So, What am I actually saying over here…?

I’m saying you should only make 1 connection attempt, this attempt is on port 80 using RTMP – this should be your first choice. If the connection is unsuccessful, you should move the connection to use RTMPT, which is RTMP encapsulated over HTTP. Firewalls will not block this connection, because it makes RTMP “hide” behind HTTP traffic on port 80.

The connection is made practically the same way:

rtmpt://your_ip_address:80/app_name

Why not use RTMPT at all times?

You should not use RTMPT at all times. because there’s a performance issue, there is an overhead on top of each packet sent.

Why not go through all the possible ports with RTMP first, Why only 80?

In most cases, firewalls will block every port (but 80), the timeouts the user will have to go through will be very long before he will finally be redirected to RTMPT.

I will post some code on how to fallback more efficiently later on this week, this post was actually inspired from a client’s solution I did this week during a consulting session.

Good luck!