Greetings, I've recently setup Icecast2 and Ices2 from the sources in the CVS repository. Everything seems to be working fine with the exception of a firewall issue that I'm having. Icecast appears to use a TCP connection, for session setup, that is initiated by the client. Icecast then sources a TCP connection back to the client for the stream itself. This basically how non-passive-mode FTP works. This creates a serious problem for anyone using a stateful firewall that blocks incoming TCP SYN, like I am (not by my own choice). Here is the output from netstat: (edited to protect the guilty) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:8000 127.0.0.1:32769 ESTABLISHED tcp 0 333 195.160.32.13:8000 69.33.150.171:2985 ESTABLISHED 195.160.32.13 is the machine running Icecast, 69.33.150.171 the client which is running Winamp. The server and the streamer are on the same machine. Is there anyway to configure Icecast to let the client initiate the stream connection, like passive-mode FTP? I've looked at what documentation that I've been able to get my hands on, but haven't seen anything. Is there hope or am I simply missing something? -Steve <p> -- Progress (n.): The process through which the Internet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals. -- --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Hi there. I think (but i may be wrong) trouble with ftp is that it use 2 ports, one for data, the other for commands. On passive mode, you will still need an open port on the ftp server to get client connection, the difference will be in which computer will start the connection for data socket (port 20). Whatever the mode, ftp server will have to listen on port 21. Icecast use only 1 port, so all you have to do is to accept connection on port 8000. There shall be no active/passive trouble such as ftp. Well, at least this is how i imagine things are , are they not ? :) Pierre Amadio --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Pierre Amadio expunged (pierre.amadio@libertysurf.fr):> Icecast use only 1 port, so all you have to do is to accept connection > on port 8000. There shall be no active/passive trouble such as ftp. > > Well, at least this is how i imagine things are , are they not ? :)I guess I need to provide a packet trace, which I don't have handy. I think that Icecast may initiate a TCP SYN back to the client, which is why I'm having a problem. Stateful firewalls tend not to allow packets back in unless they have the established bit set. If it actually is sending a SYN back for the stream (which I need to verify) it won't set the established bit and the firewall will drop it. <p>-Steve -- Progress (n.): The process through which the Internet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals. -- --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
On Saturday 15 February 2003 06:12, Steve Meuse wrote:> Greetings, > > I've recently setup Icecast2 and Ices2 from the sources in the CVS > repository. Everything seems to be working fine with the exception of a > firewall issue that I'm having. > > Icecast appears to use a TCP connection, for session setup, that is > initiated by the client. Icecast then sources a TCP connection back to the > client for the stream itself. This basically how non-passive-mode FTP > works. This creates a serious problem for anyone using a stateful firewall > that blocks incoming TCP SYN, like I am (not by my own choice).icecast only produces outgoing connections to connect to servers it is relaying. Client connections will never have the behaviour you described. Mike --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.
Michael Smith expunged (msmith@xiph.org):> On Saturday 15 February 2003 06:12, Steve Meuse wrote: > > Icecast appears to use a TCP connection, for session setup, that is > > initiated by the client. Icecast then sources a TCP connection back to the > > client for the stream itself. This basically how non-passive-mode FTP > > works. This creates a serious problem for anyone using a stateful firewall > > that blocks incoming TCP SYN, like I am (not by my own choice). > > icecast only produces outgoing connections to connect to servers it is > relaying. Client connections will never have the behaviour you described.You are 100% correct. The problem turned out to be a client issue. Winamp was doing something strange. I've installed foobar2000 and it's working fine. When I get back from my travels (I'm in London for a few weeks) I'll try to provide more information. -Steve <p><p> -- Progress (n.): The process through which the Internet has evolved from smart people in front of dumb terminals to dumb people in front of smart terminals. -- --- >8 ---- List archives: http://www.xiph.org/archives/ icecast project homepage: http://www.icecast.org/ To unsubscribe from this list, send a message to 'icecast-request@xiph.org' containing only the word 'unsubscribe' in the body. No subject is needed. Unsubscribe messages sent to the list will be ignored/filtered.