Icecast - Apr 2018 - NAT and Playlist Question

Brief backstory, previous admin is gone and the previous server died.  What
I could gather was it may have been running Icecast.  I setup Icecast on a
new CentOS 7 server and the server sits behind a firewall.  The links from
the users web site points to and internal address for internal users and an
link to an external address.

I created a listen.pls playlist with the following:

[playlist]
NumberOfEntries=1
File1=http://<INTERNAL IP>:8000/

The website points to this playlist file and it works fine.  However, when
I use the external link offsite I get an error that it cannot download the
listen.pls file and won't play the stream.  Should this work as I have it
configured?  How should I configure Icecast to work behind a NAT firewall
for internal and external users?

Thanks,
Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180402/db3c74a2/attachment.htm>

Do you have access to the firewall settings?

 

If you are going to use port 8000 it needs to be opened for incoming and
outgoing traffic.

 

When most firewalls are activated they have port 8000 closed by default.

 

Larry

 

 

From: Icecast <icecast-bounces at xiph.org> On Behalf Of Inetken
Sent: Monday, April 2, 2018 11:52 AM
To: icecast at xiph.org
Subject: [Icecast] NAT and Playlist Question

 

Brief backstory, previous admin is gone and the previous server died.  What I
could gather was it may have been running Icecast.  I setup Icecast on a new
CentOS 7 server and the server sits behind a firewall.  The links from the users
web site points to and internal address for internal users and an link to an
external address.

 

I created a listen.pls playlist with the following:

 

[playlist]

NumberOfEntries=1

File1=http://<INTERNAL IP>:8000/

 

The website points to this playlist file and it works fine.  However, when I use
the external link offsite I get an error that it cannot download the listen.pls
file and won't play the stream.  Should this work as I have it configured? 
How should I configure Icecast to work behind a NAT firewall for internal and
external users?

 

Thanks,

Ken


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180402/392d9854/attachment.htm>

The port should be opened, as it was working before, but that was a while
ago.  I'll have the network group double check.

Ken

On Mon, Apr 2, 2018 at 10:18 AM, Larry Turnbull <larry at acbradio.org>
wrote:
> Do you have access to the firewall settings?
>
>
>
> If you are going to use port 8000 it needs to be opened for incoming and
> outgoing traffic.
>
>
>
> When most firewalls are activated they have port 8000 closed by default.
>
>
>
> Larry
>
>
>
>
>
> *From:* Icecast <icecast-bounces at xiph.org> *On Behalf Of *Inetken
> *Sent:* Monday, April 2, 2018 11:52 AM
> *To:* icecast at xiph.org
> *Subject:* [Icecast] NAT and Playlist Question
>
>
>
> Brief backstory, previous admin is gone and the previous server died.
> What I could gather was it may have been running Icecast.  I setup Icecast
> on a new CentOS 7 server and the server sits behind a firewall.  The links
> from the users web site points to and internal address for internal users
> and an link to an external address.
>
>
>
> I created a listen.pls playlist with the following:
>
>
>
> [playlist]
>
> NumberOfEntries=1
>
> File1=http://<INTERNAL IP>:8000/
>
>
>
> The website points to this playlist file and it works fine.  However, when
> I use the external link offsite I get an error that it cannot download the
> listen.pls file and won't play the stream.  Should this work as I have
it
> configured?  How should I configure Icecast to work behind a NAT firewall
> for internal and external users?
>
>
>
> Thanks,
>
> Ken
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180402/68a1e974/attachment-0001.html>

You may need to set up a reverse proxy depending on your setup. 

What is the external URL? Is it something like http://example.com ? Or
http://example.com/playlist.pls ? Or perhaps
http://example.com:8000/playlist.pls ?

I guess I am asking if you are natting from 80 to 8000, or something like that.
There could be firewall rules on the outgoing connection that stop getting at
port 8000.

Also, what error do you get when attempting to get the URL with curl or wget?

If your URL is not private, I'd be happy to have a poke at it. I can't
guarantee a solution though haha

Jake



On 3 April 2018 4:52:09 AM NZST, Inetken <inetken at gmail.com>
wrote:
>Brief backstory, previous admin is gone and the previous server died. 
>What
>I could gather was it may have been running Icecast.  I setup Icecast
>on a
>new CentOS 7 server and the server sits behind a firewall.  The links
>from
>the users web site points to and internal address for internal users
>and an
>link to an external address.
>
>I created a listen.pls playlist with the following:
>
>[playlist]
>NumberOfEntries=1
>File1=http://<INTERNAL IP>:8000/
>
>The website points to this playlist file and it works fine.  However,
>when
>I use the external link offsite I get an error that it cannot download
>the
>listen.pls file and won't play the stream.  Should this work as I have
>it
>configured?  How should I configure Icecast to work behind a NAT
>firewall
>for internal and external users?
>
>Thanks,
>Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180403/2eb07be3/attachment.html>

Good afternoon Ken,


On Mon, 2018-04-02 at 09:52 -0700, Inetken wrote:
> Brief backstory, previous admin is gone and the previous server died.  What
> I could gather was it may have been running Icecast.
Things like this sadly happen.

> I setup Icecast on a
> new CentOS 7 server and the server sits behind a firewall.  The links from
> the users web site points to and internal address for internal users and an
> link to an external address.
> 
> I created a listen.pls playlist with the following:
> 
> [playlist]
> NumberOfEntries=1
> File1=http://<INTERNAL IP>:8000/
Generally I suggest against using IP addresses. But see below.

> The website points to this playlist file and it works fine.  However, when
> I use the external link offsite I get an error that it cannot download the
> listen.pls file and won't play the stream.  Should this work as I have
it
> configured?  How should I configure Icecast to work behind a NAT firewall
> for internal and external users?

There are several possible optimal setups. All of them have Icecast with
the same configuration in common. For most stations the default Icecast
configuration works fine (with only passwords changed). Most people
break Icecast by setting too many options.
The default configuration uses port 8000. I suggest to keep this.

Next with NAT you need to ensure the port is forwarded. I generally
suggest not use NAT but routed connections. However this requires a
public IP for your server. But it also solves the problem with
internal/external-split.
I strongly recommend against using a reverse proxy. This works but there
are several pitfalls. This should only be done with a professional
around.

The next step is to decide where to split internal and external users.
There are three possibilities:
     A. You can give internal and external users different URLs to your
        stream. This is the most simple solution but does not work if
        people use the same URL from inside and outside your network.
     B. You can have a server that is reachable from both networks and
        knows the client location (within your network or public
        internet) and generate a playlist based on this. This works
        nicely if such infrastructure already exists. Also it gives you
        a stable playlist URL. However if players cache the Playlist
        they still can't move between networks.
     C. You make Icecast accessible from both networks with the same
        URL. This is the preferred method. This can be done by using a
        static and public IP address for your server. Or by using a
        Hostname that resolves differently from your internal network.
        E.g. bind(DNS server) supports "view"s to allow such setups.

Which solution is best depends a bit on the ecosystem your Icecast runs
within. E.g. if there is any of the other systems already and how much
your clients move around.

As you want to run Icecast behind a NATed connection I guess that it's
also bandwidth limited. I suggest to consider this as well. The
bandwidth needed is about: 2*bitrate*listeners. E.g. with 112kbit/s and
32 listeners the required "upload" bandwidth is about 7.2MBit/s.


I hope that this is of help to you. If you need professional business
support feel free to reply to me off-list.


With best regards,


-- 
Philipp Schafft (CEO/Geschäftsführer) 
Telephon: +49.3535 490 17 92

Löwenfelsen UG (haftungsbeschränkt)     Registration number:
Bickinger Straße 21                     HRB 12308 CB
04916 Herzberg (Elster)                 VATIN/USt-ID:
Germany                                 DE305133015
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180403/d855d3d0/attachment.sig>

Oh one thing I over looked, you say you are populating the pls file with the
internal IP of the machine streaming? Well that's not going to work outside
your network.

Is the error perhaps not that you can't download the pls file, but that it
can't download the contents?




On 3 April 2018 4:52:09 AM NZST, Inetken <inetken at gmail.com>
wrote:
>Brief backstory, previous admin is gone and the previous server died. 
>What
>I could gather was it may have been running Icecast.  I setup Icecast
>on a
>new CentOS 7 server and the server sits behind a firewall.  The links
>from
>the users web site points to and internal address for internal users
>and an
>link to an external address.
>
>I created a listen.pls playlist with the following:
>
>[playlist]
>NumberOfEntries=1
>File1=http://<INTERNAL IP>:8000/
>
>The website points to this playlist file and it works fine.  However,
>when
>I use the external link offsite I get an error that it cannot download
>the
>listen.pls file and won't play the stream.  Should this work as I have
>it
>configured?  How should I configure Icecast to work behind a NAT
>firewall
>for internal and external users?
>
>Thanks,
>Ken
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.xiph.org/pipermail/icecast/attachments/20180404/a6ae4da7/attachment.html>