Real Audio/Video
Real Audio/Video can be used for transferring sound and/or moving pictures.
When using Real Audio/Video, the client establishes a TCP connection from a high port to port 554 on the server. The server sends data from a high port to a port in the interval 6970-7170, inclusive, on the client. The data is sent using the UDP protocol.
This corresponds to the following service definitions:
| Services | ||||
|---|---|---|---|---|
| Name | Protocol | Firewall type | Client ports | Server ports |
| real-audio | TCP | Dynamic session management | 1024-65535 | 554 |
| real-audio-data | UDP | Packet filter | 1024-65535 | 6970-7170 |
Outgoing Real Audio/Video configuration
Using Rules (no NAT)
Allow the real-audio service from the computers which should be able to run Read Audio/Video (e. g., the Inside) to the servers you want to visit (e. g., Internet). A firewall rule allowing real-audio-data in the opposite direction is needed for the data to reach the client computers. Example:
Using Rules (NAT)
Allow the real-audio service from the computers which should be able to run Read Audio/Video (e. g., the Inside) to the servers you want to visit (e. g., Internet). The data traffic needs no rules as the NAT system handles this automatically.
Incoming Real Audio configuration
When admitting incoming Real Audio to servers behind the firewall, you have two options: using firewall rules or a relay. The relay option works regardless of NAT, but the rules will only work when NAT isn't used.
Using Rules (no NAT)
Allow the real-audio service from the computers which should be able to run Read Audio/Video (e. g., Internet) to your server. A firewall rule allowing real-audio-data in the opposite direction is needed for the data to reach the client computers. Example:
Using Relays (NAT/no NAT)
Define a relay to forward Read Audio/Video connections to the server. Example (supposing 192.168.1.17 is the internal IP address of the Real Audio/Video server):
| Relays | |||||
|---|---|---|---|---|---|
| Listen to ... | Relay to ... | Relay type | Allow access from | ||
| IP address | Port | DNS name or IP address | Port | Networks | |
| Outside (1.2.3.4) | 7070 | 192.168.1.17 | 7070 | TCP relay | Internet |
If you want the server to know the IP addresses of the clients you should change the TCP relay to a semitransparent TCP port forwarding.
N.B.: The visitors should connect to the outside address of the firewall - addresses inside a NAT:ed network aren't visible on the outside.
For more information on Real Audio/Video related traffic, see http://www.realaudio.com/.