Release Notes: RealAudio Systems and Firewalls

Generic Packet-Filtering Firewall Options

Configure the firewall to accept RealAudio Player

Many popular routers, including Cisco and Livingston Portmaster, can be configured to act as "firewalls" by using access control lists to allow traffic destined for some ports to pass from the outside into the inner network and block packets for other ports.

For situations like these, all that is necessary to use any version of the RealAudio Player from the inner network is to allow traffic to pass the router on the ports needed by RealAudio. You must enable traffic on the following range of ports:

  • TCP port 7070
  • UDP ports 6970 - 7170 (inclusive) for incoming traffic only.
The TCP port is used by the client to initiate a conversation with an external RealAudio server, to authenticate the player to the server, and to pass control messages during playback (e.g., pausing or stopping the audio stream).

The range of UDP ports, on the other hand, carry the incoming audio stream. These ports begin to carry traffic only after the player and server have performed the authentication routine, and should be enabled only for incoming traffic.

A slightly safer configuration can be achieved by careful configuration of the TCP port connection. Since you do not want incoming connection attempts on this port, you should configure the router's access control list to allow TCP connections on port 7070 to be initiated from the inside network exclusively. Incoming traffic, on the other hand, should only be allowed if it is part of an ongoing connection. This is assured by requiring incoming TCP packets to have the ACK bit set in the TCP header carried by every packet. The syntax for specifying that the ACK bit must be set varies with the kind of router you own, but for Cisco routers the flag "ESTABLISHED" can be put at the end of the line in an access rule to specify that an incoming packet must be part of an ongoing conversation.

Other Firewall Configuration Options

RealAudio Player 2.0 and later can be configured to work using TCP-only (through port 7070) or using only one specified UDP port (between 1,000 and 9,999). The firewall administrator decides what ports to configure for RealAudio Player. Once the firewall has been configured, edit the RealAudio Player preferences to work with your firewall configuration.

Continue to Third Party Firewall Providers

Table of Contents

Copyright © Progressive Networks, 1995, 1996. All rights reserved. RealAudio is a registered trademark of Progressive Networks, Inc.