powered by Jive Software

Red5 SparkWeb firewall issue

I have installed red5 and SparkWeb is working when iptables are turned off. I have added port 7070 to exceptions. Also i tried 7071 (SSL port in Http-bind settings), tried 1935. No go.

Another question. Do i have to have 5229 in firewall exceptions when using red5? Is it still accessing the server at this port to get crossdomain policy file?

wroot,

a bit of education for me. What is the purpose of iptables?

if you are using the patched openfire.jar file or if the latest openfire nightly build with a fix for the on port 5222, then you might need to open 5229. Not tested this idea, just a guess.

iptables is a linux firewall. I had to open 5229 port in my server (5222 was already open) to be able to use original SparkWeb. Now i’m trying with red5 SparkWeb (not patched or nightly build, just Openfire 3.6.2). red5 SparkWeb is connecting through 7070 port, but it seems it’s not enough to has this port opened. I get not authorised errors with firewall turned on.

Since you are using http-bind port 7070, I suspect flash will initially send a policy request and Openfire will respond with permission for 7070. However there is an explict request to load the policy file from port 5229 in the code, I think you should open that port or Flash will trigger a security exception.

The red5 sparkweb will attempt to open an RTMP connection on port 1935 to the Red5 sip application if you configure a a sip device for the sparkweb user. Another connection to the Red5 oflademo application is also made and closed when you make red5 video calls.

I have 5229 and 7070 opened, but it doesnt help. It was working with the original SparkWeb with 5222 and 5229 opened.

I’ve checked with TCPView and found out that 5223 port is in use for TLS connection in Red5 SparkWeb. Also in Red5 SparkWeb config i see that PolicyFile is fetching from 5230 port. So i have added 5223 and 5230 (removed 5229) to my firewall exceptions list. 7070 was already added before. And now it seems to work fine.

5223 would be deprecated at some moment, so probably this would has to be changed in future.

The port 5230 was me. Before I discovered the problem with openfire and patched it, I implemented a policy file server on port 5230 in the red5 plugin to serve permission on ports 5222 and 5223. With the patched openfire.jar and hopefully next release, this feature will be redundant and the normal openfire policy server on port 5229 will work fine.

Were you speaking about this patch? http://www.igniterealtime.org/issues/browse/JM-1500 It should be released today. So then i can change it to port 5229 in red5 SparkWeb config? But what about 5223 port? If i use TLS, then this port will still be in use? But this port would be derecated as i understand. It’s written in the Admin Console.