To allow incoming rtsp streams, I must open incoming TCP port 554. I must also open a range of UDP ports.
6970 through 6999, says http://comments.gmane.org/gmane.comp.security.shorewall/660 .
At least 8466 through 8469, says my own lsof
output, when streaming from youtube (
ffplay rtsp://v3.cache6.c.youtube.com/CjYLENy73wIaLQnyGKRU4VMLjxMYDSANFEIJbXYtZ29vZ2xlSARSBXdhdGNoYIv01r-03I23Tgw=/0/0/0/video.3gp
, if that stays intact for a day or two).
Is there any constraint on which UDP ports an rtsp server might request in the client_port
and server_port
fields of a SETUP request ( http://en.wikipedia.org/wiki/Real_Time_Streaming_Protocol )?
In other words, must I open all UDP ports in my firewall? (I'm using shorewall on Ubuntu, if that makes a difference.)
Best Answer
As an example, the client RealPlayer uses UDP ports 6970-7170 by default, but that range may be changed, says http://docs.real.com/docs/proxykit/rtspd.pdf.
The client VLC needs UDP port 15947, says https://unix.stackexchange.com/questions/48435/enable-rtsp-in-iptables.
Other clients and servers might have other values.
So if you can't assume a particular client or server, then to guarantee incoming rtsp you must indeed open all UDP ports. Sigh.