Here are some scenarios that you may be running into and this information may be useful in your troubleshooting:
I am having trouble viewing NetShow content in my corporate environment. What kind of information does our network administrator
need to adapt our firewall to receive NetShow content?
Protocol: Multicast
Port In: IP Address 224.0.0.1 to 239.255.255.255
Port Out: between 1-65000
Protocol: UDP
Port In: TCP on 1755
Port Out: UDP between 1024-5000
Protocol: TCP
Port In: TCP on 1755
Port Out: TCP on 1755
Protocol: HTTP
Port In: Port 80
Protocol: MSDB¹
Port In: TCP on 7007 or any hole you decide to punch
Protocol: DCOM²
Port In: TCP 135
¹Except when you are doing MCM to MCM connections and one server is already using port 7007. The default port when doing MSBD for MCM to MCM server connections. (e.g. your active stream sources from a channel server -- not a REX)
In this case the first connection would be on 7007, but the next connection, say from another server, would be on a random port in the 1024-5000 range.
²DCOM dynamically allocates one port per process. So you would have to decide how many ports you wanted to allocate, which would be equivalent to the number of simultaneous DCOM processes through the firewall. You would have to open all of the UDP and TCP ports corresponding to the port numbers you chose. In addition, you would need to open TCP/UDP 135, which is used for RPC End Point Mapping, among other things. In addition, you need to tell DCOM which ports you reserved using the "HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet" registry key which you would probably have to create.
So here is an example that tells DCOM to restrict its port range to 10 ports:
Named Value: Ports
Type: REG_MULTI_SZ
Setting: Range of port. Can be multiple lines such as:
3001-3010
135
Named Value: PortsInternetAvailable
Type: REG_MULTI_SZ
Setting:"Y"
Named Value: UseInternetPorts
Type: REG_MULTI_SZ
Setting: "Y"
One last caveat is that machines outside the firewall MUST be able to access the inside machines by their real IP addresses. Address translation, proxying, and so on are not allowed.
Scenarios valid for the default configuration of client install:
All protocols enabled except UDP.
Browser set for correct proxy config, or player proxy set manually.
HTTP/MMS enabled MCM Server via firewall³
Client WITH remote Winsock will pass.
The Winsock allows for the distribution of UDP packets through the proxy, so the multicast will rollover to TCP.
Client WITHOUT remote Winsock will fail.
If UDP is enabled in the scenario above, then
MS only MCM Server via firewall³
Client WITH or WITHOUT remote Winsock will fail.
Multicast won't be able to rollover to UDP, because it is not enabled on the client side, and the server isn't HTTP-enabled, so TCP rollover will fail as well.
If UDP is SELECTED on the client side, then this will pass, as the rollover will occur to UDP.
If a client is experiencing problems from behind a firewall:³
They do or do not have remote Winsock configured on their system and they are attempting to stream from an MMS-only MCM server with a client in it's default state.
If they have the remote Winsock, they need to select UDP as an enabled protocol on the client.
If they do NOT have the Winsock, they will not be able to receive the stream.
They do have remote Winsock but are attempting to stream from an HTTP/MMS enabled MCM server with a client in it's default state.
They should select UDP and try again.
³Scenarios valid for the default configuration of client install:
All protocols enabled except UDP.
Browser set for correct proxy config, or player proxy set manually.
