Which Firewall Ports Should I Open on My Network?

Livestream Producer, Livestream Studio software and the Broadcasters stream through a number of internet ports, which need to be made open to both incoming and outgoing communication.

In (rough) order of importance, they are:

  • TCP 1935
  • TCP 80
  • TCP 443
  • UDP 53 *

Note: Ports 1935, 80, and 443 represent rtmp, http, and https respectively.

 

*Many corporate and academic networks’ security policies will block UDP 53, as it provides DNS.

One or more of these ports may be blocked by firewalls. A firewall can be located on the network and/or on the computer itself. We generally recommend disabling any anti-virus programs at the time of your stream (ex: Norton, McAfee, AVG, Windows Security Essentials, etc. Be sure also to disable Windows Firewall). Apart from consuming valuable CPU resources, many will block one or more of the necessary ports needed for streaming.

If a firewall is active on the network, these ports would need to be opened by an IT/network technician. It is possible, though, to check the status of these ports at any time:

For best results, it is recommended that you are running a stream during these tests, as the encoder will be actively attempting to make the necessary connections.

For OS X/macOS

Original Livestream:

  1. Open the “Network Utility” Tool.
  2. Select the “Port Scan” tab.
  3. Enter “publish.livestream.com” (for Original Livestream) or 
  4. Enter the port(s). If you want to test a specific port, enter only that port in the fields.

Port 1935 is open and ready to go.

Current Livestream:

  1. Open the “Network Utility” Tool.
  2. Select the "Netstat" tab.
  3. Select "Display the state of all current socket connections".
  4. Click "Netstat".

Connections for port 1935 (Macromedia-fcs), port 80 (http) have been successfully established.

For Windows

 

Telnet is NOT enabled by default on Windows Vista, Windows 7, and Windows 8.  To enable it:

  1. Start → Search for “Turn Windows features on or off” and select the option from the list.
  2. Once the box appears, look for “Telnet Client”. Enable it and click OK (it may take a few minutes for it to fully take effect).

For Original Livestream:

  1. Open the Command prompt (Start → Search for “cmd”)
  2. Type the command as shown in the image below (publish.livestream.com + “port” if testing a specific port.)

3.  After typing the command (in this case “publish.livestream.com 80”), you will see a blinking cursor for a period of time, indicating that the connection was successful. (Use “ctrl + ]” to quit telnet.)

If the connection fails, you will see the following message:

You can also listen to open ports on your network using the netstat -f command (the -f parameter forces the destination to resolve to its domain equivalent.)

 

Original Livestream:

From the above image, you can see that TCP connections for 212-71.livestream.com:1935 and 212-71.livestream.com:http were ESTABLISHED successfully, while TCP connection for 212-130.livestream.com:https and 213-72.livestream.com:https shows as CLOSE_WAIT (which means the connection was closed and is waiting to be authenticated).

 

Current Livestream:

Connection to port 1935 has been successfully established.

Note: Ports 1935, 80, and 443 represent rtmp, http, and https respectively.

IP Range: Since the Livestream uses Akamai, a distributed CDN, there isn't an IP range a user can whitelist. Since Akamai is dynamically structured, any IP ranges (even if publicly available) would change regularly based on streams taking new routes through Akamai's network. This is why it's absolutely critical that they have the necessary firewall ports open to both incoming and outgoing communication.

In short, for viewing please allow the following in the network:

  • akamaiedge.net
  • akamaihd.net

Note for corporate customers:  WebSense, the web filtering company, blocks Akamai from being accessed, which in many cases causes the event page and player to fail to load any content.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.