[Web4lib] Innovative proxy (WAM) and Naxos

Brian Kennison brian at wcsu.edu
Tue Jul 10 13:14:41 EDT 2007 


>In message <2C5A3EEFD5A6FF44B9B6A6B280A5ADF9016DAD86 at EXCHANGEMAIL.AD.UCOP.EDU>, "Alison Ray" writes:
> Brian,
>
>Several University of California campuses also had trouble setting up
>Naxos through the proxy.
>
>Here is some information a UC proxy team found when setting up Naxos:
>The proxy server doesn't exactly proxy streaming media files -- instead
>it
>just opens up a connection or tunnel between the client, itself, and the
>remote
>host.  This tunnel mechanism, CONNECT, is part of the http protocol.
>Until I
>saw this request, I had only allowed http "CONNECT" requests to remote
>ports 443
>(the https port).  I've added ports 1755 and 554 to the list of allowed
>remote
>ports.  I've tested this new configuration (I'm streaming kqed.org using
>windows
>media over port 1755 as I type this) and it does now work; it didn't
>prior to my
>adding ports 1755 and 554 to the proxy server's configuration.
>
>(A different proxy team identified the above solution as a security risk
>and does not support Naxos streaming through their proxy.)
>

Alison thanks for you reply!

When I use netstat to look at the connections to my machine I see that Naxos
(unlike KQED) is connecting on port 80 (plain old web) using TCP  and not the Windows
Media port of 1775 (or 554 rtsp). 

To me this is good news. No ports to open in the firewall and the regular
web proxy should route the traffic as long as the client recognizes that the
stream by mime type and not listening on a particular port. While you don't
gain the adavatages of using UDP it's easy and you don't have to configure
the media player. 


>I also remember that the Naxos site had lots of problems after some
>earthquakes in Asia/Taiwan late last year. I think they indicated that
>the streaming servers were over there, which may explain the 202.130.*.*
>IP address.
>

Yes Naxos is based in Hong Kong. 

So if Naxos is streaming on port 80 why wasn't my proxy working? 

Below is a lookup of the machine that I identified as the streaming server when
connected from on campus. 

 ~-->nslookup 202.130.166.24
Server:         149.152.50.1
Address:        149.152.50.1#53

Non-authoritative answer:
24.166.130.202.in-addr.arpa     canonical name = 24.0.166.130.202.in-addr.arpa.
24.0.166.130.202.in-addr.arpa   name = 24.0.166.130.202.in-addr.arpa.

Authoritative answers can be found from:
0.166.130.202.in-addr.arpa      nameserver = ns4.naxos.com.
0.166.130.202.in-addr.arpa      nameserver = ns3.naxos.com.

If I entered the ip address of this machine in my proxy table it works. 

I'm guessing that the machine did not resolve to be coming from *.naxos.com so
the proxy did not connect. I'm not sure about this though. I've ask the folks
and Naxos if this makes sense but it's 1 in the morning Hong Kong so I expect
I'll have to wait for an answer.

Thanks for you help,

--
Brian Kennison
Western Connecticut State University

More information about the Web4lib mailing list