- Firewall definition
- How RealPlayer, RealServer, and firewalls work together
- Types of firewalls
- More information
A firewall is used to prevent unauthorized access to a network. A network can be made up of a company's local area networks, wide area networks, and the Internet, or it can be just an Internet Service Provider preventing inappropriate access to the files of its customers.
The firewall's role is to ensure that all communication between an organization's network and the Internet, in both directions, conforms to the organization's security policies.
In general, firewalls permit one-way access to the Internet. Because RealServer and RealPlayer need to establish two-way communication to stream and receive media content, firewalls may reject RealPlayer's attempt to establish this connection, and the RealPlayer's request for a clip will "bounce" off the firewall.
RealNetworks designed both RealPlayer and RealServer to work with a firewall while still protecting the company's internal networks. By making a few quick changes to your firewall, RealServer, RealPlayer, or a combination of the three, you can still use the security advantages of a firewall while enjoying streaming media.
Firewalls,
RealPlayer, and RealServer
As discussed above, a firewall's main security feature requires that the firewall
block two-way communication--but RealPlayer and RealServer need two-way communication.
The effect of firewalls on RealPlayer and RealServer is shown in this section.
When no firewall exists between a RealPlayer and RealServer, the RealPlayer
first establishes a two-way TCP connection to the RealServer. RealServer uses
this connection initially as a means of sending information to the Player about
the streamed media, such as the name, length, and copyright of the clip. The
Player uses the connection to send commands to RealServer when features such
as the "play" and "stop" buttons are activated.
After the initial connection is established, RealServer then establishes a
UDP channel back to RealPlayer. The actual media is sent along this channel.
The UDP channel is more like a custom radio channel than a telephone call; the
Player has no way of sending information back to RealServer over this UDP channel.
If the RealPlayer is behind a firewall that is not configured to pass requests
from applications such as RealPlayer, the request "bounces" from the
firewall and the RealServer never receives the request:
If the RealPlayer is behind a firewall that allows TCP requests but does not
allow UDP requests, the RealServer's attempt to send a UDP stream will be refused:
Firewalls generally fall into two categories: application-level firewalls
(such as proxies) and network-level firewalls (such as packet filters).
Many organizations use a combination of network-level and application-level
firewalls to achieve a higher level of security than either alone can provide.
In this discussion, each type is covered separately. You might have to apply
both sets of instructions.
Application-level firewalls first determine if a requested connection between
a computer on the internal network and one on the outside is permitted. If the
connection is authorized, the firewall, mimicking the application, sets up the
necessary communication links between the two computers. As an intermediary,
the firewall can monitor the communication between the two networks and suppress
any unauthorized activity.
Because an application-level firewall acts as an intermediary between RealPlayer
and RealServer, the firewall itself must know how to handle the RealPlayer protocol.
You can modify your application-level firewall
to work with RealPlayer.
Rather than impersonating an application, as do application-level firewalls,
network-level firewalls examine the packets of information sent at the transport
level to detetermine whether a particular packet should be blocked. Each packet
is either forwarded or blocked based on a set of rules defined by the firewall
administrator.
A common configuration for network-level-filtering firewalls is to allow all
connections initiated by machines inside the firewall, and restrict all connections
for machines outside of the firewall. For most programs, this works well since
they usually only establish a single outbound TCP connection. However, RealPlayer
and RealServer maintain two simultaneous connections: a TCP connection for sending
RealPlayer commands and a UDP connection to stream the actual media according
to the instructions received via TCP. The TCP connection initiated by the Player
for controlling the connection will work fine. But because network-level filters
block UDP as a matter of course, the UDP stream sent by the RealServer will
be deflected off the firewall and never reach the Player that made the request.
You can modify your network-level firewall to
work with RealPlayer.
How
do I get more information?
We have instructions for modifying your firewall.
If the pages here don't answer your question, Contact Technical Support.
Application-level firewalls ("proxy" firewalls)
Network-level firewalls ("packet-filtering" firewalls)