[Icecast] How to reach listeners behind corporate firewall

Greg J. Ogonowski greg at orban.com
Sun Jun 5 23:24:17 UTC 2005

Binding to port 80 is certainly a good idea to get through most firewalls, 
however, many of the newer corporate firewalls that I am seeing in place 
use content filtering.  With  content filtering, you will not get streams 
through on any port.

I have tested this at a couple of client's sites recently, and proven to be 
true.  Many corporations do not want streaming traffic on their corporate 
networks.  Because of the inefficient Microsoft Windows Exchange Servers 
most are running, they barely have enough bandwidth available to handle 
their business traffic, much less adding streaming traffic to the mix.


At 14:00 2005-06-05, _+icecast at sucs.org wrote:
>Ron Blok wrote:
>>Hi fellow icecast users,
>>I get more an d more complaints from listeners who are trying to listen to
>>our stream behind a firewall.
>>It seams that more and more companies block port 8000 in their firewalls.
>>Is there a solution for these cases ? I have somewhere read something about
>>streaming on port 80 instead of 8000.
>>Is this the solution ? Or ???
>You can tell icecast to bind to port 80 instead of 8000, but this may
>require root privileges.
>Or just use a D-NAT rule in what ever firewall your using..
>I use the following rule for iptables/netfilter
>iptables -t nat -A PREROUTING -i eth0 -p TCP --dport 80 -j DNAT --to
>This has the effect of making it appear to the outside world that icecast 
>is listening on both 80 and 8000, and is going to be a lot cheaper in 
>terms of resources than proxying the connection.
>Chris Jones, SUCS Admin
>Icecast mailing list
>Icecast at xiph.org

Greg J. Ogonowski
VP Product Development
1525 Alvarado St.
San Leandro, CA  94577  USA
TEL +1 510 351-3500
FAX +1 510 351-0500
greg at orban.com

More information about the Icecast mailing list