Firewalls and Ports Used by Microsoft NetShow

ID: Q189416

The information in this article applies to:

SUMMARY

The following article outlines the ports used by Microsoft NetShow Streaming Media Services.

MORE INFORMATION

Stream type: Multicast Protocol used: UDP multicast Ports used: 1-65000 Special notes: Multicast streams are broadcast on IPs specified by the NetShow Administrator within the following range: 224.0.0.1 to 239.255.255.255. The UDP port used for multicast streams is specified by the NetShow Administrator and falls within the following range: 1 - 65000.

Stream type: UDP unicast stream Protocols used: UDP and TCP Ports used: TCP-1755 and a UDP port within the following range: 1024 - 5000 Special notes: When using UDP streams, the client first makes a

   connection to the NetShow server using TCP port 1755. After this
   connection is established, the client and the server choose the UDP
port
   that will be used by the server to stream the NetShow content down to
   the client.

Stream type: TCP unicast stream Protocol used: TCP Port used: 1755 Special notes: None

Stream type: HTTP unicast stream Protocol used: TCP Port used: 80 Special notes: In most cases, this port will already be opened for

  Web traffic. The Microsoft Media Player is also capable of using an HTTP
  Web proxy to receive an HTTP unicast stream.

Stream type: MSBD distribution stream Protocol used: TCP MSBD 1 Port used: 7007 Special notes: For server-to-server communication, TCP7007 is the default.
   However, when you are doing server-to-server MSBD connections and one
   server is already using port 7007, additional connections can be made
   on a random port in the 1024-5000 range. In some cases, such
   as Real Time Encoder to server, this port can be changed to use a value
   between 1 and 65000. If you are using a Real Time Encoder configured to
   use a stream alias to connect to a NetShow server, you must open the
   appropriate ports for DCOM to pass through the firewall. See the DCOM
   notes below for more information.

Stream type: HTTP distribution stream Protocol used: TCP Port used: 80 Special notes: In most cases this port will already be opened for Web
   traffic.

Special DCOM Considerations

Some of the NetShow components use DCOM, specifically the NetShow Administrator and the Real Time Encoder, which is configured to use a stream alias.

Protocol used: TCP, UDP Port used: TCP-135, UDP-135, and UDP1-65000 Special notes: DCOM dynamically allocates one port per process. You

   must decide how many ports you want to allocate, which is equivalent to
   the number of simultaneous DCOM processes through the
   firewall. You must open all of the UDP and TCP ports
   corresponding to the port numbers you choose. In addition, you must
open
   TCP/UDP 135, which is used for RPC End Point Mapping, among
   other things. In addition, you must tell DCOM which ports you
   reserved using the following registry key:

      HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet

   You probably will have to create this key.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

Here is an example of how to restrict DCOM to a range of 10 ports:

Named value: Ports Type: REG_MULTI_SZ Setting: Range of port. Can be multiple lines such as: 3001-3010 135.

Named value: PortsInternetAvailable Type: REG_MULTI_SZ Setting: "Y"

Named value: UseInternetPorts Type: REG_MULTI_SZ Setting: "Y"

One last caveat: Computers outside the firewall must be able to access the inside computers by their real IP addresses. Address translation, proxying, and so on are not allowed.

Keywords          :  
Version           : WINNT:2.0,3.0
Platform          : winnt
Issue type        : kbinfo

Last Reviewed: October 6, 1998