Windows Media Encoder (wmenc.exe)

I’m enjoying using comodo personal firewall, but I’ve just recently run into a challenge that I cannot solve myself yet and could use some help.

I’m trying to use Windows Media Encoder to “Broadcast a live event” using “Pull from the encoder (the server or player initiates the connection)”, but I cannot figure out how to configure the firewall. {Note that the quotations marks just above denote exactly the terminology used within the WME application’s menus/dialogs.}

My first guess was to simply enable bi-directional TCP/UDP on the default streaming port (8090), but that does NOT seem to be enough. I DO know that all of this works - even through my router in which I’ve done the proper port forwarding - as long as I have comodo personal firewall set to “allow all”. Hence it is just a matter of getting the firewall settings correct.

Might someone help me, please?

Keep up the good work with the firewall !

-Mike

Please note - I’ve read the FAQ on the Windows Media Connect, but that is a different application. I wouldn’t use the same ports, would I? Perhaps some of them apply, but it seems the “streaming” port is somehow the key… ?
???

Check this link. There you will find more information of which ports are needed to be opened.
http://www.microsoft.com/windows/windowsmedia/forpros/serve/firewall.aspx

Thank you!

Actually, I had tried that information, but without luck. I’m sure it has to do with my misunderstanding, but here goes:

I’ve got WindowsMediaEncoder set up so that remote clients (connecting from the internet) can PULL the stream from my encoder, from port 8090.

Hence, people out on the internet connect to my encoder by going to http://encoder’s_url:8090.

This works GREAT for people trying to connect - I’ve tested it with different people - ONLY as long as I have Comodo Personal Firewall set to “ALLOW ALL”.

Therefore, applying the information from that link,

[i]Streaming from an encoder
Application Protocol Protocol Port Description
HTTP
TCP
8080 (In)
1-65535 (Out)
The Windows Media® server uses the TCP In port to accept the incoming encoder connection when the encoder “pushes” the stream to the server.

The Windows Media server uses the TCP Out port value that is specified in the encoder to “pull” the stream from the encoder. Port 8080 is used by default.

A Windows Media server can be configured to stream live content directly from an encoder source. For a broadcast publishing point to stream a live encoding session, the content path must be set so that the encoder “pushes” the content through the firewall to the server or the server “pulls” the content through the firewall from the encoder.

When pushing a stream, the encoder initiates an HTTP connection with the server through port 8080. On the other hand, when pulling the stream from the encoder, the server initiates the connection, and port configuration for the outbound port is usually not required unless the encoder administrator specifies a different port (other than port 8080). If a different port is used, you must specify the same port when you identify the encoder connection URL for the Windows Media server and when opening the port on your firewall.[/i]

Because I’m having clients using Windows Media Player PULL the streams from my encoder, I believe the above information indicates that I need to set the firewall to allow incoming TCP on port 8090 (because I’m using THAT port instead of 8080).

But I’ve tried various scenarios within Comodo Personal Firewall for this network setting without luck. Hence, I ask for more specifics:

Within CPF, and the Network Control Rules, what, for MY application is considered the “Source IP”? What is the “Remote IP”? Could I not set these to “ANY”?

What are the “Source Port” and “Remote Port”?
Woudn’t this be 8090?

When I set these to what I just suggest above, why doesn’t it work?

I will appreciate your help!

-Mike

You are welcome.

You need to create the following rule:

Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Remote IP = your computer IP adress (you can also use “Any”, if you are using a modem and not a router; by this you won’t have to change the IP address every time you connect in internet )
Source port = Any
Remote port = 8090

Then move the rule up, over the default rule “Block IP in”. ( CPF “reads/applicates” the rules from the top to the bottom)

give it a try and tell me if it worked

ps. For CPF “Source IP” is the adress of the computer which sends the data and “Remote IP” is the computer that receives them. When your computer sends data is consindered Source, when receives them is consindered Remote.

Oh good grief! What you suggested is the first thing I had tried, but in ALL of the experimenting that I did, I did NOT consider the rule ordering! By moving that rule to the top it worked immediately!

Thank you for your help, explanations, and prompt responses!

You and (R)

-Mike

Oops: Clarification: First thing I had tried after you sent me the link to the Microsoft site…

I’m very glad to find this info because I had exactly the same issue - now solved.

However, I still don’t quite see the difference between Application Monitor and Netwrok Monitor. After setting this rule in Network Monitor and starting the broadcast I was prompted by Comodo to approve a rule in the Application Monitor. Why the duplication?

For the Application Monitor, I set the most permissive rule I could think of (TCP/UDP In/Out, Any Destination Port & IP). Is there a way to make it more restrictive if the server always has the same IP?

tia

Everything works exept streaming. I stream to port 1234 (VLC) but can not see anything when security is on. I have set all ports open in/out UDP/TCP for all computers in my LAN.
Have no idea, worked with Norton & Zonealarm.