Opening Firewall or Proxy Ports for IBM Cloud Video Broadcasting and Viewing

In order to broadcast or view streams, you will need to ensure that any firewall is configured to allow traffic on specific ports. A firewall can reside on your local machine, on your router, or as part of your corporate network.

Firewall settings needed for viewing streams

In order to watch Ustream streams you have to create the following stateful firewall rules, assuming you have a regular internet connection:

  • Outgoing UDP destination port 53 to your nameserver or any IP for domain name resolution (DNS)
  • Outgoing TCP destination port 80, 443 to any IP for web
  • Outgoing TCP destination port 1935 to any IP for streaming
  • Outgoing TCP destination ports 8001-8004 to the IP address ranges listed below for IRC chat

Setting up firewall rules on Microsoft Windows

Setting up firewall rules on Mac OS X

Firewall settings needed for broadcasting

In order to Broadcast via Ustream you have to create the following stateful firewall rules, assuming you have a regular internet connection. In case you are behind a corporate firewall please ensure your IT department configures the firewall to accommodate these settings:

  • Outgoing UDP destination port 53 to your nameserver or any IP for domain name resolution (DNS)
  • Outgoing TCP destination port 80, 443 to IP ADDRESS RANGES below (WEB)
  • Outgoing TCP destination port 1935 to IP ADDRESS RANGES below (RTMP - this may be used to deliver the stream)

Optional: If you have secure ingest setup for your account, you will need to open these additional ports.

  • Outgoing TCP destination port 4444 to IP ADDRESS RANGES below
  • Outgoing UDP destination port 2070-2090 to IP ADDRESS RANGES below

Domain names

Many enterprise customers use a proxy server to manage the HTTP and HTTPS traffic within their intranet. These proxy servers can become overwhelmed if all video streaming traffic is also channeled through them. To avoid this, proxy servers allow you to define an exclude list of domain names, which allows any traffic to these domains to bypass the proxy server.

Ustream products uses several domain names as part of its service delivery. These domain names are categorized into:

  • Control plane - such as access to the web portal, support etc. - this traffic may flow via the proxy or bypass it.
              ustream.tv
              *.ustream.tv
              ustreamstatic-a.akamaihd.net
              ustvstaticcdn1-a.akamaihd.net
              ustvstaticcdn2-a.akamaihd.net
              *.deepcaching.com
              video.ibm.com
              *.video.ibm.com
              *.services.video.ibm.com
              archive.ubuntu.com
              ubuntu.pool.ntp.org
  • Data plane - large volume of video data as pulled by the video player - this traffic should bypass the proxy.
              *.deepcaching.net
              vod-cdn.ustream.tv
              ustreamssl-a.akamaihd.net
              uhsakamai-a.akamaihd.net
              ustream.lldns.net

IP Address Ranges

List of IP address ranges you have to create firewall filters for (updated 4/11/17)

In order to ensure a smooth experience, please whitelist *all* of the following IP address ranges regardless of which locations are closest to your streaming location.

IP LOCATION
169.53.37.192/27 Dallas, TX, USA, North America
169.44.81.160/27 Dallas, TX, USA, North America
169.50.20.32/27 Frankfurt, Germany, Europe
161.202.59.160/27 Hong Kong, China, Asia
159.122.214.48/28 London, United Kingdom, Europe
169.50.194.128/27 London, United Kingdom, Europe
169.57.34.16/28 Querétaro, Mexico, North America
169.57.154.248/29 Sao Paulo, Brasil, South America
169.57.165.32/27 Sao Paulo, Brasil, South America
50.23.174.32/27 Seattle, WA, USA, North America
168.1.193.160/27 Sydney, Australia, Oceania
161.202.236.96/27 Tokyo, Japan, Asia
169.45.252.224/27 Washington, D.C., CO, USA, North America
169.47.38.32/27 Washington, D.C., CO, USA, North America
169.38.91.128/28 Chennai, India, Asia
169.55.185.16/28 Toronto, Canada, North America
199.66.236.0/22 San Jose, CA, USA, North America
8.22.49.0/24 San Jose, CA, USA, North America
50.202.236.0/24 San Jose, CA, USA, North America
64.214.133.0/24 San Jose, CA, USA, North America
165.254.3.0/24 San Jose, CA, USA, North America
185.23.108.0/24 Amsterdam, Netherlands, Europe
161.202.195.128/27 Singapore, Singapore, Asia
169.56.78.32/27

Seoul, South Korea, Asia

Firewall settings needed for ECDN servers

ECDN servers are deployed behind customer firewalls. These servers act as local caches for the video streaming content. To pull down the content, they need outbound-to-Internet network connectivity. The list below indicates the IP address ranges on the Internet that should be reachable from the ECDN servers. No inbound connectivity from Internet is needed.

  • Used for setting the clock on the ECDN servers - outgoing UPD port 123. Required.

    Clock synchronization is needed for SSL connections to work. Either use a local NTP server(s) or open port 123 to:

    [0-3].ubuntu.pool.ntp.org
  • Ubuntu repositories - outgoing TCP port 80. Required.

    archive.ubuntu.com (91.189.88.149, 91.189.88.152, 91.189.88.161, 91.189.88.162, 91.189.91.26)

Firewall settings needed for IRC Chat

  • ports 6667,843, and 8076
  • If your channel was created after May 4, 2017, your channel is not using the legacy IRC chat but the New Chat (see below)

Firewall settings needed for New Chat

  • ports 8001-8004
Powered by Zendesk