[rtmpdump] r120 - trunk/README

Howard Chu hyc at highlandsun.com
Wed Dec 30 10:49:56 CET 2009


hyc wrote:
> Author: hyc
> Date: Mon Dec 28 09:53:48 2009
> New Revision: 120
>
> Log:
> Add note about rtmpsrv

> +On Linux you can also use iptables to redirect all outbound RTMP traffic.
> +You can do this as root:
> +
> +iptables -t nat -A OUTPUT -p tcp --dport 1935 -j REDIRECT

I think the BSD ipfw command can do something similar. I don't have a BSD 
system handy but from reading the ipfw(8) manpage, I think it would look like:

ipfw add 40 fwd 127.0.0.1 1935 tcp from any to any 1935

> +
> +In my original plan I would have the transparent proxy running as a special
> +user (e.g. user "proxy"), and regular Flash clients running as any other user.
> +In that case the proxy would make the connection to the real RTMP server. The
> +iptables rule would look like this:
> +
> +iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner \! --uid-owner proxy \
> + -j REDIRECT

Likewise the corresponding BSD command would be

ipfw add 40 fwd 127.0.0.1 1935 tcp from any to any 1935 not uid proxy

If anyone can test this and report back, that would be helpful...

It also looks like we don't actually need the Linux-specific sockopt to 
retrieve the true destination address, since it's usually provided in the 
tcUrl of the Connect request. But I guess it would save some time to actually 
use it since the kernel provides it...


More information about the rtmpdump mailing list