ipfw and real audio

I'm trying to set up ipfw on my rh 5.2 gateway but I'm having trouble with the real audio rules.

I know that there's a control channel on port 554. For this I have the following rules:
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535

Now that seems to work fine as one would expect. The data channel seems to be somewhat harder to get right. The curios bit is that my setup works with http://www.groovetech.com/mkram.rxml?file=/encoder/gtaudio.rm without any problems. This is what I have for the data channel:

ipfwadm -a accept -W ppp0 -I -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

and tcp:

ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

The log shows the following:

IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=4681 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=6217 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=8521 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=14921 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=15433 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=17737 F=0x0040 T=127

I'm not running masq as I have the entire 192.168.137.0 subnet for myself. I'm not sure the port ranges for the data channel are correct and there's surprisingly little documentation about this around.

Any ideas?
htjAsked:
Who is Participating?
 
MagicianConnect With a Mentor Commented:
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971

ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 554 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 554

    # TCP is a more secure method:  7070:7071

    ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 7070:7071 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 7070:7071

    # UDP is the preferred method:  6970:6999
    # For LAN machines, UDP requires the RealAudio masquerading module and
    # the ipmasqadm third-party software.

    ipfwadm -I -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE $UNPRIVPORTS \
            -D $IPADDR 6970:6999

    ipfwadm -O -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR 6970:6999 \
            -D $ANYWHERE $UNPRIVPORTS

UNPRIVPORTS="1024:65535"
EXTERNAL_INTERFACE="ppp0" (guessing, whatever your internet connection is)
IPADDR="(whatever IP address your connection uses)"
ANYWHERE="any/0" (everywhere on the net)

I got these right from a script I made on that site I mentioned.  Try them, substituting whatever values you need.

Hope this helps.
0
 
htjAuthor Commented:
Adjusted points to 140
0
 
htjAuthor Commented:
Adjusted points to 195
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
htjAuthor Commented:
Adjusted points to 205
0
 
htjAuthor Commented:
Adjusted points from 205 to 235
0
 
MagicianCommented:
If you go to the following website:
http://www.linux-firewall-tools.com/linux/firewall/index.html

This is exactly what I used to setup my firewall/IPMASQ.  I configured it to allow Real Audio, and it works.

Hope this helps.
0
 
mapcCommented:
Have you tried the ip_masq_radio kernel module?
0
 
MagicianCommented:
Haven't used IP_MASQ_RADIO module.
0
 
htjAuthor Commented:
bought meself a hardware firewall instead but thanks anyhow.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.