Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ipfw and real audio

Posted on 2000-02-16
9
Medium Priority
?
252 Views
Last Modified: 2013-12-15
I'm trying to set up ipfw on my rh 5.2 gateway but I'm having trouble with the real audio rules.

I know that there's a control channel on port 554. For this I have the following rules:
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535

Now that seems to work fine as one would expect. The data channel seems to be somewhat harder to get right. The curios bit is that my setup works with http://www.groovetech.com/mkram.rxml?file=/encoder/gtaudio.rm without any problems. This is what I have for the data channel:

ipfwadm -a accept -W ppp0 -I -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

and tcp:

ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

The log shows the following:

IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=4681 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=6217 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=8521 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=14921 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=15433 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=17737 F=0x0040 T=127

I'm not running masq as I have the entire 192.168.137.0 subnet for myself. I'm not sure the port ranges for the data channel are correct and there's surprisingly little documentation about this around.

Any ideas?
0
Comment
Question by:htj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 

Author Comment

by:htj
ID: 2553867
Adjusted points to 140
0
 

Author Comment

by:htj
ID: 2586755
Adjusted points to 195
0
 

Author Comment

by:htj
ID: 2595425
Adjusted points to 205
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:htj
ID: 2615017
Adjusted points from 205 to 235
0
 

Expert Comment

by:Magician
ID: 2642764
If you go to the following website:
http://www.linux-firewall-tools.com/linux/firewall/index.html

This is exactly what I used to setup my firewall/IPMASQ.  I configured it to allow Real Audio, and it works.

Hope this helps.
0
 
LVL 2

Expert Comment

by:mapc
ID: 2645694
Have you tried the ip_masq_radio kernel module?
0
 

Accepted Solution

by:
Magician earned 705 total points
ID: 2655811
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971

ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 554 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 554

    # TCP is a more secure method:  7070:7071

    ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 7070:7071 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 7070:7071

    # UDP is the preferred method:  6970:6999
    # For LAN machines, UDP requires the RealAudio masquerading module and
    # the ipmasqadm third-party software.

    ipfwadm -I -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE $UNPRIVPORTS \
            -D $IPADDR 6970:6999

    ipfwadm -O -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR 6970:6999 \
            -D $ANYWHERE $UNPRIVPORTS

UNPRIVPORTS="1024:65535"
EXTERNAL_INTERFACE="ppp0" (guessing, whatever your internet connection is)
IPADDR="(whatever IP address your connection uses)"
ANYWHERE="any/0" (everywhere on the net)

I got these right from a script I made on that site I mentioned.  Try them, substituting whatever values you need.

Hope this helps.
0
 

Expert Comment

by:Magician
ID: 2655813
Haven't used IP_MASQ_RADIO module.
0
 

Author Comment

by:htj
ID: 2659764
bought meself a hardware firewall instead but thanks anyhow.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question