Solved

ipfw and real audio

Posted on 2000-02-16
9
249 Views
Last Modified: 2013-12-15
I'm trying to set up ipfw on my rh 5.2 gateway but I'm having trouble with the real audio rules.

I know that there's a control channel on port 554. For this I have the following rules:
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535

Now that seems to work fine as one would expect. The data channel seems to be somewhat harder to get right. The curios bit is that my setup works with http://www.groovetech.com/mkram.rxml?file=/encoder/gtaudio.rm without any problems. This is what I have for the data channel:

ipfwadm -a accept -W ppp0 -I -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

and tcp:

ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

The log shows the following:

IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=4681 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=6217 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=8521 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=14921 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=15433 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=17737 F=0x0040 T=127

I'm not running masq as I have the entire 192.168.137.0 subnet for myself. I'm not sure the port ranges for the data channel are correct and there's surprisingly little documentation about this around.

Any ideas?
0
Comment
Question by:htj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 

Author Comment

by:htj
ID: 2553867
Adjusted points to 140
0
 

Author Comment

by:htj
ID: 2586755
Adjusted points to 195
0
 

Author Comment

by:htj
ID: 2595425
Adjusted points to 205
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:htj
ID: 2615017
Adjusted points from 205 to 235
0
 

Expert Comment

by:Magician
ID: 2642764
If you go to the following website:
http://www.linux-firewall-tools.com/linux/firewall/index.html

This is exactly what I used to setup my firewall/IPMASQ.  I configured it to allow Real Audio, and it works.

Hope this helps.
0
 
LVL 2

Expert Comment

by:mapc
ID: 2645694
Have you tried the ip_masq_radio kernel module?
0
 

Accepted Solution

by:
Magician earned 235 total points
ID: 2655811
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971

ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 554 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 554

    # TCP is a more secure method:  7070:7071

    ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 7070:7071 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 7070:7071

    # UDP is the preferred method:  6970:6999
    # For LAN machines, UDP requires the RealAudio masquerading module and
    # the ipmasqadm third-party software.

    ipfwadm -I -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE $UNPRIVPORTS \
            -D $IPADDR 6970:6999

    ipfwadm -O -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR 6970:6999 \
            -D $ANYWHERE $UNPRIVPORTS

UNPRIVPORTS="1024:65535"
EXTERNAL_INTERFACE="ppp0" (guessing, whatever your internet connection is)
IPADDR="(whatever IP address your connection uses)"
ANYWHERE="any/0" (everywhere on the net)

I got these right from a script I made on that site I mentioned.  Try them, substituting whatever values you need.

Hope this helps.
0
 

Expert Comment

by:Magician
ID: 2655813
Haven't used IP_MASQ_RADIO module.
0
 

Author Comment

by:htj
ID: 2659764
bought meself a hardware firewall instead but thanks anyhow.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
parallel rsync issues with Ubuntu 1 50
NTPD Client Port Usage 12 94
Certificate Request CentOS/Apache 1 57
cmake and message 1 23
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question