Solved

ipfw and real audio

Posted on 2000-02-16
9
251 Views
Last Modified: 2013-12-15
I'm trying to set up ipfw on my rh 5.2 gateway but I'm having trouble with the real audio rules.

I know that there's a control channel on port 554. For this I have the following rules:
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535

Now that seems to work fine as one would expect. The data channel seems to be somewhat harder to get right. The curios bit is that my setup works with http://www.groovetech.com/mkram.rxml?file=/encoder/gtaudio.rm without any problems. This is what I have for the data channel:

ipfwadm -a accept -W ppp0 -I -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

and tcp:

ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

The log shows the following:

IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=4681 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=6217 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=8521 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=14921 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=15433 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=17737 F=0x0040 T=127

I'm not running masq as I have the entire 192.168.137.0 subnet for myself. I'm not sure the port ranges for the data channel are correct and there's surprisingly little documentation about this around.

Any ideas?
0
Comment
Question by:htj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 

Author Comment

by:htj
ID: 2553867
Adjusted points to 140
0
 

Author Comment

by:htj
ID: 2586755
Adjusted points to 195
0
 

Author Comment

by:htj
ID: 2595425
Adjusted points to 205
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:htj
ID: 2615017
Adjusted points from 205 to 235
0
 

Expert Comment

by:Magician
ID: 2642764
If you go to the following website:
http://www.linux-firewall-tools.com/linux/firewall/index.html

This is exactly what I used to setup my firewall/IPMASQ.  I configured it to allow Real Audio, and it works.

Hope this helps.
0
 
LVL 2

Expert Comment

by:mapc
ID: 2645694
Have you tried the ip_masq_radio kernel module?
0
 

Accepted Solution

by:
Magician earned 235 total points
ID: 2655811
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971

ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 554 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 554

    # TCP is a more secure method:  7070:7071

    ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 7070:7071 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 7070:7071

    # UDP is the preferred method:  6970:6999
    # For LAN machines, UDP requires the RealAudio masquerading module and
    # the ipmasqadm third-party software.

    ipfwadm -I -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE $UNPRIVPORTS \
            -D $IPADDR 6970:6999

    ipfwadm -O -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR 6970:6999 \
            -D $ANYWHERE $UNPRIVPORTS

UNPRIVPORTS="1024:65535"
EXTERNAL_INTERFACE="ppp0" (guessing, whatever your internet connection is)
IPADDR="(whatever IP address your connection uses)"
ANYWHERE="any/0" (everywhere on the net)

I got these right from a script I made on that site I mentioned.  Try them, substituting whatever values you need.

Hope this helps.
0
 

Expert Comment

by:Magician
ID: 2655813
Haven't used IP_MASQ_RADIO module.
0
 

Author Comment

by:htj
ID: 2659764
bought meself a hardware firewall instead but thanks anyhow.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question