Solved

ipfw and real audio

Posted on 2000-02-16
9
244 Views
Last Modified: 2013-12-15
I'm trying to set up ipfw on my rh 5.2 gateway but I'm having trouble with the real audio rules.

I know that there's a control channel on port 554. For this I have the following rules:
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 1024:65535 -D 0.0.0.0/0 554
ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 554-D 192.168.137.0/24 1024:65535

Now that seems to work fine as one would expect. The data channel seems to be somewhat harder to get right. The curios bit is that my setup works with http://www.groovetech.com/mkram.rxml?file=/encoder/gtaudio.rm without any problems. This is what I have for the data channel:

ipfwadm -a accept -W ppp0 -I -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P udp -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P udp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

and tcp:

ipfwadm -a accept -W ppp0 -I -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -F -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -O -P tcp -k -S 0.0.0.0/0 1024:65535 -D 192.168.137.0/24 6970:7170
ipfwadm -a accept -W eth0 -I -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -F -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170
ipfwadm -a accept -W ppp0 -O -P tcp -S 192.168.137.0/24 6970:7170 -D 0.0.0.0/0 6770:7170

The log shows the following:

IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=4681 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=6217 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1284 216.178.153.82:7070 L=44 S=0x00 I=8521 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=14921 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=15433 F=0x0040 T=127
IP fw-fwd rej ppp0 TCP 192.168.137.1:1290 208.147.89.168:7070 L=44 S=0x00 I=17737 F=0x0040 T=127

I'm not running masq as I have the entire 192.168.137.0 subnet for myself. I'm not sure the port ranges for the data channel are correct and there's surprisingly little documentation about this around.

Any ideas?
0
Comment
Question by:htj
  • 5
  • 3
9 Comments
 

Author Comment

by:htj
ID: 2553867
Adjusted points to 140
0
 

Author Comment

by:htj
ID: 2586755
Adjusted points to 195
0
 

Author Comment

by:htj
ID: 2595425
Adjusted points to 205
0
 

Author Comment

by:htj
ID: 2615017
Adjusted points from 205 to 235
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Expert Comment

by:Magician
ID: 2642764
If you go to the following website:
http://www.linux-firewall-tools.com/linux/firewall/index.html

This is exactly what I used to setup my firewall/IPMASQ.  I configured it to allow Real Audio, and it works.

Hope this helps.
0
 
LVL 2

Expert Comment

by:mapc
ID: 2645694
Have you tried the ip_masq_radio kernel module?
0
 

Accepted Solution

by:
Magician earned 235 total points
ID: 2655811
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971

ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 554 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 554

    # TCP is a more secure method:  7070:7071

    ipfwadm -I -a ACCEPT -P tcp  -k -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE 7070:7071 \
            -D $IPADDR $UNPRIVPORTS

    ipfwadm -O -a ACCEPT -P tcp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR $UNPRIVPORTS \
            -D $ANYWHERE 7070:7071

    # UDP is the preferred method:  6970:6999
    # For LAN machines, UDP requires the RealAudio masquerading module and
    # the ipmasqadm third-party software.

    ipfwadm -I -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $ANYWHERE $UNPRIVPORTS \
            -D $IPADDR 6970:6999

    ipfwadm -O -a ACCEPT -P udp   -W $EXTERNAL_INTERFACE \
            -S $IPADDR 6970:6999 \
            -D $ANYWHERE $UNPRIVPORTS

UNPRIVPORTS="1024:65535"
EXTERNAL_INTERFACE="ppp0" (guessing, whatever your internet connection is)
IPADDR="(whatever IP address your connection uses)"
ANYWHERE="any/0" (everywhere on the net)

I got these right from a script I made on that site I mentioned.  Try them, substituting whatever values you need.

Hope this helps.
0
 

Expert Comment

by:Magician
ID: 2655813
Haven't used IP_MASQ_RADIO module.
0
 

Author Comment

by:htj
ID: 2659764
bought meself a hardware firewall instead but thanks anyhow.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now