Date: Mon, 8 May 2000 12:42:05 -0500 (CDT) From: Brennan W Stehling <brennan@offwhite.net> To: Erik Salander <erik@whistle.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: udp for quicktime Message-ID: <Pine.BSF.4.10.10005081236150.77608-100000@home.offwhite.net> In-Reply-To: <3916F95A.F01D7C33@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the help. Perhaps I will post the results on the list so that it could come up in a search response for someone later. Here are my ipfw rules now... 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00650 allow udp from any to any 6970-6999 00655 allow tcp from any to any 554 65535 allow ip from any to any I went to quicktime->streaming transport and ran autoconfigure and it tells me that it cannot receive udp traffic. Is there something that I have to do to make new rules active? I even blocked port 80 for tcp yesterday and I was able to visit any website out there. It seems like the new rules do not take affect. I thought I was missing some kernel support, so I recompiled the kernel with these options... options MROUTING options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options "IPFIREWALL_VERBOSE_LIMIT=100" options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFILTER options IPFILTER_LOG options IPDIVERT Any ideas? Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com Microsoft: Will you get a macro virus today? On Mon, 8 May 2000, Erik Salander wrote: > Brennan W Stehling wrote: > > > Can you show me a rules to do??? > > > > Open port 554 for RTSP/TCP data. > > Open ports 6970 through 6999 (inclusive) for RTP/UDP data. > > > > I do not see any examples fro opening anything but udp or tcp packets and > > then I am not sure how to open up a block of port numbers. > > > > Hi Brennan, > > I was hoping someone else would chime in about your general ipfw question... Is > it OK if we talk about this outside the mailing list? > > I see you have this rule for starters. > > ipfw add 650 allow udp from any to 192.168.1.3 > > Seems like it should be OK, actually overkill if you only need ports 6970-6999. > Are you using address translation (nat)? If so, the 192.168.1.3 address won't > yet be in the packet at the time of ipfw rule processing. A quick inspection of > the ipfw man page shows me that your original rule should be able to handle the > port ranges by doing this. > > ipfw add 650 allow udp from any to 192.168.1.3 6970-6999 > > How about if you try this for starters. > > ipfw add 650 allow udp from any to any 6970-6999 > > Might want to add a rule to allow tcp port 554 to get things working. Although > that might not be necessary since that's traffic that originates inside the > firewall. Let me know what you try and what happens. > > Erik > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10005081236150.77608-100000>