From owner-freebsd-ipfw Mon May 8 10:42:21 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id 889C737BB51 for ; Mon, 8 May 2000 10:42:10 -0700 (PDT) (envelope-from brennan@offwhite.net) Received: from localhost (brennan@localhost) by home.offwhite.net (8.9.1/8.9.3) with ESMTP id MAA81199; Mon, 8 May 2000 12:42:05 -0500 (CDT) Date: Mon, 8 May 2000 12:42:05 -0500 (CDT) From: Brennan W Stehling To: Erik Salander Cc: freebsd-ipfw@freebsd.org Subject: Re: udp for quicktime In-Reply-To: <3916F95A.F01D7C33@whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for the help. Perhaps I will post the results on the list so that it could come up in a search response for someone later. Here are my ipfw rules now... 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00650 allow udp from any to any 6970-6999 00655 allow tcp from any to any 554 65535 allow ip from any to any I went to quicktime->streaming transport and ran autoconfigure and it tells me that it cannot receive udp traffic. Is there something that I have to do to make new rules active? I even blocked port 80 for tcp yesterday and I was able to visit any website out there. It seems like the new rules do not take affect. I thought I was missing some kernel support, so I recompiled the kernel with these options... options MROUTING options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options "IPFIREWALL_VERBOSE_LIMIT=100" options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFILTER options IPFILTER_LOG options IPDIVERT Any ideas? Brennan Stehling - web developer and sys admin projects: www.greasydaemon.com | www.onmilwaukee.com | www.sncalumni.com Microsoft: Will you get a macro virus today? On Mon, 8 May 2000, Erik Salander wrote: > Brennan W Stehling wrote: > > > Can you show me a rules to do??? > > > > Open port 554 for RTSP/TCP data. > > Open ports 6970 through 6999 (inclusive) for RTP/UDP data. > > > > I do not see any examples fro opening anything but udp or tcp packets and > > then I am not sure how to open up a block of port numbers. > > > > Hi Brennan, > > I was hoping someone else would chime in about your general ipfw question... Is > it OK if we talk about this outside the mailing list? > > I see you have this rule for starters. > > ipfw add 650 allow udp from any to 192.168.1.3 > > Seems like it should be OK, actually overkill if you only need ports 6970-6999. > Are you using address translation (nat)? If so, the 192.168.1.3 address won't > yet be in the packet at the time of ipfw rule processing. A quick inspection of > the ipfw man page shows me that your original rule should be able to handle the > port ranges by doing this. > > ipfw add 650 allow udp from any to 192.168.1.3 6970-6999 > > How about if you try this for starters. > > ipfw add 650 allow udp from any to any 6970-6999 > > Might want to add a rule to allow tcp port 554 to get things working. Although > that might not be necessary since that's traffic that originates inside the > firewall. Let me know what you try and what happens. > > Erik > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message