sslug-teknik team mailing list archive

Thread
Date

iptables/voice chat

To: <sslug-teknik@xxxxxxxx>
From: "Preben Mikael Bohn" <preben@xxxxxxx>
Date: Mon, 30 Sep 2002 02:12:45 +0200 (CEST)
Delivered-to: mailing list sslug-teknik@xxxxxxxx
Importance: Normal
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm

Hej alle, jeg er igang med at se om jeg kan få TeamSound
(http://www.teamsound.com ) til at virke gennem min iptables firewall... I
teamsounds FAQ står der:

a)  the initial TCP connection and TCP data packets are sent from the TS
client to the TS server on TCP port 40000.  This can be adjusted using the
/CTCP=<value> command line switch on the client and the server.

b)  subsequent TCP data packets are sent from the TS server to the TS client
on TCP port 40001.  This can be adjusted using the /CTCP=<value> command line
switch on the client and the server.  This is translated as the CTCP value
plus one.

c)  outbound audio packets are sent from the TS client to the TS server on UDP
port 40011 for the first user, incrementing one UDP port for each connected
user.  This can be adjusted using the /SUDP=<value> command line switch on the
client and the server.

d)  inbound audio packets are sent from the TS server to the TS client on UDP
port 40002, 40003 and 40004 depending upon the preferences of the TS client. 
This can be adjusted using the /CUDP=<value> command line switch on the client
and the server.


Mit firewall-script ser sådan her ud:

# Clear chains
/etc/init.d/iptables stop

insmod ip_nat_ftp
insmod ip_conntrack_ftp

# Masgurade internet out on eht0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Disable NEW and INVALID incoming or forwardet packets from eth0
iptables -A INPUT
iptables -A INPUT -i eth0 -p TCP --dport 22   -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 25   -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 80   -j ACCEPT

iptables -A INPUT -i eth0 -p TCP --dport 113   -j LOG
iptables -A INPUT -i eth0 -p TCP --dport 113   -j REJECT

iptables -A INPUT -i eth0 -p TCP --dport 111 -j DROP
iptables -A INPUT -i eth0 -p UDP --dport 111 -j DROP
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j LOG
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP

iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP

# Gnome-meeting
iptables -A FORWARD -i eth0 -p TCP --dport 8080 -j DROP
iptables -A FORWARD -i eth0 -p TCP --dport 1024:65000 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p TCP --dport 1024:65000 -j DNAT --to
192.168.0.100
#
iptables -A FORWARD -i eth0 -p UDP --dport 8080 -j DROP
iptables -A FORWARD -i eth0 -p UDP --dport 1024:65000 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p UDP --dport 1024:65000 -j DNAT --to
192.168.0.100

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
  echo 1 > $f
done

Jeg gør sikkert et eller andet grueligt galt, for jeg kan intet høre når jeg
connecter til en anden der også kører TeamSound (det kan dog også være der
problemet er). Er der nogen der kan se om jeg har sat iptables ordenligt op?

Med venlig hilsen Preben