I set up rule to log whenever someone accesses a RealAudio server external
to my facility. The rule is like so:
Src Dest Service Log
Internal-Net Any Real-Audio Long
Now, when someone attempt to go to what I think is an older RealAudio
server, I get this sequence in my log:
Service Src Dst Proto Rule S_Port Info
7070 Int-Host RASrvr tcp rule 3400 len 44
7070 Int-Host RASrvr tcp 0 3400 reason:
tried to open udp service port, port 6970
Now I know a client tries to connect to a RASrvr using 7070 and that a
RASrvr should try to connect using UDP. And I believe rule 0 is coming into
play because of the raudio_prolog match in the Real-Audio service
definition.
This only seems to affect what Real calls pre-G2 servers. A post G2 server
that uses RTSP/RTP seems unaffected by this.
So my question is, if I'm allowing RealAudio connections out, why is FW-1
preventing it from continuing? It appears that FW-1 is killing it before it
even tries to pass it to the RA server. What, exactly, is trying to open
the UDP service port? Is FW-1 trying to open a UDP port for the return
traffic?
This is more for me since FW-1 seems to doing some black magic and I'm not
sure exactly why.
---------------------------------------------------------------------
Jason Gross
System Administration/Network Operations
United Space Alliance - Florida Operations
[EMAIL PROTECTED]
V: (321) 799-6601 F: (321) 799-5970
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
