Re: [scottish] Realplayer behind iptables firewall

Gavin McCord Wed, 21 Aug 2002 06:15:46 -0700

On Mon, 2002-08-19 at 23:23, Gavin McCord wrote:
> I'm trying to get Realplayer 8 for Linux working. It's behind an
> iptables-based firewall. It looks like I need to allow TCP access to
> ports 554 and 7070 and UDP on 6970 - 7170. I'm not having much success
> though. It doesn't mention port-forwarding, but I've tried that as well
> without any luck there either.
> 
> Anyone have any working firewall rules?
> 
> --
> gav
>


Solved it. My iptables rules were a bit back to front. Here's the
relevant parts of my firewall script for anyone interested.


IPADDR=                         IP address assigned by ISP
EXTERNAL_INTERFACE="ppp0"
LOCALNET="192.168.0.0/24"
ANYWHERE="any/0"
UNPRIVPORTS="1024:65535"

# Outgoing (established)
#-----------------------
$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -m state \
--state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -m state \
--state RELATED,ESTABLISHED -j ACCEPT

# Incoming (established)
#-----------------------
$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -m state --state \
    RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -m state --state \
    RELATED,ESTABLISHED -j ACCEPT

# Realplayer
#------------------
$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR --sport $UNPRIVPORTS \
-d $ANYWHERE --dport 554 -j ACCEPT

$IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -p tcp \
-s $LOCALNET --sport $UNPRIVPORTS \
-d $ANYWHERE --dport 554 -j ACCEPT

$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp \
-s $IPADDR --sport $UNPRIVPORTS \
-d $ANYWHERE --dport 7070:7071 -j ACCEPT

$IPTABLES -A FORWARD -o $EXTERNAL_INTERFACE -p tcp \
-s $LOCALNET --sport $UNPRIVPORTS \
-d $ANYWHERE --dport 7070:7071 -j ACCEPT


The above works for TCP access. If I want the faster UDP transport I set
a range of UDP ports (in this case 3030-3036) for use in the Realplayer
"Preferences/Transport" dialogue box, and add the following to my
script:

$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -p udp \
-s $ANYWHERE --sport $UNPRIVPORTS \
-d $IPADDR --dport 3030:3036 -j ACCEPT
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -p udp \
-s $ANYWHERE --sport $UNPRIVPORTS \
-d $LOCALNET --dport 3030:3036 -j ACCEPT

# Destination NAT -- (DNAT)
# -------------------------
$IPTABLES -t nat -A PREROUTING -p udp --dport 3030:3036 \
-j DNAT --to 192.168.0.3

The last forwards the udp ports to the machine I'm using Realplayer on,
in this case 192.168.0.3.

--
gav

--------------------------------------------------------------------
http://www.lug.org.uk                   http://www.linuxportal.co.uk
http://www.linuxjob.co.uk               http://www.linuxshop.co.uk
--------------------------------------------------------------------

Re: [scottish] Realplayer behind iptables firewall

Reply via email to