iptables rule for streaming

19/04/2008, 18h40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

With iptables, which are the rules to use to be able for streaming
(audio/video) protocol ?

Regards,
- --
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICiy75ChwvXmalbURAiHwAKCW0iTQ6AUtdDMgiffzPF S6PKNuPgCgx4lT
uAmfl7bOFDIfhbBezqrrU+M=
=uc4o
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

19/04/2008, 19h50

On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote:
> Hi,
>
> With iptables, which are the rules to use to be able for streaming
> (audio/video) protocol ?

You must give more details than this. What are you trying to achieve and
what is your current setup?

Regards,
Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICj2+qJyztHCFm9kRAhroAKCu47WVS4yAEYaxdb7kFz w6VXItpgCfadMq
/NakXGNYPBLx/6B90P8owpY=
=C3go
-----END PGP SIGNATURE-----

20/04/2008, 09h10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrei Popescu wrote:
> On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote:
>> Hi,
>>
>> With iptables, which are the rules to use to be able for streaming
>> (audio/video) protocol ?
>
> You must give more details than this. What are you trying to achieve and
> what is your current setup?
>
> Regards,
> Andrei

I'm writing the iptables rules for a machine, a desktop, so, on this
machine, the users can listen to streaming (like the BBC, or other
radios...). Therefore, I need to open the good ports to allow the use of
streaming. And I can't write this rule because I don't know the ports
used by streaming... And I believe that ports can be very different
depending on the radio.

- --
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICvlG5ChwvXmalbURAideAJ4pFAkU0tNQVfOJYucdvw 2hrr6tDACg/l46
xD3fmbF8c8Zc9z+T0SGOWJc=
=z6az
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

20/04/2008, 09h40

On Sun, Apr 20, 2008 at 10:05:26AM +0200, Shams Fantar wrote:

> I'm writing the iptables rules for a machine, a desktop, so, on this
> machine, the users can listen to streaming (like the BBC, or other
> radios...). Therefore, I need to open the good ports to allow the use of
> streaming. And I can't write this rule because I don't know the ports
> used by streaming... And I believe that ports can be very different
> depending on the radio.

You only need to worry about it if you want to block *outgoing*
connections. I have a "DROP all incoming/ALLOW all outgoing" type setup
on my systems and I can listen to internet radio without problems (in
fact it runs almost 24/7).

Some people might consider my "ALLOW all outgoing" to be too lax, but I
am the only user and I only install programs from Debian sources.

Regards,
Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICwAXqJyztHCFm9kRAitzAKC50qzR/bzWJsrkQi0Q68ynC3et3ACguQmo
X9HT8/QbSl9ZtcScXkUSoJI=
=pA4M
-----END PGP SIGNATURE-----

20/04/2008, 13h10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrei Popescu wrote:
> On Sun, Apr 20, 2008 at 10:05:26AM +0200, Shams Fantar wrote:
>
>> I'm writing the iptables rules for a machine, a desktop, so, on this
>> machine, the users can listen to streaming (like the BBC, or other
>> radios...). Therefore, I need to open the good ports to allow the use of
>> streaming. And I can't write this rule because I don't know the ports
>> used by streaming... And I believe that ports can be very different
>> depending on the radio.
>
> You only need to worry about it if you want to block *outgoing*
> connections. I have a "DROP all incoming/ALLOW all outgoing" type setup
> on my systems and I can listen to internet radio without problems (in
> fact it runs almost 24/7).
>
> Some people might consider my "ALLOW all outgoing" to be too lax, but I
> am the only user and I only install programs from Debian sources.
>
> Regards,
> Andrei

That works ! Thanks for your answers. ;-)

The solution is :

iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT

- --
Shams Fantar (Website : http://snurf.info)
My public GPG Key : http://snurf.info/sfantar.gpg
« A book is like a garden carried in the pocket. »
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICzEF5ChwvXmalbURAoTDAJ93ORyzJ1Z3n9bWz3BaXK SmbtWdDQCglO4d
9zAf2ey3Zwfn7gnE9ZWYn3o=
=Sm9T
-----END PGP SIGNATURE-----

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

20/04/2008, 13h30

On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote:
> Hi,
>
> With iptables, which are the rules to use to be able for streaming
> (audio/video) protocol ?

Have a look at shorewall. You will need to know the ports the streaming
protocol uses.

--
Chris.
======
"One, with God, is always a majority, but many a martyr has been burned
at the stake while the votes were being counted." -- Thomas B. Reed

--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

19/04/2008, 18h40	#1
Shams Fantar Messages: n/a Hébergeur:	iptables rule for streaming -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, With iptables, which are the rules to use to be able for streaming (audio/video) protocol ? Regards, - -- Shams Fantar (Website : http://snurf.info) My public GPG Key : http://snurf.info/sfantar.gpg « A book is like a garden carried in the pocket. » -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFICiy75ChwvXmalbURAiHwAKCW0iTQ6AUtdDMgiffzPF S6PKNuPgCgx4lT uAmfl7bOFDIfhbBezqrrU+M= =uc4o -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

19/04/2008, 19h50	#2
Andrei Popescu Messages: n/a Hébergeur:	Re: iptables rule for streaming On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote: > Hi, > > With iptables, which are the rules to use to be able for streaming > (audio/video) protocol ? You must give more details than this. What are you trying to achieve and what is your current setup? Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFICj2+qJyztHCFm9kRAhroAKCu47WVS4yAEYaxdb7kFz w6VXItpgCfadMq /NakXGNYPBLx/6B90P8owpY= =C3go -----END PGP SIGNATURE-----

20/04/2008, 09h10	#3
Shams Fantar Messages: n/a Hébergeur:	Re: iptables rule for streaming -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei Popescu wrote: > On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote: >> Hi, >> >> With iptables, which are the rules to use to be able for streaming >> (audio/video) protocol ? > > You must give more details than this. What are you trying to achieve and > what is your current setup? > > Regards, > Andrei I'm writing the iptables rules for a machine, a desktop, so, on this machine, the users can listen to streaming (like the BBC, or other radios...). Therefore, I need to open the good ports to allow the use of streaming. And I can't write this rule because I don't know the ports used by streaming... And I believe that ports can be very different depending on the radio. - -- Shams Fantar (Website : http://snurf.info) My public GPG Key : http://snurf.info/sfantar.gpg « A book is like a garden carried in the pocket. » -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFICvlG5ChwvXmalbURAideAJ4pFAkU0tNQVfOJYucdvw 2hrr6tDACg/l46 xD3fmbF8c8Zc9z+T0SGOWJc= =z6az -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

20/04/2008, 09h40	#4
Andrei Popescu Messages: n/a Hébergeur:	Re: iptables rule for streaming On Sun, Apr 20, 2008 at 10:05:26AM +0200, Shams Fantar wrote: > I'm writing the iptables rules for a machine, a desktop, so, on this > machine, the users can listen to streaming (like the BBC, or other > radios...). Therefore, I need to open the good ports to allow the use of > streaming. And I can't write this rule because I don't know the ports > used by streaming... And I believe that ports can be very different > depending on the radio. You only need to worry about it if you want to block outgoing connections. I have a "DROP all incoming/ALLOW all outgoing" type setup on my systems and I can listen to internet radio without problems (in fact it runs almost 24/7). Some people might consider my "ALLOW all outgoing" to be too lax, but I am the only user and I only install programs from Debian sources. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFICwAXqJyztHCFm9kRAitzAKC50qzR/bzWJsrkQi0Q68ynC3et3ACguQmo X9HT8/QbSl9ZtcScXkUSoJI= =pA4M -----END PGP SIGNATURE-----

20/04/2008, 13h10	#5
Shams Fantar Messages: n/a Hébergeur:	Re: iptables rule for streaming -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei Popescu wrote: > On Sun, Apr 20, 2008 at 10:05:26AM +0200, Shams Fantar wrote: > >> I'm writing the iptables rules for a machine, a desktop, so, on this >> machine, the users can listen to streaming (like the BBC, or other >> radios...). Therefore, I need to open the good ports to allow the use of >> streaming. And I can't write this rule because I don't know the ports >> used by streaming... And I believe that ports can be very different >> depending on the radio. > > You only need to worry about it if you want to block outgoing > connections. I have a "DROP all incoming/ALLOW all outgoing" type setup > on my systems and I can listen to internet radio without problems (in > fact it runs almost 24/7). > > Some people might consider my "ALLOW all outgoing" to be too lax, but I > am the only user and I only install programs from Debian sources. > > Regards, > Andrei That works ! Thanks for your answers. ;-) The solution is : iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT - -- Shams Fantar (Website : http://snurf.info) My public GPG Key : http://snurf.info/sfantar.gpg « A book is like a garden carried in the pocket. » -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFICzEF5ChwvXmalbURAoTDAJ93ORyzJ1Z3n9bWz3BaXK SmbtWdDQCglO4d 9zAf2ey3Zwfn7gnE9ZWYn3o= =Sm9T -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

20/04/2008, 13h30	#6
Chris Bannister Messages: n/a Hébergeur:	Re: iptables rule for streaming On Sat, Apr 19, 2008 at 07:32:43PM +0200, Shams Fantar wrote: > Hi, > > With iptables, which are the rules to use to be able for streaming > (audio/video) protocol ? Have a look at shorewall. You will need to know the ports the streaming protocol uses. -- Chris. ====== "One, with God, is always a majority, but many a martyr has been burned at the stake while the votes were being counted." -- Thomas B. Reed -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email