RE: ipfwadm syntax

Fri, 22 Dec 2000 04:52:59 -0800 

Terry, Drew is right - this is not something you can solve with ipfwadm,
and besides you can only forward a port to a *single* machine. 

Have you checked the archives? I'm willing to bet this has been answered
before, but Drew's rules look ok to me (I am not an expert though).

Sorry this is not much help, but I just wanted to tell you about ipfwadm.
 
charles

On Thu, 21 Dec 2000, Drew Hunt wrote:

> Does the server need to receive some kind of feedback, like an "I'm ready to
> receive" packet?  it appears as though this would be blocked, thus the
> transfer would never start.  I can guess at how to fix in ipchains, but I
> don't know anything about ipfwadm.  Maybe allowing outgoing packets to the
> stream server, or better yet, allowing all outgoing packets on the port and
> only accpepting requested responses on the receive side.  Would look
> something like this in ipchains:
> 
> # Set for streaming
> #Allow output for initiating stream
> ipchains -A output -i eth[x] -p tcp -s <local IP> 2000:2001 -d 0.0.0.0/0
> 2000:2001 -j ACCEPT
> #Accept stream response to initial request
> ipchains -A input -i eth[x] -p tcp -y ! -s 0.0.0.0/0 2000:2001 -d <local IP>
> 2000:2001 -j ACCEPT
> #Do not allow any random connection that was not initiated from here
> ipchains -A input -i eth[x] -p tcp -s 0.0.0.0/0 2000:2001 -d <local IP>
> 2000:2001 -j DENY
> 
> I forget the rules as to what order you have to accept and deny, so the deny
> line may be above the accept lines.  Check the docs on that one.
> 
> Drew
> [EMAIL PROTECTED]
>   -----Original Message-----
>   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Terry Williams
>   Sent: Thursday, December 21, 2000 5:11 PM
>   To: [EMAIL PROTECTED]
>   Subject: ipfwadm syntax
> 
> 
>   ok I'm using ipfwadm and I would like to open ports 2000-2001 so that I
> can
>   get streaming video on my windows machines
> 
>   the windows box is ip 192.168.100.2-5
> 
>   I've checked the docs but it confuses me more then I was before reading
> them
>   8)
>   I think the command should be:
> 
>   ipfwadm -F -a accept -b -P tcp -S 0/0 2000:2001 -D 192.168.100.0/2000:2001
> 
>   And that don't seem to work....   any help would be appreciated.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to