[AG-TECH] Fedora/Linux iptables for AG

Fred Dech fdech at uchicago.edu
Fri Jul 9 10:39:29 CDT 2004 

hmmm.

after my email, i started staring bleary-eyed at the iptables man pages
and the RH9 reference manual and a couple on-line tutorials and
figured out how to block a Range of ports:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
that helped alot.

isn't the lo equivalent to accepting loopbacks?
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT

in any case, i haven't really done a bonafide test of my audio yet, so
i'll test it before i add the 224.0.0.0 range ACCEPT and let y'all know
that it doesn't work, since Ti understands these things a wee bit better
than i do.

i'm still trying to get my Osprey100 cards to show up in videoProducer.
as was posted on the list, i am focusing my Hacking:
/usr/lib/python2.3/site-packages/AccessGrid/Platform/unix/Config.py

--fred

On Fri, Jul 09, 2004 at 07:43AM, Ti Leggett said:
> For one thing, rat requires a local multicast loopback to communicate.
> 
> So you'll need to allow either
> 
> iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
> 
> or
> 
> iptables -A OUTPUT -d 224.0.0.0/4 -j ACCEPT
> 
> or both possibly.
> 
> That's a first guess.
> 
> On Thu, 2004-07-08 at 17:45, Joshua M. Brown wrote:
> > Fred Dech wrote:
> > 
> > >speaking of firewalls...
> > >i repeatedly installed and uninstalled, etc., etc., the FC2 RPMs courtesy of
> > >http://osl.cpe.ku.ac.th
> > >and Sugree Phatanapherom yum instructions by way of Michael Miller.
> > >Thanks Sugree!
> > >but i could't even get a videoConsumer to run, let alone RAT.  huh?
> > >very frustrating, but no monitors broken ;^)
> > >
> > >as i was reading the XP firewall thread it dawned on me that the FedoraCore2
> > >firewall interface had been simplified to ON/OFF.  i disabled it and RAT
> > >came up and my videoConsumer started receiving streams...
> > >
> > >since i'd prefer to have a semblance of a firewall, i just have to learn
> > >how to set up iptables to allow the right range of tcp/udp ports access.
> > >  
> > >
> > i was wondering that kinda thing myself. i've not seen an enumeration of 
> > all ports (all, for whatever reason at any/all times) that AG uses. i 
> > spose i could analyze my traffic, but don't want to miss any "corner 
> > cases" that could trip it up.
> > 
> > Anyone have a list like that?
> > 
> > jmb
> > 
> > >i'd appreciate any pointers ;^)
> > >
> > >--fred
> > >
> > >  
> > >
> > 

-- 
  Fred Dech   fdech at uchicago.edu
  University of Chicago Dept. of Surgery
  Ph: (773) 834-8359, Fax: (773) 834-8140

More information about the ag-tech mailing list