Re: Firewall and beacon

To: NLANR Multicast Beacon <beacon@dast.nlanr.net>
Subject: Re: Firewall and beacon
From: Mitch Kutzko <mitch@ncsa.uiuc.edu>
Date: Thu, 23 Sep 2004 13:32:52 -0500
Cc: "jehan.procaccia" <jehan.procaccia@int-evry.fr>
Content-type: text/plain; charset="us-ascii"
In-reply-to: <4153008C.3010102@int-evry.fr>
Reply-to: Mitch Kutzko <mitch@ncsa.uiuc.edu>
Sender: owner-beacon@dast.nlanr.net

Hi, Jehan -- I use pfilter to handle this for all the boxes I have the run
iptables.

	http://sourceforge.net/projects/pfilter/

pfilter is a perl-based front end to iptables that handles generating the
appropriate rulesets for you for iptables.  You just install the RPM,
specify the behavior you want in (by default) /etc/pfilter.conf, and
restart the pfilter service via "service pfilter restart", and you're all set.

The relevant lines from my /etc/pfilter.conf file are:

	OPEN    udp     10002   # v1.1 DAST Beacon traffic (RTP)
	OPEN    udp     10003   # v1.1 DAST Beacon traffic (RTCP)
	OPEN    tcp     10004   # v1.1 DAST Beacon traffic (TCP)

Hope this helps!

Mitch

PS - Nice writeup, BTW...

At 06:57 PM 9/23/2004 +0200, you wrote:
> hello
> I used to play with beacon 0.8.X and I really appreciate that you invest 
> in the developement of this beautiful tool !
> So I upgraded to 1.1, howerver I cannot figure out how to set my 
> localhost firewall to permit either my own central server and client 
> beacon clients to pass through correctly ( I mean fine tune the 
> firewall) :-(
> 
> I work on a fedora core 2 system (Thanks for the RPMS !) -> so firewall 
> is netfilter/iptables.
> I may also contribute myself to the project by writing a doc on the 
> fedora installation of a beacon client and server . It's available here:
> http://www.int-evry.fr/mci/user/procacci/Doc/Beacon/beacon.html
> 
> In this doc I mention the FAQ/info provided by nlanr about firewall 
> configuration in my section 1.5
> http://www.int-evry.fr/mci/user/procacci/Doc/Beacon/beacon.html#htoc9
> 
> Although theses settings works by restarting iptables while beacon 
> client&server are already running, the firewall needs to be stoped at 
> beacon client&server startup for the matrix to appear. (get initialized)
> clearly I need to stop the iptables firewall on both client&server , 
> then start them after matrix initialization, and it works. But if I 
> start the firewall first, the matrix (central loss for exemple) keeps 
> beeing empty :-(
> 
> I suppose I miss to allow in my iptable firewall the initial join in the 
> multicast group maybe ? or something else ?
> 
> as anyone configured correctly iptables to allow beacon client&server to 
> communicate ?
> 
> Thanks a lot.
> 
> PS: I'll correct my doc if I finally find out how to do it
> PS again: I played with more sofisticated iptables rules like the one 
> below , but no way :-( , should I continue with these kind of multicast 
> rules ?
> 
> -A RH-Firewall-1-INPUT -m pkttype --pkt-type multicast -d 233.157.159.11 
> -j ACCEPT
> 
> 
> 
--
Mitch Kutzko | mitch@dast.nlanr.net | mitch@ncsa.uiuc.edu | 217-333-1199
http://hobbes.ncsa.uiuc.edu/

Follow-Ups:
- Re: Firewall and beacon
  - From: "jehan.procaccia"

References:
- Firewall and beacon
  - From: "jehan.procaccia"

Prev by Date: Firewall and beacon
Next by Date: Re: Firewall and beacon
Previous by thread: Firewall and beacon
Next by thread: Re: Firewall and beacon

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index