At 23:21 2000-03-21, you wrote:
>Does anyone have the ipchains ruleset to allow Windows Media Player thru
>the FW?
Why not check it out yourself with tcpdump?
Or with ipchains itself:
ipchains -A input -p tcp -s $INSIDE -d $OUTSIDE -y -l -j ACCEPT
ipchains -A input -p tcp -s $INSIDE -d $OUTSIDE !-y -j ACCEPT
ipchains -A forward -p tcp -s $INSIDE -d $OUTSIDE -j ACCEPT
ipchains -A output -p tcp -s $INSIDE -d $OUTSIDE -j ACCEPT
ipchains -A input -p tcp -s $OUTSIDE -d $INSIDE -y -l -j ACCEPT
ipchains -A input -p tcp -s $OUTSIDE -d $INSIDE !-y -j ACCEPT
ipchains -A forward -p tcp -s $OUTSIDE -d $INSIDE -j ACCEPT
ipchains -A output -p tcp -s $OUTSIDE -d $INSIDE -j ACCEPT
This'll log each TCP packet with the SYN bit set coming in and out of the Linux box and headed for $INSIDE and $OUTSIDE -- maybe you could use 0/0 for both as well and make do with half the rules, I'm not sure. Repeat the above for UDP, removing the '-y' and '!-y' SYN bit indicators and you'll log all the UDP traffic as well (logging on the input rule is sufficient to give you all the information you want on the protocol characteristics, at least those that ipchains can handle).
HTH
Tobias Reckhard
secunet Security Networks AG
