Yale,
#PC1 and PC2 all want to get the streaming video content(like MEDIA
PLAY,REAL
#VIDEO,QUICKTIME) from same internet website at the same time, as we all
know
#that the streaming video all use the UDP as the first choice to send back
#the streaming data,then two streaming data back to the NAT
NEVER open an inbound port unless you have to. Do the following instead
and all of your open ports will be outbound and RealAudio, RealAudio G2,
and Windows Media Player will work fine. I don't have any directions for
Quicktime but that should be easy to do as well.
Real Audio/RealAudio G2
On the firewall:
1. Create an outbound proxy and acl for TCP ports 7070-7071.
2. Create an outbound proxy and acl for TCP port 554.
Real Player 7
1. Go to View -> Preferences -> Transport.
2. Select 'Use Specified Transport.'
3. Click the 'RTSP Settings' button and select 'Use TCP to Connect to
Server.'
4. If 'Use HTTP Only' is selected then deselect it.
5. Click 'Ok.'
6. Click the 'PNA Settings' and select 'Use TCP to Connect to Server.'
7. If 'Use HTTP Only' is selected then deselect it.
8. Click 'Ok.'
9. DO NOT select 'Use Specific UDP Ports.' If it is already selected then
deselect it.
You will be using TCP ports 7070, 7071, and 554. This may be slightly
slower than normal because you are using TCP only instead of UDP.
Windows Media Player
On the firewall:
1. Creat an outbound proxy and ACL for TCP port 1755.
Windows Media Player software:
1. Go to View -> Options -> Advanced.
2. Highlight 'Streaming Media (Windows Media)' and hit change.
3. Under the Protocols header selct 'TCP' if there are any other options
selected in addition to 'TCP' then unselect the other options.
#Can firewall+NAT figure out which one is for PC1 and which one is for PC2?
#How could it realize,or what's the feature of the stateful inspection
#firewall +NAT could do this job?
This is what the state table does. It maps the firewall to external server
connection back to the internal client to firewall conection. If NAT could
not do this then it would be pretty worthless.
#Case2: situation is mostly same as CASE1,only the website is a
#security site(like banking)
#If PC1 and PC2 want to connect to a same security site,definitely they
will
#have the same external real ip address 12.2.2.1(assigned by NAT),Will that
#secrity site could figure out who is who and could let them login
correctly?
#Could NAT technology could sovle this kind of problem?
Ok, a unique socket consists of a source ip address, source port,
destination ip address, and destination port. The firewall to external
server connection WILL have a different source port for each connection.
This makes the connection unique. That is why you can establish several
telnet connections to the same server from your pc without your pc or the
server getting confused. The firewall doing NAT keeps a state table of the
socket for the connection between the internal client and the firewall and
the firewall and the external server.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
