/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
StOo :) [mailto:[EMAIL PROTECTED]] wrote:
> i have been trying to figure out how to get outgoing file
> transfers and voice calls etc working with MSN Messenger
> through my IPTABLES firewall..
> after searching around for a while i found the following
> information on the ports and protocols that MSN Messenger
> uses..
>
> ----------------------------
>
> "To configure your network for voice communications and file transfer
> Note: This is part of the Guide for Network Administrators. It is not
> intended for end users.
>
> This topic describes the settings that MSN Messenger Service uses for
> voice communications and file transfer. Perhaps they will be useful to
> you in configuring your firewall or proxy server.
>
> For voice communications MSN Messenger Service establishes an
> outgoing TCP connection from port 6901 for all voice
> communications.
>
> In the case of computer-to-computer communications, the call
> recipient also uses TCP port 6901.
>
> In the case of computer-to-phone communications, the TCP destination
> (Net2Phone) port is between 7801 and 7825.
>
> All voice traffic also uses UDP packets. The user's computer
> sends and receives UDP packets at port 6901.
>
> The Net2Phone service sends and receives UDP packets using
> ports 6801, 6901, and 2001 to 2120.
>
> For file transfer Both incoming and outgoing TCP connections
> use this range of ports: 6891 to 6900. This allows up to 10
> simultaneous file transfers per sender. If you open only Port
> 6891, users will be able to do only one file transfer at a time.
>
> The TCP ports need to be configured so that sockets on a port
> remain open for extended periods of time."
>
> ------------------------------
>
> unfortunately i am a total IPTABLES newbie, and i don't know
> what i need to add to my firewall script to get this stuff
> working..
>
> so.. if anyone can make some meaningful rules with this
> information, or even just give me an example and point me
> in the right direction, i would be eternally grateful..
Looks like you will need to add port forwarding to your script. In iptables
port forwarding is accomplished via the DNAT target. You can take a look at
my script (http://www.asgardsrealm.net/linux/firewall) as it handles port
forwarding. If you have any questions, just let me know.
Jamin W. Collins
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
