[Firehol-support] iChat AV with firehol
John Palkovic
scientist at palkovic.org
Tue Dec 27 20:13:58 GMT 2005
Hello,
I'm trying to get (Mac OS X) iChat AV working with firehol. In particular, I
would like to do audio chat with some of my "buddies." The iChat client is a
mac client an my home LAN behind a debian linux firewall box. The firewall
is implemented with firehol. Here is a page describing what iChat AV needs
to have open on the firewall:
http://docs.info.apple.com/article.html?artnum=93208
I'm wondering how to implement this with firehol. I presume I need to define
server and client ports as documented at firehol.sf.net under "Adding
Services." Here's what I have as a first shot. Any comments? I have yet to
test this with my buddy.
version 5
FIREHOL_LOG_MODE="ULOG"
HOME_IFACE="eth0"
PUB_IFACE="eth1"
PUB_SERVERS="http https smtp ssh"
# Service definitions
server_ichatav_ports="udp/5060 udp/188 udp/5190 tcp/5190 udp/5297 udp/5353 udp/5678 udp/16384:16403"
client_ichatav_ports="5060 188 5190 5220 5222 5297 5298 5353 5678 16384:16403"
interface eth0 home
policy accept
interface eth1 internet
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy reject
protection strong
server "${PUB_SERVERS}" accept
server ichatav accept src not "${UNROUTABLE_IPS}"
client all accept
router i2h inface "${PUB_IFACE}" outface "${HOME_IFACE}"
masquerade reverse
server ichatav accept dst "${BT_CLIENT}"
client all accept
--
"The whole problem with the world is that fools and fanatics are always so
certain of themselves, but wiser people so full of doubts."
-- Bertrand Russell
More information about the Firehol-support
mailing list