[Firehol-support] iChat AV with firehol

John Palkovic scientist at palkovic.org
Tue Dec 27 20:13:58 GMT 2005


Hello,

I'm trying to get (Mac OS X) iChat AV working with firehol. In particular, I
would like to do audio chat with some of my "buddies." The iChat client is a
mac client an my home LAN behind a debian linux firewall box. The firewall
is implemented with firehol. Here is a page describing what iChat AV needs
to have open on the firewall:

  http://docs.info.apple.com/article.html?artnum=93208

I'm wondering how to implement this with firehol. I presume I need to define
server and client ports as documented at firehol.sf.net under "Adding
Services." Here's what I have as a first shot. Any comments? I have yet to
test this with my buddy.

version 5
FIREHOL_LOG_MODE="ULOG"
HOME_IFACE="eth0"
PUB_IFACE="eth1"
PUB_SERVERS="http https smtp ssh"

# Service definitions
server_ichatav_ports="udp/5060 udp/188 udp/5190 tcp/5190 udp/5297 udp/5353 udp/5678 udp/16384:16403"
client_ichatav_ports="5060 188 5190 5220 5222 5297 5298 5353 5678 16384:16403"
interface eth0 home
	policy accept

interface eth1 internet
	# The default policy is DROP. You can be more polite with REJECT.
	# Prefer to be polite on your own clients to prevent timeouts.
	policy reject
	protection strong
	server "${PUB_SERVERS}" accept
	server ichatav accept src not "${UNROUTABLE_IPS}"
	client all accept

router i2h inface "${PUB_IFACE}" outface "${HOME_IFACE}"
	masquerade reverse
	server ichatav accept dst "${BT_CLIENT}"
	client all accept


-- 
"The whole problem with the world is that fools and fanatics are always so
certain of themselves, but wiser people so full of doubts."
-- Bertrand Russell




More information about the Firehol-support mailing list