RE: [Sheflug] RTSP / Real Media Clients / Firewalls/ Proxies

[Seb James <seb [at] xxxxxxxxxxxxxxxxxxxxxx>]

On Fri, 2004-01-30 at 09:58, Dawson, Alan wrote:
> > -----Original Message-----
> > From: Barrie Bremner [mailto:baz-sheflug [at] barriebremner.com]
> 
> > Assuming that the firewall is masquarading, inbound traffic is coming
> > in on eth1 and the client is behind the firewall:
> > 
> > iptables -A INPUT   -i eth1 -m state --state NEW,INVALID -j DROP
> > iptables -A FORWARD -i eth1 -m state --state 
> > RELATED,ESTABLISHED -j ACCEPT
> 
> That would masquerade all traffic though, 
> So for example when a Student installs there own smtp server they can spam
> the whole world through our connection
> ..  I'd like something more refined.
> 

Although not exactly related, there's a good discussion of streaming
media behind a NAT firewall on the gnomemeeting web site, which may be
of help:

http://www.gnomemeeting.org/index.php?rub=3&pos=0&faqpage=x269.html

Cheers,

Seb James

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.