network configuration problem

[Geoff Shang]

Hi:

If I understand you correctly, you want to be able to listen to shoutcast
servers and windows media servers via IP masquerading.  This works
already.  Perhaps windows media could work better (I'm not sure), but it
does work.  Shoutcast works fine already.  Realaudio works better with the
raudio ipmasq module, but it can work without it.  A lot of the time, you
can deal with this stuff pretty easily.  IP masquerading works fine without
modification for protocols where the replies come back on the same port
number as the requests.  This is how IP masquerading works in the first
place.  If it comes back on some other port, the firewall has no way of
knowing that that packet is meant for the windows machine.  But you can
deal with this.  If it's a simple matter of port forwarding, you can use
something like ipmasqadm to do this.  Here's a solution I used to enable
buddy phone:

ipmasqadm portfw -a -P udp -L `ipofif ppp0` 701 -R picard.home 701

Can't remember what the -a does, RTFM for ipmasqadm if you want to
know.  -p sets the protocol (tcp or udp).  -l sets the local IP
address.  In this case, I call a neat little script that obtains the IP
address of the specified interface.  This is just a shell script that comes
with debian's ipmasq package, so let me know if you want it.  -r is the
remote IP address, that is, the machine to which the port should be
forwarded, which is picard.home (the windows machine).  The 701 is the port
number.  So I'm saying here, please forward all UDP packets received on
port 701 of my PPP0 interface to my windows machine on the same port.

Geoff.


-- Geoff
Shang <gshang10 at scu.edu.au> ICQ number 43634701