Re: [Fwbuilder-discussion] rules for Windows Media
Brought to you by:
mikehorn
From: Claude J. <cla...@le...> - 2005-07-13 06:37:36
|
On Wed July 13 2005 1:32 am, Vadim Kurland wrote: > it sounds like you need to configure the firewall to permit Windows > Media streaming to the client behind the firewall. However, since you > say your machine is not a dedicated firewall, do you mean that you > somehow run Windows Media player on it ? > I play Windows Media files with mplayer and mplayerplug-in - I'm not running Windows Media per se > Anyway, check this url: > > http://www.microsoft.com/technet/prodtechnol/Netshow/deploy/ > fwconfig.mspx > > specifically, section "Server to Client Behind a Firewall" > Here are the relevant sections from that site - I found something similar on Microsoft's website, but much more confusing - But, I'm still confused: Streaming ASF with UDP Out: TCP on 1755 Out: UDP on 1755 In: UDP between port 1024-5000 (Only open the necessary number of ports.) For this section, above: I've created some service objects for UDP and TCP which I'm applying to the outside interface. First: I'm assuming that any Windows Media session initiated by a computer inside the firewall, on the lan, will be allowed by my Lan rule which permits everything out, and conversations based on the 'established' and 'related' rules - That is correct? Second: Taking the second line, above, I created a TCP service object with Source port range 1755:1755 and destination port range 0:0 and permitted that in both directions - to permit the TCP for the above second line, and for the second line of the group just below. (Streaming ASF with TCP group) - Here's where I get confused about the meaning of source and destination. Do source and destination mean different things depending on the direction of the packets? Third: Same problem as my second point - In the third line above, is 'source' port 1755 on my firewall machine, and is destination meant to be any? Fourth: Here's where I get real confused. I'm permitting UDP traffic in 'between port 1024-5000'. In this case I chose 2000:2015 - are these 'source' or 'destination'? The trouble I'm having is figuring out whether 'source' and 'destination' ports are names that are dependent on the direction of the traffic. Thanks, as always, for your help. I have read the manual several times, but I guess I'm having a mental block on the precise meaning of these descriptions. Streaming ASF with TCP In/Out: TCP on port 1755 Streaming ASF with HTTP In/Out: TCP on Port 80 -- Claude Jones Bluemont, VA, USA |