Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] AudioGalaxy

To: [email protected]
Subject: Re: [FW-1] AudioGalaxy
From: Jason Borkowsky <[email protected]>
Date: Wed, 8 May 2002 13:48:44 -0400
Comments: To: [email protected], [email protected]
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

This question keeps coming up, and I keep answering it, so you can do a
search in the archives.

Addressing Enno's point:

just a dumb question... if you use rules like

localnet -> any : tcp_high_ports        accept
localnet -> any : tcp_high_ports        accept

... why are you running a firewall at all?


I agree with him completely. AudioGalaxy is really a very simple protocol:

1. Satellite initiates a connection to the AudioGalaxy server on TCP port
21, so you need to allow outgoing TCP port 21. This is the control channel.

2. Over the control channel, you upload your current MP3 database, you are
"authenticated", etc.

3. When a peer wants to download a file from you, the server will send you a
message on the control channel. The message basically states
"..xxx.xxx incoming on port 41xxx for file x.mp3". When you first
start up a satellite, the satellite will use TCP port 41000 for incoming
download requests, and will increase sequentially from there. Therefore, you
need a range of ports open starting with 41000 and going up to the number
of files you think you will upload before the satellite is restarted. For
example, I open TCP port 41000 to 41500 incoming, but if I upload more than
500 files, I will either need to restart my satellite or open the firewall
wider. Notice, this is for UPLOADs, not DOWNLOADs. For downloads, you will
initiate a connection to somebody else's machine on 41000+, depending what
the AudioGalaxy server assigns you.

4. Note! Even those these ports are open on the firewall, they are not
opened on the satellite until the server requests them to be open for a
certain IP address. If FW-1 understood AudioGalaxy, it would actually be
able to open these ports for you dynamically. Until it does, this way will
work, though is a bit less secure.

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] VPN vs Firewall - Your Thoughts
Next by Date: Re: [FW-1] fw-1-mailinglist,look,my beautiful girl friend
Previous by thread: Re: [FW-1] AudioGalaxy
Next by thread: [FW-1] Nokia/ netsod
Index(es):
- Date
- Thread