[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] AudioGalaxy
This question keeps coming up, and I keep answering it, so you can do a search in the archives. Addressing Enno's point: just a dumb question... if you use rules like localnet -> any : tcp_high_ports accept localnet -> any : tcp_high_ports accept ... why are you running a firewall at all? I agree with him completely. AudioGalaxy is really a very simple protocol: 1. Satellite initiates a connection to the AudioGalaxy server on TCP port 21, so you need to allow outgoing TCP port 21. This is the control channel. 2. Over the control channel, you upload your current MP3 database, you are "authenticated", etc. 3. When a peer wants to download a file from you, the server will send you a message on the control channel. The message basically states "..xxx.xxx incoming on port 41xxx for file x.mp3". When you first start up a satellite, the satellite will use TCP port 41000 for incoming download requests, and will increase sequentially from there. Therefore, you need a range of ports open starting with 41000 and going up to the number of files you think you will upload before the satellite is restarted. For example, I open TCP port 41000 to 41500 incoming, but if I upload more than 500 files, I will either need to restart my satellite or open the firewall wider. Notice, this is for UPLOADs, not DOWNLOADs. For downloads, you will initiate a connection to somebody else's machine on 41000+, depending what the AudioGalaxy server assigns you. 4. Note! Even those these ports are open on the firewall, they are not opened on the satellite until the server requests them to be open for a certain IP address. If FW-1 understood AudioGalaxy, it would actually be able to open these ports for you dynamically. Until it does, this way will work, though is a bit less secure. ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|