Shorewall users - Feb 2003 - RTSP problems (and SNAT questions)

I am having problems making RTSP connections to a Windows Streaming Media
Server (ie "connecting to media...." but WMP never connects).  There
are no
error messages in /var/log/messages.  It was suggested to me that SNAT might
perform better than MASQ in this respect.

I edited my shorewall/masq file as such:
eth0      eth1     12.34.56.78
or should it be?
eth0      10.0.0.0/24     12.34.56.78

First, is this all that is necessary to properly start using SNAT?  I was
unsure whether I should use ADD_SNAT_ALIASES=yes also or instead or not.

Second, if I have ETH0_IP=`find_interface_address eth0` in my params file, I
can have
eth0      eth1     $ETH0_IP
in the masq file, correct?  The commented help in the params file
doesn''t
name masq as one of "the other configuration files."

Third, using SNAT didn''t seem to make any difference.  Any other
suggestions?

I''m trying to connect from a Windows PC through Shorewall 1.3.13, using
the
two-interface quick guide setup, iptables 1.2.6a, Redhat 8.0, kernel
2.4.18-24.8.0smp

Please let me know what other info I can provide for your help...

Thank you,

 -Toby

altcnc wrote:
> I am having problems making RTSP connections to a Windows Streaming Media
> Server (ie "connecting to media...." but WMP never connects). 
There are no
> error messages in /var/log/messages.  It was suggested to me that SNAT
might
> perform better than MASQ in this respect.
> 
> I edited my shorewall/masq file as such:
> eth0      eth1     12.34.56.78
> or should it be?
> eth0      10.0.0.0/24     12.34.56.78
> 
> First, is this all that is necessary to properly start using SNAT?  I was
> unsure whether I should use ADD_SNAT_ALIASES=yes also or instead or not.
> 
> Second, if I have ETH0_IP=`find_interface_address eth0` in my params file,
I
> can have
> eth0      eth1     $ETH0_IP
> in the masq file, correct?  The commented help in the params file
doesn''t
> name masq as one of "the other configuration files."
> 
> Third, using SNAT didn''t seem to make any difference.  Any other
> suggestions?
> 
> I''m trying to connect from a Windows PC through Shorewall 1.3.13,
using the
> two-interface quick guide setup, iptables 1.2.6a, Redhat 8.0, kernel
> 2.4.18-24.8.0smp
> 
> Please let me know what other info I can provide for your help...
> 
This is a known limitation -- from the NetFilter Patch-o-Matic
"Extras":
---------------------------------------------------------------------
This adds CONFIG_IP_NF_MMS: support for Microsoft Streaming Media
Services. This allows client (Windows Media Player) and server
to negotiate protocol (UDP, TCP) and port for the media stream.

A partially reverse engineered protocol analysis is available
from http://get.to/sdp, together with a link to a Linux client.

By default, the helper module tracks TCP traffic over port 1755
and adds the necessary UPD or TCP expectation. It is recommended
to also open UDP port 1755 to the server, as this port is used
for retransmission requests.

This helper has been tested in SNAT and DNAT setups.
----------------------------------------------------------------------
-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net