firewall allowances for MSN Messenger?

Emile Aben emileaben at yahoo.com
Thu Oct 28 08:20:06 PDT 2004 

Hi,

The setup below does allow MSN filetransfer / chat /
voice on a Fedora Core 2 box (eth0 in this case is the
internal network), at least in my case. I've noticed
problems when other people also use NAT/firewalls but
I've not put too much effort in troubleshooting that.

Emile

# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source 
             destination         
 399K  421M RH-Firewall-1-INPUT  all  --  any    any  
  anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source 
             destination         
4001K 2135M RH-Firewall-1-INPUT  all  --  any    any  
  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 280K packets, 50M bytes)
 pkts bytes target     prot opt in     out     source 
             destination         

Chain RH-Firewall-1-INPUT (2 references)
 pkts bytes target     prot opt in     out     source 
             destination         
31666 4805K ACCEPT     all  --  lo     any    
anywhere             anywhere            
2004K  321M ACCEPT     all  --  eth0   any    
anywhere             anywhere            
 1065 69274 ACCEPT     icmp --  any    any    
anywhere             anywhere            icmp any 
    0     0 ACCEPT     ipv6-crypt--  any    any    
anywhere             anywhere            
    0     0 ACCEPT     ipv6-auth--  any    any    
anywhere             anywhere            
2337K 2220M ACCEPT     all  --  any    any    
anywhere             anywhere            state
RELATED,ESTABLISHED 
25094   10M REJECT     all  --  any    any    
anywhere             anywhere            reject-with
icmp-host-prohibited 



--- "Paul G. Allen" <pgallen at randomlogic.com> wrote:

> Gregory K. Ruiz-Ade wrote:
> > Anyone know what the exact voodoo is for allowing
> MSN Messenger to do voice 
> > chat through a linux (iptables) firewall?
> > 
> 
> You won't like this answer. Open all your ports.
> 
> From what I've read in many places, MSN uses random
> UDP ports from 5004 - 65535 for voice. It uses
> random TCP ports for file transfer as well.
> 
> In a few places I've read 6891 - 6901 will allow
> voice and file transfers. I avoid anything MSN so I
> have no personal experience with it, only what I've
> found from research. I've also read the best
> solution is to use UPnP.
> 
> Here's a breakdown:
> 
> Voice Communications:
> - TCP 6901 out
> - UDP 6901 in and out
> 
> File Transfers:
> - TCP 6891-6900 in and out
> 
> Messaging:
> - TCP 1863 out 
> 
> PGA
> -- 
> Paul G. Allen
> Owner, Sr. Engineer, Security Specialist
> Random Logic/Dream Park
> www.randomlogic.com
> 
> 
> -- 
>   http://www.kernel-panic.org
>   list archives
> http://www.kernel-panic.org/cgi-bin/ezmlm-cgi?4
>   To unsubscribe, send a message to the address
> shown in the list-unsubscribe
>   header of this message.
> 
> 



		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail

More information about the KPLUG-List mailing list