Hello there, Webcam and Voice connections trough MSN doesn't use a fixed port. These negotiations are done in the payload, so iptables doesn't know about this new connection to treat is as related or established. You'll have to use an UPNP implementation for Linux. http://sourceforge.net/projects/linux-igd/ It will set up new iptables rules for each connection of voice or webcam. Regards, Alejandro Flores > Hello listmembers, > > I build myself a firewall on a gateway Suse 9.1 server > > eth0 = DSL(WAN) > eth1 = LAN > net-lan = 192.168.0.1/24 > > On the LAN 3 Windowsclients are talking to Internet via a switch. > > I can use Microsoft's MSN(chat) but using a webcam wont work. > > Here's a part listings of my firewall MSN rules: > > echo "MSN Messenger..." > iptables -t filter -A FORWARD -i $lan -o $wan -p tcp --dport 1863 -s $net_lan -j ACCEPT > iptables -t filter -A FORWARD -i $wan -o $lan -p tcp --sport 1863 -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -t filter -A FORWARD -i $lan -o $wan -p tcp --dport 443 -s $net_lan -j ACCEPT > iptables -t filter -A FORWARD -i $wan -o $lan -p tcp --sport 443 -m state --state ESTABLISHED,RELATED -d $net_lan -j ACCEPT > > Is a webcam using another TCP port? > >
