On Tue, 2005-02-08 at 01:01, varun_saa@xxxxxxxx wrote: > Hello, > I want my firewall to allow Net2phone. > > A visit to http://web.net2phone.com/consumer/commcenter/helpfirewall.asp > states that you need to open up at least three ports: > tcp 80 - tcp 6800 - udp 6801. > > One should use INPUT or FORWARD rule ? Depends on where is your net2phone client. If it is *NOT* on your firewall, use FORWARD I visited the net2phone link, your forward rules should be # Following two rules would allow log in, # maintaining online status, and instant messaging -A FORWARD -s internal_ne_ips -d relay.net2phone.com -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A FORWARD -s relay.net2phone -p tcp --sport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Following two rules would allow voice packets to go out -A FORWARD -s internal_net_ips tcp --sport 6800 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A FORWARD -s internal_net_ips -p udp --sport 6801 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Following two rules would allow voice packets to get in -A FORWARD -d external_ip tcp --dport 6800 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A FORWARD -d external_ip -p udp --dport 6801 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT Above rules can be made more restrictive ! Enjoy firewalling. Mohammad -- "Mad cow? You'd be mad too, if someone was trying to eat you."
