Google

Release Notes: RealAudio Systems and Firewalls

The RealAudio Firewall Proxy Kit

Purpose

The RealAudio Firewall Proxy Kit allows firewall administrators to create a proxy that is compatible with RealAudio. The Firewall Proxy Kit contains "reference code" which, depending upon your firewall host's operating system, will require varying degrees of modification. The reference code has been demonstrated to work under FreeBSD and Linux.

Installing the Proxy Kit Files

All of the RealAudio Firewall Proxy Kit files are included in the this distribution:

readme.txt         Text file with instructions for installing the RealAudio Firewall Proxy Kit

Makefile           Makefile to build proxies

raloadinit.c       Used for initializing /etc/raproxy.lock (not needed for normal usage)   

raproxy.c          Reference code for application-level proxy

raproxy.h          Header file for application-level proxy

raproxy.man        Man page for setting up raproxy with TIS fwtk

raproxy.txt        Text instructions for setting up raproxy with TIS fwtk

raproxy.pdf        Application-Level Proxy specification document

tproxy.c           Reference code for transparent proxy

tproxy.h           Header file for transparent proxy

tproxy.pdf         Transparent Proxy specification document

index.html         Index to HTML pages provided -- start with this page if your browser supports frames

contents.html      Contents HTML page used if your browser supports frames

about.html         Introductory HTML page

advanced.html      Information on advanced firewall features

moreinfo.html      Sources of more information on firewalls

generic.html       Information on generic packet-filtering firewalls

player.html        Information on cofiguring a RealAudio Player to work with firewalls

thrdprty.html      Information on third party firewall vendors

usekit.html        Information on using the RealAudio Firewall Proxy Kit





The two proxy specification documents are in Adobe Acrobat PDF file format. These documents provide a complete technical specification of the RealAudio Firewall Proxy Protocol. To view these documents you will need an Adobe Acrobat viewer, available for free from the Adobe web site . (This link requires an Internet connection.)

raproxy

raproxy is the application-level proxy. raproxy is meant as a reference implementation for those writing firewall software.

raproxy can also be used with other firewall software, such as the TIS Firewall Toolkit (fwtk) to provide a means for people inside of a firewall to use RealAudio. The RealAudio proxy is only a proxy. It does not do any authentication at all. So, in order to implement IP-level authentication, you must use tools such as netacl(1), a tool that comes with Trusted Information Systems Firewall Toolkit, available from:

ftp://ftp.tis.com/pub/firewalls/toolkit/fwtk-v1.3.tar.Z

Install the toolkit as per the instructions in the accompanying README file and in the documentation archive found at:

ftp://ftp.tis.com/pub/firewalls/toolkit/fwtk-doc-only.tar.Z

Once you have installed the toolkit, you will need to compile the RealAudio proxy. You may wish to edit the Makefile to customize the proxy for your system. After you have done this, you can type the following command at the shell prompt:

# make raproxy

This will compile the RealAudio proxy, creating a file called ``raproxy''. You then need to copy this file into /usr/local/libexec (or another appropriate directory):

# cp raproxy /usr/local/libexec

The RealAudio proxy will need a name in your /etc/services file for inetd to reference it. To name the service, you need to add the RealAudio proxy protocol (named ``pn-raproxy'' here) as a protocol in your /etc/services file:

pn-raproxy 1090/tcp #Progressive Networks' RealAudio Proxy

The RealAudio proxy will depend on netacl to screen connection requests. In order to have netacl listen for the ``pn-raproxy'' service, you will also need to add it in your /etc/inetd.conf

# RealAudio Proxy pn-raproxy stream tcp nowait root /usr/local/etc/netacl pn-raproxy

netacl needs to know how to handle requests made for the ``pn-raproxy'' service, and who should be allowed to use the proxy. For example, to configure netacl to permit all users coming from 10.0.154.* to use raproxy, you need to add the following lines to your /usr/local/etc/netperm-table:

# RealAudio Proxy netacl-pn-raproxy: permit-hosts 10.0.154.* -exec /usr/local/libexec/raproxy

At this point, you should be able to send a HUP signal to your inetd daemon. From a shell prompt:

# ps -auxw | grep inetd root 96 0.0 1.0 224 300 ?? Is Thu10AM 0:00.46 inetd # kill -HUP 96 #

You should now be able to use the RealAudio proxy server.

tproxy

tproxy is a reference implementation for a transparent proxy. This is meant as a reference implementation for those writing firewall software.

NOTE: tproxy is not immediately useful for firewall administrators who wish to provide RealAudio Player access to users inside a firewall. For those that want an immediate solution for supporting RealAudio Player, please use raproxy.

Continue to Advanced Firewall Configuration


Table of Contents

Copyright © Progressive Networks, 1995, 1996. All rights reserved. RealAudio is a registered trademark of Progressive Networks, Inc.