internet radio and firewall

Discuss Networking
Post Reply
worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

internet radio and firewall

Post by worker201 »

Awhile back, after a lot of fooling around, I finally got xmms to play Shoutcast streams (.pls audio files). Now that I have this firewall installed (Firestarter), xmms cannot get through. Opening a port just won't do, because most stations pick their broadcast ports seemingly at random.

What I need to do is figure out some way to let xmms get out and do what it needs to do. Which probably means giving xmms control of the firewall (sounds risky), or setting up a proxy server (whatever that means), or something else I haven't thought of. No one at the shoutcast forums seems to know, and the xmms documentation/forums is unhelpful. I attempted to contact the Firestarter discussion group, but they have not responded yet. I figured somebody here might be able to steer me right.

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Well, the Firestarter user list has proven unhelpful, as they have not answered my extraordinarily polite requests for assistance.

So I was thinking that maybe a proxy server? xmms knows how to use a proxy server to connect to audio streams. Unfortunately, I'm not entirely sure what a proxy server is. I looked at some docs on tlpd, and read all the FAQs for squid, but I am still not sure if this is the right solution or not. Anyone?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I'm not quite sure I understand what problem you are having. Do you have a machine dedicated to being a firewall and have machines behind it that are not working or do you have the machine you are trying to use xmms on directly attached to the Internet? Are you blocking all outbound connections? xmms should not have a problem if you are not. Guess I need an example to see if I can duplicate your problem.

As far as proxy servers go, Squid is the best that I know of. I use it and have used it for years both at home and for many things at work. It's easy to set up. I have a HOWTO on setting it up to block ads but you can skip the adzapper part:

http://voidmain.is-a-geek.net/redhat/za ... apper.html

worker201
guru
guru
Posts: 668
Joined: Sun Jun 13, 2004 6:38 pm
Location: Hawaii

Post by worker201 »

Actually, the (software) firewall was blocking all outgoing traffic, except for the ports I had opened. After reading your post, it occured to me that this was kinda pointless. The default setup for Firestarter is to have outgoing traffic be permissive by default, and policy was stuff that was to be blocked. I had it set for restrictive, and policy was stuff that was allowed. Permissive makes much more sense!

With permissive outbound traffic, xmms is fine with streaming.

Actually, now that I think about it, I can probably safely close the telnet and smtp ports on the incoming side, because those ports are only useful for outgoing traffic (unless I wanted to telnet in, which the hardware firewall of my LAN would prevent anyway.

Networking is a concept I have a hard time with. Sometimes, it seems so easy, and sometimes it seems so impossible, and then, with little warning, things that were clear become muddled, and things that were complex become simple. I guess this is one of the latter cases.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Yeah, normally you want to block all "inbound" connections (unless you have a web server or something, but it's best to have that in a DMZ). Blocking "outbound" connections actually is not a bad idea for security reasons and to prevent viruses and worms on your machines from infecting others, or sending your personal information out should your machines get infected by something. But you really have to understand what you are doing. I actually only restrict a few outbound ports but I really should be more restrictive than I am, just that I'm lazy. :) For instance, I block all outbound port 80 traffic. I do this because I want to force all of my internal machines to have to go through my proxy server to get out. I can force authentication and restrict access to the internet in my proxy configuration.

Post Reply