LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-07-2011, 06:58 PM   #1
TheOneKEA
Member
 
Registered: Oct 2003
Location: Somewhere in Surrey
Distribution: Debian GNU/Linux 7.4.0 (amd64) w/kernel 3.13.0
Posts: 279

Rep: Reputation: 30
Question Setting up netfilter/iptables to allow Apple FaceTime-enabled phone calls w/iPhone 4


I am currently stuck with a nonfunctional Apple FaceTime setup on my iPhone 4 because I am unable to get the firewall rules on my Linux-based firewall set up correctly. I have read the article at http://support.apple.com/kb/ht4245 but it doesn't tell me very much, except for the port numbers themselves. My firewall is a fairly extensive one that uses SNAT to allow multiple internal devices to share a single public IPv4 address.

Here are the rules that I currently have in the filter table (my iPhone 4 uses the address 192.168.1.12):

Code:
Chain tcp_fwd_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
Code:
Chain tcp_fwd_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW,RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5223 state NEW,RELATED,ESTABLISHED
Code:
Chain udp_fwd_in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.12        udp dpts:3478:3497 state NEW helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.12        udp dpts:16384:16403 state NEW helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.12        udp spts:3478:3497 state NEW helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.1.12        udp spts:16384:16403 state NEW helper match "sip"
Code:
Chain udp_fwd_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       192.168.1.12         0.0.0.0/0           udp dpts:3478:3497 state NEW,RELATED,ESTABLISHED helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       192.168.1.12         0.0.0.0/0           udp dpts:16384:16403 state NEW,RELATED,ESTABLISHED helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       192.168.1.12         0.0.0.0/0           udp spts:3478:3497 state NEW,RELATED,ESTABLISHED helper match "sip" 
    0     0 ACCEPT     udp  --  *      *       192.168.1.12         0.0.0.0/0           udp spts:16384:16403 state NEW,RELATED,ESTABLISHED helper match "sip"
And here are the rules in the nat table (I have the SIP conntrack and NAT helpers loaded in lsmod when my firewall is set up):

Code:
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:3478:3497 to:192.168.1.12 
    0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:16384:16403 to:192.168.1.12 
    0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spts:3478:3497 to:192.168.1.12 
    0     0 DNAT       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spts:16384:16403 to:192.168.1.12
Has anyone else solved the FaceTime firewall problem with netfilter/iptables?
 
  


Reply

Tags
apple, facetime, iphone, iptables, netfilter


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -5. The time now is 07:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration