The RealAudio Firewall Proxy Kit
PurposeThe RealAudio Firewall Proxy Kit allows firewall administrators to create a proxy that is compatible with RealAudio. The Firewall Proxy Kit contains "reference code" which, depending upon your firewall host's operating system, will require varying degrees of modification. The reference code has been demonstrated to work under FreeBSD and Linux.
Installing the Proxy Kit FilesAll of the RealAudio Firewall Proxy Kit files are included in the this distribution:
readme.txt Text file with instructions for installing the RealAudio Firewall Proxy Kit Makefile Makefile to build proxies raloadinit.c Used for initializing /etc/raproxy.lock (not needed for normal usage) raproxy.c Reference code for application-level proxy raproxy.h Header file for application-level proxy raproxy.man Man page for setting up raproxy with TIS fwtk raproxy.txt Text instructions for setting up raproxy with TIS fwtk raproxy.pdf Application-Level Proxy specification document tproxy.c Reference code for transparent proxy tproxy.h Header file for transparent proxy tproxy.pdf Transparent Proxy specification document index.html Index to HTML pages provided -- start with this page if your browser supports frames contents.html Contents HTML page used if your browser supports frames about.html Introductory HTML page advanced.html Information on advanced firewall features moreinfo.html Sources of more information on firewalls generic.html Information on generic packet-filtering firewalls player.html Information on cofiguring a RealAudio Player to work with firewalls thrdprty.html Information on third party firewall vendors usekit.html Information on using the RealAudio Firewall Proxy KitThe two proxy specification documents are in Adobe Acrobat PDF file format. These documents provide a complete technical specification of the RealAudio Firewall Proxy Protocol. To view these documents you will need an Adobe Acrobat viewer, available for free from the Adobe web site . (This link requires an Internet connection.)
raproxyraproxy is the application-level proxy. raproxy is meant as a reference implementation for those writing firewall software.
raproxy can also be used with other firewall software, such as the TIS Firewall Toolkit (fwtk) to provide a means for people inside of a firewall to use RealAudio. The RealAudio proxy is only a proxy. It does not do any authentication at all. So, in order to implement IP-level authentication, you must use tools such as netacl(1), a tool that comes with Trusted Information Systems Firewall Toolkit, available from:
Install the toolkit as per the instructions in the accompanying README file and in the documentation archive found at:
Once you have installed the toolkit, you will need to compile the RealAudio proxy. You may wish to edit the Makefile to customize the proxy for your system. After you have done this, you can type the following command at the shell prompt:
This will compile the RealAudio proxy, creating a file called ``raproxy''. You then need to copy this file into /usr/local/libexec (or another appropriate directory):
The RealAudio proxy will need a name in your /etc/services file for inetd to reference it. To name the service, you need to add the RealAudio proxy protocol (named ``pn-raproxy'' here) as a protocol in your /etc/services file:
The RealAudio proxy will depend on netacl to screen connection requests. In order to have netacl listen for the ``pn-raproxy'' service, you will also need to add it in your /etc/inetd.conf
netacl needs to know how to handle requests made for the ``pn-raproxy'' service, and who should be allowed to use the proxy. For example, to configure netacl to permit all users coming from 10.0.154.* to use raproxy, you need to add the following lines to your /usr/local/etc/netperm-table:
At this point, you should be able to send a HUP signal to your inetd daemon. From a shell prompt:
You should now be able to use the RealAudio proxy server.
tproxytproxy is a reference implementation for a transparent proxy. This is meant as a reference implementation for those writing firewall software.
NOTE: tproxy is not immediately useful for firewall administrators who wish to provide RealAudio Player access to users inside a firewall. For those that want an immediate solution for supporting RealAudio Player, please use raproxy.