Hi Togan, I tried the first suggestion you made and that seems to work! Thanks!!! I will try your second suggestion as well. Any advantage of the first versus the second approach? Also, the HDHomeRun TV tuner is sitting on my local network. I was wondering what the implications of trusting them were per your comment below? Can you shed some light on this concern? Thanks again! Vahe ----- Original Message ---- From: Togan Muftuoglu <toganm+suse@dinamizm.com> To: opensuse@opensuse.org Sent: Tue, April 6, 2010 12:23:11 AM Subject: Re: [opensuse] howto open firewall to all traffic to a host Vahe Avedissian wrote:
Hello Folks,
I am trying to get a SiliconDust internet TV card box to work with Opensuse 11.2, but am having firewall issues.
With the firewall turned off, the hdhomerun (Silicon dust software) configure will detect the TV tuner and return it's IP address and ID. With the firewall enabled the tuner is not detected as expected.
I tried opening up the necessary ports and services but thhat did not work and according to SiliconDust tech support the tuner uses random high port on the PC so it is not possible to firewall based on incoming ports. They suggest that I allow all traffic to/from the HDHomeRun's IP address.
My question is how to best do this? I could not find how to do this with yast. Do I need to directly edit iptables and if so, how?
You can enter HDHomeRun's IP address into FW_TRUSTED_NETS but then the question is can you realy trust them # Format: space separated list of network[,protocol[,port]] # in case of icmp, port means the icmp type # # Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22" # FW_TRUSTED_NETS="HDHomeRun's IP" Another option, though I do not think that can be done via Yast, is you can create a service "HDHomeRun" based on the /etc/sysconfig/SuSEfirewall2.d/services/TEMPLATE and here is the relevant part of the template. ### variables below are only needed in very special cases # space separated list of net,protocol[,sport[,dport]] # see FW_SERVICES_ACCEPT_RELATED_EXT # net 0/0 means IPv4 and IPv6. If this sevice should only work for # IPv4 use 0.0.0.0/0 RELATED="HDHomeRun's IP" This will open the ports that are related to your computers request Then you can add this service to your FW_CONFIGURATIONS_EXT="HDHomeRun" Hope this helps Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org