MediaBase is a collection of multimedia and hypertext that allows users to select and play videos using their Web browser. The Gauntlet Firewall includes a MediaBase proxy that securely handles outside user requests to view video data on a MediaBase server inside the firewall. This proxy also allows users inside the firewall to access MediaBase servers on outside networks.
This chapter explains the concepts behind the MediaBase proxy and how it works.
 | Note: For additional information on setting up the Gauntlet firewall for MediaBase, see “Configuring a MediaBase Proxy for the Gauntlet Internet Firewall” in the WebFORCE MediaBase Administrator's Guide. |
The Gauntlet MediaBase proxy is an application level proxy that provides configurable access control. The proxy, which runs on the firewall, passes MediaBase client and server requests through the firewall, using rules that you supply. You can configure the MediaBase proxy to allow connections based on:
source host name
source IP address
destination host name
destination IP address
Using these options, you can configure the firewall to allow MediaBase clients on the inside network to access MediaBase servers on the outside network. You can also limit the MediaBase sites your users can access from machines on the inside network.
Used together, these access controls and log files give you much more control over the MediaBase connections to and from your system than you would have without the firewall.
The firewall runs the MediaBase proxy (mbase-gw) as a daemon listening for requests on a series of ports: ports 6301, 6309, 6310, 6312, and 6313 handle control information; ports 6320 through 6323 and 6340 handle data information. When the firewall receives requests for those ports, the MediaBase proxy checks its configuration information (in the netperm-table file) and determines whether the initiating client has permission to use MediaBase. If the client has permission, the proxy logs the transaction and passes the request to the appropriate host.
The mbase-gw daemon is always active. This daemon requires that MediaBase players also be configured to use a proxy.
The default policy allows clients inside the network to connect to MediaBase servers; it does not allow outside clients such access, however. Because the firewall runs the MediaBase proxy on all MediaBase ports, all requests from outside clients access the MediaBase proxy rather than the server. This configuration prohibits running a MediaBase server on the firewall itself—there is no way to start a MediaBase server to accept such requests.
Configuring the Gauntlet firewall involves planning, indicating which servers may be accessed, and configuring the MediaBase proxy to enforce your policy.
When planning MediaBase prosy settings:
Determine which MediaBase servers your users need to access. Obtain hostname or IP address for each server.
For each user, determine whether you want to limit access to a particular server.
Determine which external hosts can use these services.
Determine which internal hosts can use these services.
To configure MediaBase proxy settings:
From within the Gauntlet Firewall Manager, select Services.
Click the MediaBase tab.
The MediaBase window displays.
Configure the MediaBase proxy settings:
Source Address
IP addresses of hosts from which connections can originate. Specifies single hosts, entire networks, or subnets. Specify by IP address or hostname. The wildcard * is valid in hostnames.
MediaBase Server
IP addresses of the host to which the proxy connects. Specifies single hosts, entire networks, or subnets. Specify by IP address or hostname. The wildcard * is valid.
To enable the MediaBase proxy:
In the MediaBase window, make sure MediaBase service is enabled.
Add the MediaBase configuration to the service groups you want to use the MediaBase proxy.
Before existing the Gauntlet Firewall Manager, save and apply your changes.
The firewall enables the MediaBase proxy.
Users must set up the client-side configuration files to enable the MediaBase client to communicate with a MediaBase firewall proxy.