NAME
    raproxy - RealAudio application-level firewall proxy version 2.0b2

DESCRIPTION
    raproxy is a reference implementation of a firewall proxy. Its primary
    function is to serve as a reference for people writing RealAudio
    firewall proxies, but it may also be used in conjunction with security
    software such as the TIS Firewall Toolkit (fwtk) to allow access to
    RealAudio servers through a firewall.

Setting Up Proxy with TIS Firewall Tookit
    The RealAudio proxy is only a proxy. It does not do any authentication
    at all. So, in order to implement IP-level authentication, you must use
    tools such as netacl(1), a tool that comes with Trusted Information
    Systems Firewall Toolkit, available from:

          ftp://ftp.tis.com/pub/firewalls/toolkit/fwtk-v1.3.tar.Z


    Install the toolkit as per the instructions in the accompanying README
    file and in the documentation archive found at:

          ftp://ftp.tis.com/pub/firewalls/toolkit/fwtk-doc-only.tar.Z


    Once you have installed the toolkit, you will need to compile the
    RealAudio proxy. You may wish to edit the Makefile to customize the
    proxy for your system. After you have done this, you can type the
    following command at the shell prompt:

          # make raproxy


    This will compile the RealAudio proxy, creating a file called "raproxy".
    You then need to copy this file into /usr/local/libexec (or another
    appropriate directory):

          # cp raproxy /usr/local/libexec


    The RealAudio proxy will need a name in your /etc/services file for
    inetd to reference it. To name the service, you need to add the
    RealAudio proxy protocol (named "pn-raproxy" here) as a protocol in your
    /etc/services file:

          pn-raproxy         1090/tcp   #Progressive Networks' RealAudio Proxy


    The RealAudio proxy will depend on netacl to screen connection requests.
    In order to have netacl listen for the "pn-raproxy" service, you will
    also need to add it in your /etc/inetd.conf

          # RealAudio Proxy
          pn-raproxy stream  tcp     nowait  root    /usr/local/etc/netacl   pn-raproxy


    netacl needs to know how to handle requests made for the "pn-raproxy"
    service, and who should be allowed to use the proxy. For example, to
    configure netacl to permit all users coming from 10.0.154.* to use
    raproxy, you need to add the following lines to your
    /usr/local/etc/netperm-table:

          # RealAudio Proxy
          netacl-pn-raproxy: permit-hosts 10.0.154.* -exec /usr/local/libexec/raproxy


    At this point, you should be able to send a HUP signal to your inetd
    daemon. From a shell prompt:

          # ps -auxw | grep inetd
          root        96  0.0  1.0   224  300  ??  Is   Thu10AM    0:00.46 inetd
          # kill -HUP 96
          #


    You should now be able to use RealAudio as a proxy server.

