[Ekiga-list] looking for a working shorewall configuration
Emmanuel Favre-Nicolin
manouchk at gmail.com
Sun Dec 16 23:14:22 UTC 2007
Le dimanche 16 décembre 2007, Fabrice ALPHONSO a écrit :
> Le dimanche 16 décembre 2007 à 14:58 +0100, Damien Sandras a écrit :
> > > > I would use 5000:5100, ports have changed when Ekiga 2.00 has been
> > > > released.
> > >
> > > Oops...
> > >
> > > this was the config that i had at my father's place, which isn't used
> > > since some times, but used to work before.
> > >
> > > So you mean, that a single line
> > > DNAT:debug:GM net loc:XXX.XXX.XXX.XXX udp 5000:5100
> > > would be enough ?
> >
> > I think so...
>
> Ok, thanks ;-)
>
> modified in my shorewall rules.
>
> Fabrice
I used to have only :
net all DROP info
all all REJECT info
I added a new line in the policy :
fw net ACCEPT
Now, a call to 500 at ekiga.net works pretty well! (and also calling with my
diamondcard account)
It was not very clear that I "needed" (maybe not necessary) this policy or
that my rules wasn't sufficient:
# ekiga
ACCEPT fw net udp 5000:5100
ACCEPT net fw udp 5000:5100
ACCEPT fw net udp 3478:3479
ACCEPT net fw udp 3478:3479
ACCEPT net fw tcp 1720
ACCEPT fw net tcp 1720
Well, they are not sufficient at all and it was not very clear from what I
read about ekiga. I may have miss the information though or maybe everyone is
using a policy that accept all connection from fw to net.
More information about the ekiga-list
mailing list