Re: [Ekiga-list] Account is no locked anymore. What to do?

[Csanyi Pal <csanyipal gmail com>]

On Sun, Aug 18, 2013 at 09:27:04AM -0500, junk_no_spam wrote:
> On 08/18/2013 08:34 AM, Csanyi Pal wrote:
> > On Sun, Aug 18, 2013 at 06:16:24AM -0500, junk_no_spam wrote:
>
> > I did that, and run again the voip_ck script.
>
> Ok, I am glad we're making progress.
>
> I really would like for you to give me the results of
> type rpm

~$ type rpm
rpm is /usr/bin/rpm

> Now to your problem.
>
> Looking at the log
> RTP UDP 16382  FAILED
>
> Sent:     LAN LAN port 16382 UDP RTP
> Received: LAN LAN port 16382 UDP RTP LAN UDP port 16382 UDP RTP is not open
>
> Would seem to indicate a pc blocking problem.
> Not fatal to your ekiga call out problem.
>
> Same for H.323 TCP 1720  FAILED
> I think that is for video conferencing/display
>
>
> Testing  WAN 95.85.141.89 ports
> STUN UDP 3478  FAILED
>
> That is fatal for ekiga phone calls and since it passed during the
> lan test I have to assume your router is not passing 3478 to the pc.
>
> I can not remember exact usage of the 50xx ports but pretty sure
> it is needed for voip calls.
>
>
> 7070 and 16382 are for RTP, not your basic voip calls.
>
> 300xx failures are also not needed for voip calls.
>
> Looking like router firewall problems.
> If you are running more than one pc on your lan, I would guess you would
> have to set your ekiga pc ip as static and have the router forward
> ekiga ports to it. Could be possible to use other features in router
> but I have very little experience with routing features.
>
> Snippet from my fios router follows:
>
>
>       H.323 Call Signaling
> TCP Any -> 1720
> TCP Any -> 1503
>
>
>       Destination Ports 3478-3479
> UDP Any -> 3478-3479
>
>
>       Destination Ports 5000-5100
> UDP Any -> 5000-5100
>
>
>       Destination Ports 7070,16382
> UDP Any -> 16382
> UDP Any -> 7070
>
>
>       Destination Ports 30000-30010
> TCP Any -> 30000-30010

I edited the Shorewall's rules file on the router/gateway PC Box and now
I have there followings: 

# ekiga
DNAT:debug:GM   net     loc:192.168.10.90       tcp     1720
DNAT:debug:GM   net     loc:192.168.10.90       tcp     1503
DNAT:debug:GM   net     loc:192.168.10.90       tcp     30000:30010
DNAT:debug:GM   net     loc:192.168.10.90       udp     5000:5016
DNAT:debug:GM   net     loc:192.168.10.90       udp     5020:5023
DNAT:debug:GM   net     loc:192.168.10.90       udp     5060:5100
DNAT:debug:GM   net     loc:192.168.10.90       udp     3478:3479
DNAT:debug:GM   net     loc:192.168.10.90       udp     7070
DNAT:debug:GM   net     loc:192.168.10.90       udp     16382

I edited the Shorewall's rules file on the desktop PC Box and now I have
there followings: 

# ekiga
# http://wiki.ekiga.org/index.php/Ekiga_behind_a_NAT_router

# ekiga incomming H.323, Netmeeting ports
ACCEPT<>net<--->$FW<--->tcp<--->1720
ACCEPT<>$FW<--->net<--->tcp<--->1720

# ??
ACCEPT<>net<--->$FW<--->tcp<--->1503
ACCEPT<>$FW<--->net<--->tcp<--->1503

# ??
ACCEPT<>net<--->$FW<--->tcp<--->30000:30010
ACCEPT<>$FW<--->net<--->tcp<--->30000:30010

# ??
ACCEPT<>$FW<--->net<--->udp<--->5000:5100
ACCEPT<>net<--->$FW<--->udp<--->5000:5100

# ekiga UDP Through NAT (STUN) ports
ACCEPT<>$FW<--->net<--->udp<--->3478:3479
ACCEPT<>net<--->$FW<--->udp<--->3478:3479

# ??
ACCEPT<>net<--->$FW<--->udp<--->7070
ACCEPT<>$FW<--->net<--->udp<--->7070

# ??
ACCEPT<>net<--->$FW<--->udp<--->16382
ACCEPT<>$FW<--->net<--->udp<--->16382

I restarted shorewall firewall on both systems ( gateway and desktop )
but still can't call from Ekiga a phone. I get message in the status
line: The remote device is offline.

However, I setup Linphone too for DiamondCard service and I can call a
phone number from Linphone.

> I am going to add fatal/nonfatal to my script. and hopefully get
> that rpm test to skip on Debian type installs if you give me the
>   type rpm
> results.

~$ type rpm
rpm is /usr/bin/rpm

-- 
Regards from Pal