#!/bin/bash #*********************************************************************** #* #* voip_ck - check voip ports version 2.1 #* #* Verify ports used by ekiga are open on pc and accessible #* through pc firewall and modem. #* Verify DiamondCard SIP servers have not blacklisted your WAN ip. #* #* Uses nc from netcat-openbsd rpm to test port connections #* wget from wget rpm, #* pkill from procps rpm, #* netstat from net-tools rpm, and #* dig from bind-utils rpm to check sip.diamondcard.us servers. #* #* If you are not going to be using the ports, and it is not marked required #* free to remove the line from the port_ary. #* #* Do change _registar="sip.diamondcard.us" to your VOIP carrier #* #* #* If behind NAT router, read #* http://wiki.ekiga.org/index.php/Ekiga_behind_a_NAT_router #* #* #* Required /etc/shorewall/rules snippet follows: #* #* # ekiga UDP Through NAT (STUN) ports #* ACCEPT $FW net udp 3478:3479 #* ACCEPT net $FW udp 3478:3479 #* #* # ekiga incomming SIP VoIP, Windows Messenger ports #* ACCEPT $FW net udp 5000:5100 #* ACCEPT net $FW udp 5000:5100 #* #* # ekiga RTP #* ACCEPT net $FW udp 7070 #* ACCEPT net $FW udp 16382 #* #* # ekiga incomming H.323, Netmeeting ports #* ACCEPT net $FW tcp 1720 #* ACCEPT $FW net tcp 1720 #* ACCEPT $FW net tcp 30000:30010 #* ACCEPT net $fw tcp 30000:30010 #* #* #*********************************************************************** set -u export LC_ALL=C _exe=$0 _app=$(basename $_exe) _dport=0 declare -a _errors=("") _fault_flg=0 _fault_msg="" _ipv_mode="-4" ix=0 _lan_ip="" _msg="" _nc_app="nc" _pkt_sw="" _pkt="-u" _registar="sip.diamondcard.us" _required="" _rpm="" _servers="" _servers_ip="" _sport=38564 _svr_fn=$HOME/tmp/$_app.log _target="$_lan_ip" _test="" _test_msg="" _test_type="" _wan_ip="" declare -a port_ary=( "3478 udp mandatory Outgoing STUN for SIP (phone calls) and RTP (video)." "3479 udp mandatory Outgoing STUN for calls and video." "5060 udp required SIP listen port for incoming SIP signaling." "5000 udp required SIP SIP signaling range 5000-5100." "5100 udp required SIP end of SIP 5000-5100 and H.323 gatekeepers range." "5004 udp required RTP Incoming traffic from the other end. Often 5004, 7070, 16382." "7070 udp required RTP Incoming traffic from the other end. Often 5004, 7070, 16382." "16382 udp required RTP is the IETF standard used to transport audio and video. " "1720 tcp optionial H.323 Listening port for H.323 gatekeepers (Netmeeting)." "30000 tcp optionial H.245 channel for old H.323 implementations (Netmeeting). " "30010 tcp optionial H.245 end of 30000-30010 range (Netmeeting)." ) function port_test () { _fault_flg=0 _errors=("") if [ "$_test_type" = "LAN" ] ; then _test_msg="pc firewall" _target="$_lan_ip" else _test_msg="router firewall" _target="$_wan_ip" fi echo " " echo "Testing $_test_type $_target ports" i=0 while [ $i -ne ${#port_ary[ ]} ] ; do set -- $(echo ${port_ary[$i]}) _dport=$1 _pkt=$2 _required=$3 shift 3 _test="$@" if [ "$_pkt" = "udp" ] ; then _pkt_sw="-u" else _pkt_sw="" fi _test_args="$_ipv_mode -s $_sport $_pkt_sw -w 3 $_target" rm -f $_svr_fn /bin/echo -n "$_required $_pkt port $_dport " _msg="$_test_type $_test_msg port ${port_ary[$i]}" $_nc_app $_ipv_mode -l $_pkt_sw $_dport > $_svr_fn 2>&1 & /bin/echo "$_msg" |$_nc_app $_test_args $_dport _count=$(grep -c "$_msg" $_svr_fn) if [ $_count -eq 0 ] ; then /bin/echo " FAILED" (( _fault_flg++ )) _errors+=("") _errors+=("$_required $_test_type $_pkt $_dport FAILED") _errors+=("$_test") _errors+=("") _errors+=("Sent: $_msg ") _errors+=("Received: $(cat $_svr_fn )") _errors+=("") _errors+=("Run netstat | grep $_dport") _errors+=("if you have port in use errors.") else /bin/echo " passed" fi (( i++ )) done /bin/echo " " } # end function port_test #********************************** #* main code start here #********************************** #********************************** #* Verify needed apps are installed #********************************** _apps="pkill nc wget dig hostname netstat /bin/echo" for _app in $_apps ; do type $_app > /dev/null 2>&1 if [ $? -ne 0 ] ; then _errors+=("unable to find $_app") (( _fault_flg++ )) fi done if [ $_fault_flg -gt 0 ] ; then echo " $_exe fatal error:" for ix in ${!_errors[*]} ; do printf " %s\n" "${_errors[$ix]}" done echo "Please install missing application " exit 1 fi _lan_ip=$(hostname --ip-address) _wan_ip=$(wget -qO - http://myip.dnsomatic.com/) mkdir -p $HOME/tmp set -- $(type nc) _nc_app=$3 pkill -u $USER -f $_nc_app > /dev/null 2>&1 #************************************************** #* check LAN pc firewall then WAN router ports #************************************************** echo " Testing LAN PC firewall, WAN Router ports and Registar sip server connectivity " for _test_type in LAN WAN ; do port_test if [ $_fault_flg -ne 0 ] ; then break fi done pkill -u $USER -f $_nc_app > /dev/null 2>&1 sleep 1 echo "ignore any Terminated \$_nc_app \$_ipv_mode .... messages " if [ $_fault_flg -gt 0 ] ; then if [ ${#_errors[*]} -gt 0 ] ; then echo "$_exe fatal error:" for ix in ${!_errors[*]} ; do printf " %s\n" "${_errors[$ix]}" done echo " Solution:" if [ "$_test_type" = "LAN" ] ; then echo "Open FAILED port in $_test_type's firewall" echo "Allow ip/app in $_target's /etc/hosts.allow or" echo "Remove ip/app in $_target's /etc/hosts.deny" echo "if you are using tcpwrappers and modified those files" else echo "Open and forward FAILED port to LAN $_lan_ip" echo "in the $_test_type's router" fi fi echo " Clear all port FAILED failures to finish $_exe testing. Assuming you did not get any nc: errors; LAN port failures are a PC firewall problem. Maybe /etc/hosts.(allow | deny) if you are using them. WAN failures are a ROUTER firewall problem and you need to open/forward ports to your LAN pc For any questions about ports/router, refer to http://wiki.ekiga.org/index.php/Manual#Using_Ekiga_with_routers_and_firewalls If you get $_nc_app argument error, then you do not have a compatible netcat-openbsd $_nc_app application. " exit 1 fi echo " Testing sip servers by ip then by name. " #************************************************* #* get registar's sip udp server and ip address #************************************************* while read -r line; do set -- $line _servers="$_servers $4" set -- $(host $4) _servers_ip="$_servers_ip $4" done < <((dig +short _sip._udp.$_registar SRV)) #********************************************* #* ping by ip then by name #********************************************* for _serv in $_servers_ip $_servers ; do _cmd="ping -c1 -w2 $_serv" /bin/echo -n "$_cmd" $_cmd > /dev/null 2>&1 if [ $? -ne 0 ] ; then /bin/echo " FAILED" (( _fault_flg++ )) else /bin/echo " passed" fi done /bin/rm $_svr_fn if [ $_fault_flg -ne 0 ] ; then echo " If one sip server FAILED and the other passed, then I am betting your WAN ip ($_wan_ip) has been blacklisted. You get blacklisted after X number of failed connection attempts. You will need to contact diamond to clear it from their blacklist. http://wiki.diamondcard.us/BlockdIp Repeated server pings can also get you blacklisted. :( " else echo " Yay, if all tests passed, that indicates echo test should work. You may want to consider running something like audacity to check microphone input and on what device before setting it in Ekiga preferences. Assuming you have the account configured correctly. I had to remove the Ekiga account, on one ekiga release, to get my diamond account working. My Account settings: Name: sip.diamondcard.us Registrar: sip.diamondcard.us User and Authentication user are both the same value. My Audio-> codec preference order had to be PCMU PCMA Speex All others not selected. I have not done any video call testing. " fi #****************** end voip_ck *********************************************