[GnomeMeeting-list] RE: GnomeMeeting-list digest, Vol 1 #434 - 10 msgs



Hi,
I am wondering how Yahoo messenger can work behind NAT.
I am wondering how realplayer works behind NAT.
They both use UDP and the quality is good.


sincerely
 
jeff
 
 My Mutualphone IT number: 1234618
http://www.mutualphone.com
 
U&M Network ,Canada
 
 

-----Original Message-----
From: gnomemeeting-list-admin gnome org
[mailto:gnomemeeting-list-admin gnome org] On Behalf Of
gnomemeeting-list-request gnome org
Sent: 2002119 13:00
To: gnomemeeting-list gnome org
Subject: GnomeMeeting-list digest, Vol 1 #434 - 10 msgs

Send GnomeMeeting-list mailing list submissions to
	gnomemeeting-list gnome org

To subscribe or unsubscribe via the World Wide Web, visit
	http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
or, via email, send a message with subject or body 'help' to
	gnomemeeting-list-request gnome org

You can reach the person managing the list at
	gnomemeeting-list-admin gnome org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of GnomeMeeting-list digest..."


Today's Topics:

   1. through NAT without _any_ forwarding - this seems to be possible!
(=?iso-8859-1?q?Rafa=B3?= Kleger-Rudomin)
   2. Re: Audio controls question (Stefan Bruens)
   3. Recipe for Netmeeting, NAT success (Marc Williams)
   4. Re: Help!! - ALSA crashes my Gnomemeeting (Damien Sandras)
   5. Re: through NAT without _any_ forwarding - this
       seems to be possible! (Damien Sandras)
   6. Re: Recipe for Netmeeting, NAT success (Damien Sandras)
   7. Re: through NAT without _any_ forwarding - this seems to be
possible! (=?iso-8859-1?q?Rafa=B3?= Kleger-Rudomin)
   8. Re: through NAT without _any_ forwarding - this
       seems to be possible! (Damien Sandras)

--__--__--

Message: 1
To: gnomemeeting-list gnome org
From: klakier pld org pl (=?iso-8859-1?q?Rafa=B3?= Kleger-Rudomin)
Date: 09 Nov 2002 02:41:36 +0100
Subject: [GnomeMeeting-list] through NAT without _any_ forwarding - this
seems to be possible!
Reply-To: gnomemeeting-list gnome org


Hello!

Last three months I've been trying to establish connection 
between me and my family (they are behind masquerading server). 
All solutions presented in FAQ are useless for me, bacause 
they requires cooperation from firewall admin. And if says 'no' 
or simply does not answer your mails, you can do nothing.

Anyway, seems that could work without support on firewall!

The current situation is as follows:
My family calls my IP using Netmeeting from behind firewall. 
After connection is established I receive video from them 
(I do not get audio but this is probably the problem with drivers 
on their side). They do not see/hear me.
TCP connections as well as UDP listens looks ok: 

tcp        0      0 62.195.51.124:30001     0.0.0.0:*
LISTEN      2277/gnomemeeting   
tcp        0      0 0.0.0.0:1720            0.0.0.0:*
LISTEN      2277/gnomemeeting   
tcp        0      0 62.195.51.124:1720      62.233.169.134:2707
ESTABLISHED 2277/gnomemeeting   
tcp        0      0 62.195.51.124:30001     62.233.169.134:2708
ESTABLISHED 2277/gnomemeeting   
udp        0      0 62.195.51.124:5000      0.0.0.0:*
2277/gnomemeeting   
udp        0      0 62.195.51.124:5001      0.0.0.0:*
2277/gnomemeeting   

And I receive UDP packets (of course - I get video stream),
e.g. excerpt from tcpdump:
01:14:53.235678 62.233.169.134.49606 > 62.195.51.124.5000: udp 274

The missing element is UDP transmission from my side:
01:14:52.775139 62.195.51.124.5000 > 10.4.3.30.49606: udp 180 (DF) [tos
0x30]
                                     ^^^^^^^^^^^^^^^
As one can expect, they go to nowhere (non-routable address).

If my gm sent the UDP packets back to 62.233.169.134.49606 then I
thing it could work: when the NATed machine X sends an UDP packet to
my host from port PX, the packet is retransmitted by masq router Y
from his port PY, but also linux masq code enables the return way
i.e. if I send a packet to Y on port PY, router should deliver it back
to X on port PX. This is feature of masq (though I read some article
where someone claims this is a hole).

I tried it recently: I opened UDP port 5000
# nc -l -u -p 5000 
my friend called me form behind masq:
# nc -u myIP 5000
and we established two-way communication.


The conclusion: in my case gm must use router's IP in outcoming 
UDP stream when replying to NATed machine. Can that really be so simple?

If so, how to try it? Is it easy to hack gm code to try it?

Best Regards,
Rafal

-- 
Rafa~ Kleger-Rudomin (klakier pld org pl)


--__--__--

Message: 2
From: Stefan Bruens <lurch gmx li>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] Audio controls question
Date: Sat, 9 Nov 2002 03:00:15 +0100
Reply-To: gnomemeeting-list gnome org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Donnerstag, 7. November 2002 16:13 schrieb Damien Sandras:
> Le jeu 07/11/2002 ?16:00, Marc Williams a crit :
> > What is the microphone slider control for?  Is it for actual volume
or
> > gain?  Or is it for a sort of squelch (silence detection)
adjustment?
> > I can't tell by playing with it.
>
> This is the microphone volume.

To be more exact, it is the volume for the "microphone to speaker
output" 
path.

Stefan
- -- 
Stefan Brns  /  Kastanienweg 6 - Zimmer 1206  /  52074 Aachen
mailto:lurch gmx li  http://www.kawo1.rwth-aachen.de/~lurchi/
      fax: +49-89-1488204565   phone: +49-160-7532733 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9zGw0b39KPYz+qlMRAmfhAJ9g1Wj7kV9DrI5jIU3U8J76IbcFJwCfT+ox
0aXE/yRoR3RYUolTTiYnntA=
=wEne
-----END PGP SIGNATURE-----



--__--__--

Message: 3
From: Marc Williams <marcw onlymooo com>
To: gnomemeeting list <gnomemeeting-list gnome org>
Date: 08 Nov 2002 22:23:09 -0600
Subject: [GnomeMeeting-list] Recipe for Netmeeting, NAT success
Reply-To: gnomemeeting-list gnome org

After much pulling of hair and gnashing of teeth, I finally have what
appears to be a successful and working LAN, NAT, Gatekeeper (gk),
Gnomemeeting (GM), and Netmeeting (NM) arrangement.  Please don't ask me
about the specifics of how to get any of these individual components
working.  Do what I did and read the manuals, FAQs, mailing lists, etc. 
Besides, I'm no expert.  An expert wouldn't have taken this long to get
them all working.  :)  If this doesn't work for you, too bad.  It works
for me, so I thought I'd share it in case it helps someone else.  Much
of what is covered here is redundant because it is covered elsewhere
(although I don't recall seeing UDP 1719 anywhere else).  Well, that may
be but there's probably not too many places that have it all under one
roof.  If you've got questions about the whole setup, fire away.  

Here is my situation:
	Home LAN
		6 Windows and 2 Linux clients
		1 Linux server
	Broadband Internet (~1.5Mbs down)
	Nexland Router (h.323 compatible)
	Generic switch

Here is what I wanted to be able to do:
1) Have any family member be able to call any other any family member
regardless of whether they used GM or NM.
2) Have any family member call any other GM or NM user on the internet.
3) Have any family member be able to _receive_ NM or GM calls from the
internet.

What follows is how I did it.  

1) I made sure that all my GM and NM clients could initiate and receive
LAN and internet calls directly and individually.  This meant opening up
certain ports on the router and directing them to the appropriate
clients as I tested them one by one.  The GM FAQ does a good job of
describing the GM side of things.  Google does a good job for NM.  :)

2) I built a gk and installed it on my server.  The one I built was
Openh323gk as suggested in the GM FAQ.  I tested the gk using LAN
clients first.  This way, I wouldn't have to worry about which ports to
have open, etc.  Once I was satisfied that the gk worked on the LAN, I
had some friends help me test operation between LAN clients and internet
clients.  This is where you have to make sure the right ports are open
and pointing to the right places.  See below.

3) All GM and NM clients, both LAN and internet that want to participate
in h.323 calls, must register to the gk.

4) The ports I opened up on the router all point to the server:
	TCP 1718-1731 (this might just need to be 1720)
	TCP 30000-30020
	UDP 5000-5010
	UDP 1719-1720 (this might just need to be 1719)
(this last one took awhile to find)

5) The gnugk.ini file I'm using (I don't care about t.120):

[Gatekeeper::Main]
Fourtytwo=42

[RoutedMode]
GKRouted=1
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
H245PortRange=30000-30010
Q931PortRange=30011-30020

[RasSvr::ARQFeatures]
CallUnregisteredEndpoints=1

[Proxy]
Enable=1
RTPPortRange=5000-5010

[GkStatus::Auth]
rule=allow

[Gatekeeper::Auth]
default=allow



I want to stress that this setup is _not_ the definitive or last word on
h.323 and gatekeepers.  Far from it.  I'm still learning more and more
each day.  I will likely be modifying things as I go.  But this seems to
work well for now in the limited testing I've done.

Notes:
I am using 2.0 of the gnugk.  I haven't quite figured out the syntax of
the CVS version of gnugk.ini 

There seems to be a bug in gnugk that prevents video from being sent
when a NM client calls a GM client.  All other combinations seem to
work.

Narrowband NM users will definitely need the instcodec.exe file
available form the GM FAQ.  This has nothing to do with the rest of this
note but I thought I'd throw it in anyway.  :)

I have to do some more testing to see about using "@" when calling
unregistered clients.

My gnugk.ini is pretty much wide open for now.  I think almost anyone
could register.  This is probably a security risk that I'll be
eventually tightening up.



--__--__--

Message: 4
Subject: Re: [GnomeMeeting-list] Help!! - ALSA crashes my Gnomemeeting
From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Date: 09 Nov 2002 09:20:29 +0100
Reply-To: gnomemeeting-list gnome org

Le sam 09/11/2002 =E0 01:05, Dennis Gilmore a =E9crit :
> Yeah  its a redhat 8.0 system  i am now using alsa rc3 no issues.  so
i
> think it is something that the alsa developers have done between rc3
and
> rc5  that is causing some sort of serious issue. =20

I forwarded a patch on the ml that could fix the problem yesterday. If
you have time to try it :)

Thanks anyway for the report :)
--=20
  _
 (o-      SANDRAS Damien
 //\     =20
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/




--__--__--

Message: 5
Subject: Re: [GnomeMeeting-list] through NAT without _any_ forwarding -
this
	seems to be possible!
From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Date: 09 Nov 2002 09:27:42 +0100
Reply-To: gnomemeeting-list gnome org

Le sam 09/11/2002 =E0 02:41, Rafa=B3 Kleger-Rudomin a =E9crit :
>=20
> Hello!

[...]

> I tried it recently: I opened UDP port 5000
> # nc -l -u -p 5000=20
> my friend called me form behind masq:
> # nc -u myIP 5000
> and we established two-way communication.
>=20
>=20
> The conclusion: in my case gm must use router's IP in outcoming=20
> UDP stream when replying to NATed machine. Can that really be so
simple?=20
> If so, how to try it? Is it easy to hack gm code to try it?
>=20

Not really. If you are NATTED, then GM can replace your NAT IP in the
packets by the IP of your router.

However, I"m 100% sure that Netmeeting doesn't work from behind a
firewall/NAT router. There is no way. Even if you put the IP of their
router instead of their natted IP in the packets, when their firewall
will receive the packets, it will not forward them to the internal
machine except if the audio/video connection was started from their
inside lan. But if the audio/video connection is started from your
machine, it will arrive to their router, and the packets will be
dropped. And you cannot really control who is starting the audio/video
connection. It doesn't depend of who is calling/called. That is
negotiated in the protocol.

I understand the admin doesn't want to make any effort to make NM work
from behind the firewall, because it would need to allow all imaginable
ports. They are all random in Netmeeting.



> Best Regards,
> Rafal
>=20
> --=20
> Rafa~ Kleger-Rudomin (klakier pld org pl)
>=20
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
--=20
  _
 (o-      SANDRAS Damien
 //\     =20
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/




--__--__--

Message: 6
Subject: Re: [GnomeMeeting-list] Recipe for Netmeeting, NAT success
From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Date: 09 Nov 2002 09:30:03 +0100
Reply-To: gnomemeeting-list gnome org

Thanks to have taken the time to share your experience. I'm sure your
mail will be useful to many people searching the archives.


Le sam 09/11/2002 =E0 05:23, Marc Williams a =E9crit :
> After much pulling of hair and gnashing of teeth, I finally have what
> appears to be a successful and working LAN, NAT, Gatekeeper (gk),
> Gnomemeeting (GM), and Netmeeting (NM) arrangement.  Please don't ask
me
> about the specifics of how to get any of these individual components
> working.  Do what I did and read the manuals, FAQs, mailing lists,
etc.=20
> Besides, I'm no expert.  An expert wouldn't have taken this long to
get
> them all working.  :)  If this doesn't work for you, too bad.  It
works
> for me, so I thought I'd share it in case it helps someone else.  Much
> of what is covered here is redundant because it is covered elsewhere
> (although I don't recall seeing UDP 1719 anywhere else).  Well, that
may
> be but there's probably not too many places that have it all under one
> roof.  If you've got questions about the whole setup, fire away. =20
>=20
> Here is my situation:
> 	Home LAN
> 		6 Windows and 2 Linux clients
> 		1 Linux server
> 	Broadband Internet (~1.5Mbs down)
> 	Nexland Router (h.323 compatible)
> 	Generic switch
>=20
> Here is what I wanted to be able to do:
> 1) Have any family member be able to call any other any family member
> regardless of whether they used GM or NM.
> 2) Have any family member call any other GM or NM user on the
internet.
> 3) Have any family member be able to _receive_ NM or GM calls from the
> internet.
>=20
> What follows is how I did it. =20
>=20
> 1) I made sure that all my GM and NM clients could initiate and
receive
> LAN and internet calls directly and individually.  This meant opening
up
> certain ports on the router and directing them to the appropriate
> clients as I tested them one by one.  The GM FAQ does a good job of
> describing the GM side of things.  Google does a good job for NM.  :)
>=20
> 2) I built a gk and installed it on my server.  The one I built was
> Openh323gk as suggested in the GM FAQ.  I tested the gk using LAN
> clients first.  This way, I wouldn't have to worry about which ports
to
> have open, etc.  Once I was satisfied that the gk worked on the LAN, I
> had some friends help me test operation between LAN clients and
internet
> clients.  This is where you have to make sure the right ports are open
> and pointing to the right places.  See below.
>=20
> 3) All GM and NM clients, both LAN and internet that want to
participate
> in h.323 calls, must register to the gk.
>=20
> 4) The ports I opened up on the router all point to the server:
> 	TCP 1718-1731 (this might just need to be 1720)
> 	TCP 30000-30020
> 	UDP 5000-5010
> 	UDP 1719-1720 (this might just need to be 1719)
> (this last one took awhile to find)
>=20
> 5) The gnugk.ini file I'm using (I don't care about t.120):
>=20
> [Gatekeeper::Main]
> Fourtytwo=3D42
>=20
> [RoutedMode]
> GKRouted=3D1
> AcceptUnregisteredCalls=3D1
> SupportNATedEndpoints=3D1
> H245PortRange=3D30000-30010
> Q931PortRange=3D30011-30020
>=20
> [RasSvr::ARQFeatures]
> CallUnregisteredEndpoints=3D1
>=20
> [Proxy]
> Enable=3D1
> RTPPortRange=3D5000-5010
>=20
> [GkStatus::Auth]
> rule=3Dallow
>=20
> [Gatekeeper::Auth]
> default=3Dallow
>=20
>=20
>=20
> I want to stress that this setup is _not_ the definitive or last word
on
> h.323 and gatekeepers.  Far from it.  I'm still learning more and more
> each day.  I will likely be modifying things as I go.  But this seems
to
> work well for now in the limited testing I've done.
>=20
> Notes:
> I am using 2.0 of the gnugk.  I haven't quite figured out the syntax
of
> the CVS version of gnugk.ini=20
>=20
> There seems to be a bug in gnugk that prevents video from being sent
> when a NM client calls a GM client.  All other combinations seem to
> work.
>=20
> Narrowband NM users will definitely need the instcodec.exe file
> available form the GM FAQ.  This has nothing to do with the rest of
this
> note but I thought I'd throw it in anyway.  :)
>=20
> I have to do some more testing to see about using "@" when calling
> unregistered clients.
>=20
> My gnugk.ini is pretty much wide open for now.  I think almost anyone
> could register.  This is probably a security risk that I'll be
> eventually tightening up.
>=20
>=20
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
--=20
  _
 (o-      SANDRAS Damien
 //\     =20
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/




--__--__--

Message: 7
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] through NAT without _any_ forwarding -
this seems to be possible!
From: klakier pld org pl (=?iso-8859-1?q?Rafa=B3?= Kleger-Rudomin)
Date: 09 Nov 2002 11:51:16 +0100
Reply-To: gnomemeeting-list gnome org

Damien Sandras <dsandras seconix com> writes:

[...]

> However, I"m 100% sure that Netmeeting doesn't work from behind a
> firewall/NAT router. There is no way. Even if you put the IP of their
> router instead of their natted IP in the packets, when their firewall
> will receive the packets, it will not forward them to the internal
> machine except if the audio/video connection was started from their
> inside lan. 

And this is the case - I always get UDP packets from NATed machine.

> But if the audio/video connection is started from your
> machine, it will arrive to their router, and the packets will be
> dropped. 

That's true.

> And you cannot really control who is starting the audio/video
> connection. It doesn't depend of who is calling/called. That is
> negotiated in the protocol.

I was called couple of times by clients that are behind NAT, both GM and
NM.
In all cases in I got audio/video from them. Conclusion: when NM/GM 
client calls other GM client, they always negotiate that the caller
initiates
all connections.
 
> I understand the admin doesn't want to make any effort to make NM work
> from behind the firewall, because it would need to allow all
imaginable
> ports. They are all random in Netmeeting.

I do not know what he want or not because he doesn't respond.

I can see that you are not very enthousiastic about my idea ;)
Is that because NM is the second endpoint? If it works, it is also 
solution for GM users.

I want to simply try it. Tell me please, can I change this address 
from GM code, or do I have to hack openh323? Where should is start?

Regards,
Rafal

-- 
Rafa~ Kleger-Rudomin (klakier pld org pl)


--__--__--

Message: 8
Subject: Re: [GnomeMeeting-list] through NAT without _any_ forwarding -
this
	seems to be possible!
From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Date: 09 Nov 2002 16:33:05 +0100
Reply-To: gnomemeeting-list gnome org

le sam 09-11-2002 =E0 11:51, Rafa=B3 Kleger-Rudomin a =E9crit :
> Damien Sandras <dsandras seconix com> writes:
>=20
>=20
> > And you cannot really control who is starting the audio/video
> > connection. It doesn't depend of who is calling/called. That is
> > negotiated in the protocol.
>=20
> I was called couple of times by clients that are behind NAT, both GM
and =
NM.
> In all cases in I got audio/video from them. Conclusion: when NM/GM=20
> client calls other GM client, they always negotiate that the caller
initi=
ates
> all connections.

[...]
I can assure you it is not the case.


> =20
> > I understand the admin doesn't want to make any effort to make NM
work
> > from behind the firewall, because it would need to allow all
imaginable
> > ports. They are all random in Netmeeting.
>=20
> I do not know what he want or not because he doesn't respond.
>=20
> I can see that you are not very enthousiastic about my idea ;)

Well, I'm not really enthousiastic to do it myself, because it is of no
use. It will only work from time to time, and not always.

> Is that because NM is the second endpoint? If it works, it is also=20
> solution for GM users.

I don't think it is a good solution, as there is no certitude it will
always work, even if you are called. Moreover, it is a hack for
misconfigured firewalls with Netmeeting behind. If you want to implement
it, then let's go, but I don't think it is very useful except in your
case where you will get 50% success.

>=20
> I want to simply try it. Tell me please, can I change this address=20
> from GM code, or do I have to hack openh323? Where should is start?
>=20

You have to hack first in openh323 (look how the current IP translation
is implemented), then you will have to hack in GnomeMeeting itself. It
is much work for a bad solution.

> Regards,
> Rafal
>=20
> --=20
> Rafa~ Kleger-Rudomin (klakier pld org pl)
>=20
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
--=20
Damien Sandras=20

GnomeMeeting - H.323 Video-Conferencing application -
  web:	http://www.gnomemeeting.org/
FOSDEM 2002  - Free Software and Open Source Developers Meeting -
  web:	http://www.fosdem.org/



--__--__--

_______________________________________________
GnomeMeeting-list mailing list
GnomeMeeting-list gnome org
http://mail.gnome.org/mailman/listinfo/gnomemeeting-list


End of GnomeMeeting-list Digest




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]