Re: [GnomeMeeting-list] GnomeMeeting 0.12.2 + h323 patch was OK but now ...

From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] GnomeMeeting 0.12.2 + h323 patch was OK but now ...
Date: 24 Nov 2002 11:43:36 +0100

I'm not a firewall expert. My advice is that you should try with the
iptables script found on gnomemeeting.org . It works for me, and for
many people. Then if you want stricter rules, you can refine it to have
a safer configuration.
I would also advice to first test with another GnomeMeeting user.

Btw, the crash is not normal, it is either a GnomeMeeting or an OpenH323
bug, you should report a backtrace.

Le sam 23/11/2002 à 22:30, Gilles Sadowski a écrit :

> The following is an excerpt (the part concerned with the 
> gnomemeeting-related ports) of the command 'iptables -L' ('dawn' is the 
> name of the machine behind the firewall on which GnomeMeeting runs):
> -----------
> Chain net2loc (1 references)
> target     prot opt source               destination        
> ACCEPT     all  --  anywhere             anywhere           state 
> RELATED,ESTABLISHED
> newnotsyn  tcp  --  anywhere             anywhere           state NEW 
> tcp flags:!SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             dawn               state NEW 
> tcp dpt:1720
> ACCEPT     tcp  --  anywhere             dawn               state NEW 
> tcp dpts:30000:30010
> ACCEPT     udp  --  anywhere             dawn               state NEW 
> udp dpts:5000:5003
> -----------
> 
> Then here are some of the logged messages about dropped packets:
> -----------
> Nov 23 21:53:31 lestat kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
> SRC=80.178.3.152 DST=212.239.177.57 LEN=48 TOS=0x00 PREC=0x00 TTL=117 
> ID=13490 DF PROTO=TCP SPT=2151 DPT=1503 WINDOW=8192 RES=0x00 SYN URGP=0
> 
> Nov 23 22:07:08 lestat kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= 
> SRC=80.178.3.152 DST=212.239.177.57 LEN=48 TOS=0x00 PREC=0x00 TTL=117 
> ID=43454 DF PROTO=TCP SPT=2235 DPT=32773 WINDOW=8192 RES=0x00 SYN URGP=0
> -----------
> Of course ports 1503 and 32773 are blocked because only 1720, 30000 to 
> 30010 and 5000 to 5003 are allowed and redirected to 'dawn'.
> 
> On the NetMeeting side my 'Connect/callto' trials were never seen.  On 
> my side, the 'Connect' windows appeared several times but clicking on 
> the 'connect' button was to no avail.  Finally, at some point, after 
> many trials, the link was established, but then after 3 minutes or so, 
> GnomeMeeting crashed! :-(
> After restarting, we tried to reestablish the connection but it didn't 
> work...
> 
> Does someone have an idea on what's wrong here?
> Thanks for your help.
> 
> Gilles
> 

-- 
Damien Sandras <dsandras seconix com>

References:
- [GnomeMeeting-list] Traffic congestion
  - From: Gilles Sadowski
- Re: [GnomeMeeting-list] Traffic congestion
  - From: Damien Sandras
- [GnomeMeeting-list] Traffic congestion ...
  - From: Gilles Sadowski
- Re: [GnomeMeeting-list] Traffic congestion ...
  - From: Damien Sandras
- [GnomeMeeting-list] GnomeMeeting 0.12.2 + h323 patch was OK but now ...
  - From: Gilles Sadowski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]