GNOME.org
 

[GnomeMeeting-list] Re: quicknet and gnomemeeting questions

Damien Sandras <dsandras seconix com> writes:

> That rule is only if you control outgoing traffic. I will remove it from
> the FAQ to not confuse people anymore.
>
> Le lun 13/10/2003 à 23:44, Damien Sandras a écrit :
>> Le lun 13/10/2003 à 19:26, Eythan Weg a écrit :
>> 
>> > 
>> > $IPTABLES -I POSTROUTING 1 -t nat -o $IN_DEV -d  \
>> > $IN_HOST  -p udp --dport $TCP_PORT_RANGE -j ACCEPT
>> 
>> Ouch, thanks for mentionning this !!!
>> I will update the FAQ now, I'm surprised we have not more users with
>> problems.

I have tried some more.  Here are the relevant
setting given by iptables.   I flushed all the
tables and reset the rules just before I start
gnomemeeting.  First the filter table:

-----------------------------
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1330 91067 bad_tcp_packets  tcp  --  any    any     anywhere             anywhere           
    1    60 tcp_packets  tcp  --  eth0   any     anywhere             anywhere           
   22  7667 udp_packets  udp  --  eth0   any     anywhere             anywhere           
    0     0 DROP       all  --  eth0   any     anywhere             BASE-ADDRESS.MCAST.NET/8

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source    destination         
   16  3707 ACCEPT     udp  --  eth0   any     anywhere  192.168.0.2        udp dpts:5010:5013 
    0     0 ACCEPT     tcp  --  eth0   any     anywhere  192.168.0.2        tcp dpt:1720 
  486 33628 ACCEPT     udp  --  eth0   any     anywhere  192.168.0.2        udp dpts:5000:5003 
   19  1827 ACCEPT     tcp  --  eth0   any     anywhere  192.168.0.2        tcp dpts:30000:30010 

Chain allowed (3 references)
 pkts bytes target     prot opt in     out     source    destination         
    1    60 ACCEPT     tcp  --  any    any     anywhere  anywhere           tcp flags:SYN,RST,ACK/SYN 
    0     0 ACCEPT     tcp  --  any    any     anywhere  anywhere           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  any    any     anywhere  anywhere           


Chain tcp_packets (1 references)
 pkts bytes target     prot opt in     out     source    destination         
    1    60 allowed    tcp  --  any    any     anywhere  anywhere           tcp dpt:smtp 
    0     0 allowed    tcp  --  any    any     anywhere  anywhere           tcp dpts:30000:30010 
    0     0 allowed    tcp  --  any    any     anywhere  anywhere           tcp dpt:1720 

Chain udp_packets (1 references)
 pkts bytes target     prot opt in     out     source    destination         
    0     0 ACCEPT     udp  --  any    any     anywhere  anywhere           udp dpts:5000:5003 
    0     0 ACCEPT     udp  --  any    any     anywhere  anywhere           udp dpts:5010:5013 
   22  7667 DROP       udp  --  eth0   any     anywhere  255.255.255.255    udp dpts:bootps:bootpc 


And here is the relevant nat table.

Chain PREROUTING (policy ACCEPT 52 packets, 9034 bytes)
 pkts bytes target     prot opt in     out     source    destination         
    1   150 DNAT       udp  --  eth0   any     anywhere  anywhere           udp dpts:5010:5013 to:192.168.0.2 
    0     0 DNAT       tcp  --  eth0   any     anywhere  anywhere           tcp dpt:1720 to:192.168.0.2 
    2   268 DNAT       udp  --  eth0   any     anywhere  anywhere           udp dpts:5000:5003 to:192.168.0.2 
    0     0 DNAT       tcp  --  eth0   any     anywhere  anywhere           tcp dpts:30000:30010 to:192.168.0.2 

Chain POSTROUTING (policy ACCEPT 2 packets, 142 bytes)
 pkts bytes target     prot opt in     out     source    destination         
    1   150 ACCEPT     udp  --  any    eth1    anywhere  192.168.0.2        udp dpts:5010:5013 
    0     0 ACCEPT     tcp  --  any    eth1    anywhere  192.168.0.2        tcp dpt:1720 
    2   268 ACCEPT     udp  --  any    eth1    anywhere  192.168.0.2        udp dpts:5000:5003 
    0     0 ACCEPT     tcp  --  any    eth1    anywhere  192.168.0.2        tcp dpts:30000:30010 

-------------------------
eth0 is the external interface and eth1 is the internal.  
GM runs on 192.68.0.2.

Seems to me something is moving on the 5000:5013
ports.  No record of DROPed packets relevant to
our matter.  However, it fails, and Microtelco
does not charge.  Here is the history as
registered by GM.  I call myself but I do not hear
any rings on the other phone.  The first call ends
with a busy signal, and the second also but very
quickly with "Remote user cleared the call".  What
sense can be made out of this?


------------------------
0:15:05 Started GnomeMeeting V0.98 for weg

20:15:05 Using Quicknet device Internet PhoneJACK-ISA /dev/phone0
20:15:37 Gatekeeper set to bmac 66 7 159 99
20:16:15 Phone is off hook
20:16:35 Calling h323:765497xxxx
20:16:37 Attaching lid hardware to codec
20:16:37 Started New Logical Channel...
20:16:37 Sending G.723.1A(6.3k)-Cisco{hw}
20:16:37 Enabled silence detection for G.723.1A(6.3k)-Cisco{hw}
20:16:37 Attaching lid hardware to codec
20:16:37 Started New Logical Channel...
20:16:37 Receiving G.723.1A(6.3k)-Cisco{hw}

        Rings and then sounds busy and  I put the
        handset on the hook.


20:17:02 Phone is on hook
20:17:02 Trying to stop calling
20:17:03 Local user cleared the call
20:19:07 Phone is off hook
20:19:07 Calling h323:765497xxxx
20:19:09 Remote user cleared the call
20:19:13 Phone is on hook

--------------------

I use GM 0.98.5, and the nixj driver is cvs
from October 1 or thereabout.  

Sincerely,  eythan
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]