|
On Monday 13 June 2005 13:49, Damien Sandras wrote: > Le dimanche 12 juin 2005 à 18:33 +0200, Benedek Frank a écrit : > > > Have you checked that the machine running Netmeeting (ie not the one > > > doing the NAT) has its firewall disabled completely? > > > > Hi > > > > Yes, I disabled the SP2 firewall on the NM, and still no go. I dont have > > access to any other machines on the same network, so I cannot try to > > telnet into the box via 1720 from an internal machine, which would be > > something to try. And on top of all that, it is behind a Japanese router, > > which gives you the idea how easy it is to set it up, sepaking reading > > almost no Japanese at all. That is why I set the DMZ. DMZ is DMZ in all > > languages. Haha. Sorry to bother the list, I will try to contact the > > routers maker for further instructions. > > Perahps you still need to forward 1720 from the router to the internal > machine, even with the machine in the DMZ. Just blind-guessing here > because the problem is weird. > > > Thanks Hi I verified as best as I could, that 1720 is accessible by the XP box, Now I can telnet to it, etc, but still no go. Thankfully I found an option on the NM XP box`s firewall, which is a logging option. So I set that enabled, and now the NM PC will log every attempt, that gets by the firewall, to the NM PC. Again all ports are open, and the DMZ seems to be working, as all trafic gets to the NM PC, just something is still bad. I think, that it tries to send something back to the GM box, on port ranges from 33500 - 33599 (maybe?), and that is not open on the GM side. I will not open it until you guys confirm that that might help, as that is not in the FAQ at all, so I am suspicious that I overlooked something. Well, enough said, I will paste the log here, removing only my static IP from the log, replacing it with XXX.XXX.XXX.XXX So that is my IP, its not really in the log. Privacy purposes. The other IP (192.168.0.100) is the internal IP of the NM PC. Also always first IP is source second is destination. First port is source second is destination. Thanks This first part is a successful call made from the NM side to the GM side, and then manual disconnection (hang up). #Version: 1.5 #Software: Microsoft Windows Firewall #Time Format: Local #Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path 2005-06-14 23:58:14 OPEN TCP 192.168.0.100 xxx.xxx.xxx.xxx 1778 1720 - - - - - - - - - 2005-06-14 23:58:21 OPEN TCP 192.168.0.100 xxx.xxx.xxx.xxx 1779 33523 - - - - - - - - - 2005-06-14 23:58:28 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49605 5005 - - - - - - - - - 2005-06-14 23:58:36 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49604 5004 - - - - - - - - - 2005-06-14 23:58:38 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49603 5007 - - - - - - - - - 2005-06-15 00:00:16 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1778 1720 - - - - - - - - - 2005-06-15 00:00:17 DROP TCP xxx.xxx.xxx.xxx 192.168.0.100 1720 1778 40 A 683060071 1799151656 6432 - - - RECEIVE 2005-06-15 00:01:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49604 5004 - - - - - - - - - 2005-06-15 00:02:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49605 5005 - - - - - - - - - 2005-06-15 00:02:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49603 5007 - - - - - - - - - This second part is when I make the call from the GM side toward the NM side, and the call will not go through, and the GM will say (Remote user did not accept the call) 2005-06-15 00:02:34 OPEN-INBOUND TCP xxx.xxx.xxx.xxx 192.168.0.100 33527 1720 - - - - - - - - - 2005-06-15 00:02:35 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1720 33527 - - - - - - - - - At this point, the call already fails, you can see from the log it takes only a second to fail. What it seems to me is that the NM tries to open back a connection to the GM, and it fails as the GM does not get port 33527 forwarded to it? Also I will show another attempt, same setup, you can see the the 335xx port is in an ascending order, and the difference is only one. So it is a random port, which range I am unaware of. 2005-06-15 00:02:39 OPEN-INBOUND TCP xxx.xxx.xxx.xxx 192.168.0.100 33528 1720 - - - - - - - - - 2005-06-15 00:02:40 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1720 33528 - - - - - - - - - SOrry for the complex posting, if you have a little time, could you try to solve it with me? Thanks a lot Benedek Frank |