Re: UPDATE2 [GnomeMeeting-list] Gnomemeeting to Netmeeting, only one way and no video

[Benedek Frank <linux celifornia com>]

On Tuesday 14 June 2005 17:37, Benedek Frank wrote:
> On Monday 13 June 2005 13:49, Damien Sandras wrote:
> > Le dimanche 12 juin 2005 à 18:33 +0200, Benedek Frank a écrit :
> > > > Have you checked that the machine running Netmeeting (ie not the one
> > > > doing the NAT) has its firewall disabled completely?
> > >
> > > Hi
> > >
> > > Yes, I disabled the SP2 firewall on the NM, and still no go. I dont
> > > have access to any other machines on the same network, so I cannot try
> > > to telnet into the box via 1720 from an internal machine, which would
> > > be something to try. And on top of all that, it is behind a Japanese
> > > router, which gives you the idea how easy it is to set it up, sepaking
> > > reading almost no Japanese at all. That is why I set the DMZ. DMZ is
> > > DMZ in all languages. Haha. Sorry to bother the list, I will try to
> > > contact the routers maker for further instructions.
> >
> > Perahps you still need to forward 1720 from the router to the internal
> > machine, even with the machine in the DMZ. Just blind-guessing here
> > because the problem is weird.
> >
> > > Thanks
>
> Hi
>
> I verified as best as I could, that 1720 is accessible by the XP box, Now I
> can telnet to it, etc, but still no go. Thankfully I found an option on the
> NM XP box`s firewall, which is a logging option. So I set that enabled, and
> now the NM PC will log every attempt, that gets by the firewall, to the NM
> PC. Again all ports are open, and the DMZ seems to be working, as all
> trafic gets to the NM PC, just something is still bad. I think, that it
> tries to send something back to the GM box, on port ranges from 33500 -
> 33599 (maybe?), and that is not open on the GM side. I will not open it
> until you guys confirm that that might help, as that is not in the FAQ at
> all, so I am suspicious that I overlooked something. Well, enough said, I
> will paste the log here, removing only my static IP from the log, replacing
> it with XXX.XXX.XXX.XXX So that is my IP, its not really in the log.
> Privacy purposes. The other IP (192.168.0.100) is the internal IP of the NM
> PC. Also always first IP is source second is destination. First port is
> source second is destination.
>
> Thanks
>
> This first part is a successful call made from the NM side to the GM side,
> and then manual disconnection (hang up).
> #Version: 1.5
> #Software: Microsoft Windows Firewall
> #Time Format: Local
> #Fields: date time action protocol src-ip dst-ip src-port dst-port size
> tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
>
> 2005-06-14 23:58:14 OPEN TCP 192.168.0.100 xxx.xxx.xxx.xxx 1778 1720 - - -
> - - - - - -
> 2005-06-14 23:58:21 OPEN TCP 192.168.0.100 xxx.xxx.xxx.xxx 1779 33523 - - -
> - - - - - -
> 2005-06-14 23:58:28 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49605 5005 - - -
> - - - - - -
> 2005-06-14 23:58:36 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49604 5004 - - -
> - - - - - -
> 2005-06-14 23:58:38 OPEN UDP 192.168.0.100 xxx.xxx.xxx.xxx 49603 5007 - - -
> - - - - - -
> 2005-06-15 00:00:16 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1778 1720 - - -
> - - - - - -
> 2005-06-15 00:00:17 DROP TCP xxx.xxx.xxx.xxx 192.168.0.100 1720 1778 40 A
> 683060071 1799151656 6432 - - - RECEIVE
> 2005-06-15 00:01:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49604 5004 - -
> - - - - - - -
> 2005-06-15 00:02:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49605 5005 - -
> - - - - - - -
> 2005-06-15 00:02:11 CLOSE UDP 192.168.0.100 xxx.xxx.xxx.xxx 49603 5007 - -
> - - - - - - -
>
> This second part is when I make the call from the GM side toward the NM
> side, and the call will not go through, and the GM will say (Remote user
> did not accept the call)
>
> 2005-06-15 00:02:34 OPEN-INBOUND TCP xxx.xxx.xxx.xxx 192.168.0.100 33527
> 1720 - - - - - - - - -
> 2005-06-15 00:02:35 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1720 33527 - -
> - - - - - - -
>
> At this point, the call already fails, you can see from the log it takes
> only a second to fail. What it seems to me is that the NM tries to open
> back a connection to the GM, and it fails as the GM does not get port 33527
> forwarded to it? Also I will show another attempt, same setup, you can see
> the the 335xx port is in an ascending order, and the difference is only
> one. So it is a random port, which range I am unaware of.
>
> 2005-06-15 00:02:39 OPEN-INBOUND TCP xxx.xxx.xxx.xxx 192.168.0.100 33528
> 1720 - - - - - - - - -
> 2005-06-15 00:02:40 CLOSE TCP 192.168.0.100 xxx.xxx.xxx.xxx 1720 33528 - -
> - - - - - - -
>
> SOrry for the complex posting, if you have a little time, could you try to
> solve it with me? Thanks a lot
>
> Benedek Frank

Hi

I know my problem is very compilcated, sorry for the continuing mails, I am 
still looking for a solution.

What I discovered in my last LONG (sorry about that) mail, that the NM sends 
back something on ports above 30000. It is absolutely random, but once it 
starts, it is consequent, meanting if a call generates a port request on 
33454 the next calll will go to 33455. So I did a call, saw the port, then 
opened the next port on the router in front of the GM, and I started ringing 
the NM. This time, i didnt get the message "Remote host didnt accept call" 
but I got a message after 6-7 rings "Remote user offline", even though it was 
online. I was in the NM box with VNC, and it didnt ring.

One more time, compiling where we stand.

GM -- Router (ports open) --------IP Overseas --------- Router (DMZ to NM) NM

In this setup, I can call from NM to GM, and I have audio but no video. When I 
call from GM to NM, it will say "Remote user doesnt accept call".

Please check the NM PC`s log, that is recorded with the XP SP2 firewall. On 
the GM side, I dont have a log.

Thanks for helping

Ben