Loading ...
Sorry, an error occurred while loading the content.

firewall issues

Expand Messages
  • rj_serodio
    Hello there! I ve been using TWinkle for some time now, with excelent results. Unfortunately, I went playing around with my Iptables setup today -- and didn t
    Message 1 of 6 , Sep 10, 2006
    • 0 Attachment
      Hello there!

      I've been using TWinkle for some time now, with excelent results.
      Unfortunately, I went playing around with my Iptables setup today --
      and didn't save the original setup..

      Anyway, I was playing with the firewall just to learn about it, I'm
      actually behind a NAT. Now that I've messed it up, Twinkle complains
      about not being able to reach the STUN server I gave it, and sound
      quality is really bad.

      So I was wondering, what is the right firewall setting? I tried
      opening 5060, 8000-8005 and even 3478 (that's what my provider gives
      for the stun port), all to no avail. I really need a nudge here -
      perhaps some config script, shorewall, firehol or the like?

      Cheers,

      Renato
    • Michel de Boer
      Note that SIP, RTP and STUN are all running on UDP (not on TCP). In iptables there is a timer setting for keeping a UDP connection alive, i.e. when you send
      Message 2 of 6 , Sep 11, 2006
      • 0 Attachment
        Note that SIP, RTP and STUN are all running on UDP (not on TCP).
        In iptables there is a timer setting for keeping a UDP 'connection'
        alive, i.e. when you send out a UDP packet, then the answer should
        come within the timeout. If this timeout is very low or zero, then
        responses will be blocked by the firewall. I cannot remember how
        to set this timer in iptables.

        HTH,
        Michel


        rj_serodio wrote:
        > Hello there!
        >
        > I've been using TWinkle for some time now, with excelent results.
        > Unfortunately, I went playing around with my Iptables setup today --
        > and didn't save the original setup..
        >
        > Anyway, I was playing with the firewall just to learn about it, I'm
        > actually behind a NAT. Now that I've messed it up, Twinkle complains
        > about not being able to reach the STUN server I gave it, and sound
        > quality is really bad.
        >
        > So I was wondering, what is the right firewall setting? I tried
        > opening 5060, 8000-8005 and even 3478 (that's what my provider gives
        > for the stun port), all to no avail. I really need a nudge here -
        > perhaps some config script, shorewall, firehol or the like?
        >
        > Cheers,
        >
        > Renato
        >
        >
        >
        >
        >

        --
        Michel de Boer
        www.twinklephone.com
      • Renato Serodio
        ... Hash: SHA1 Hello there, thanks for the answer, Michel. Indeed, I had opened UDP ports - the timeout, related and such sound relevant, though.. Curiously,
        Message 3 of 6 , Sep 13, 2006
        • 0 Attachment
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          Hello there,

          thanks for the answer, Michel. Indeed, I had opened UDP ports - the
          timeout, 'related' and such sound relevant, though..

          Curiously, the problem seemed to go away - I didn't get the message,
          even though I hadn't changed iptables. The log reported having traversed
          NAT with aid from STUN. But the sound was still crappy.

          Next day, boot up, and the message came up again! And today, even though
          there was no message, and the ports were open, it was just impossible to
          have a conversation.

          Well, given that Twinkle has been working perfectly, I think this is a
          problem for some other list. In any case, thanks for the help!

          Cheers,

          Renato




          Michel de Boer wrote:
          > Note that SIP, RTP and STUN are all running on UDP (not on TCP).
          > In iptables there is a timer setting for keeping a UDP 'connection'
          > alive, i.e. when you send out a UDP packet, then the answer should
          > come within the timeout. If this timeout is very low or zero, then
          > responses will be blocked by the firewall. I cannot remember how
          > to set this timer in iptables.
          >
          > HTH,
          > Michel
          >
          >
          > rj_serodio wrote:
          >> Hello there!
          >>
          >> I've been using TWinkle for some time now, with excelent results.
          >> Unfortunately, I went playing around with my Iptables setup today --
          >> and didn't save the original setup..
          >>
          >> Anyway, I was playing with the firewall just to learn about it, I'm
          >> actually behind a NAT. Now that I've messed it up, Twinkle complains
          >> about not being able to reach the STUN server I gave it, and sound
          >> quality is really bad.
          >>
          >> So I was wondering, what is the right firewall setting? I tried
          >> opening 5060, 8000-8005 and even 3478 (that's what my provider gives
          >> for the stun port), all to no avail. I really need a nudge here -
          >> perhaps some config script, shorewall, firehol or the like?
          >>
          >> Cheers,
          >>
          >> Renato
          >>
          >>
          >>
          >>
          >>
          >
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.4.5 (GNU/Linux)

          iD8DBQFFCJYzwXbZX7yo4bQRAiOEAJ9n9/vM1ZvaODxP+jE3Khbo5IiFGwCfYg8Q
          kYLYPwzhoexP0v3uxsP2eDQ=
          =vHVJ
          -----END PGP SIGNATURE-----
        • joerg.greoj
          i rarely recommend this: try shutting down your firewall completely for short time to check it s the source of your problems IIRC you re sitting behind a nat,
          Message 4 of 6 , Sep 14, 2006
          • 0 Attachment
            i rarely recommend this: try shutting down your firewall completely
            for short time to check it's the source of your problems
            IIRC you're sitting behind a nat, so you might dare doing so using
            `rcSuSEfw2 stop`(on Suse linux) or whatever initscript in /etc/init.d
            might be responsible for start/stop the FW on your distro - takes
            5sec. should be safe for some 30min just for testing purposes, as long
            as you start it again after. avoid surfing and root-login for the time
            though!

            if you have checked the firewall IS the bottleneck, you might
            uninstall and newly install it (again check how to do this on your
            specific distro. on SuSE e.g.use Yast), to reset to original state.

            however i guess your problems and the FW changes are just independant
            issues coming same time by incident.

            jOERG
            "there is some kinda weather in internet."
          • Manish Singhal
            Hi everyone, I am new to twinkle and want to use its API for some application development. Though at first it looked quite simple but now it seems that
            Message 5 of 6 , Sep 27, 2006
            • 0 Attachment
              Hi everyone,

              I am new to twinkle and want to use its API for some application development. Though at first it looked quite simple but now it seems that understanding twinkle's code is not that simple.
              If any of you have a diagramatic representation of twinkle's architecture, or data-flow-diagram( or even class diagram), please share. It will help me understand the code faster and facilitate quicker application development. I tried to find such kind of material on its website, but unfortunately couldn't find any.

              Any help in this regard would be highly appreciated.

              Regards,
              Manish Singhal


              Find out what India is talking about on - Yahoo! Answers India
              Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW
            • Manish Singhal
              Hi there, We are trying to compile twinkle again by modifying a couple of files and adding some new ones. We have installed commoncpp2-1.3.21 library using
              Message 6 of 6 , Sep 28, 2006
              • 0 Attachment
                Hi there,

                We are trying to compile twinkle again by modifying a couple of files and adding some new ones.

                We have installed commoncpp2-1.3.21 library using source code by executing ./configure followed by make; make install. After this we have installed ccrtp-1.3.6 library too in the similar fashion.

                We generate configure file for twinkle through automake and autoconf utilities. it gives some warning regarding aclocal and CCXX. But since they are just warnings we move forward to run the generated configure file.

                We get the following error while running ./configure. It seems that its not recognising the commonC++ library.

                .................................
                .................................
                checking linux/types.h usability... yes
                checking linux/types.h presence... yes
                checking for linux/types.h... yes
                checking for linux/errqueue.h... yes
                ./configure: line 5198: syntax error near unexpected token `1.3.0,,exit'
                ./configure: line 5198: `OST_CCXX2_VERSION(1.3.0,,exit)'


                ------------------

                The corresponding lines in the twinkle configure file are:
                5196 #Check version of the Common C++ library.
                5197 #This also sets the cc++2 include directory in CXXFLAGS
                5198 OST_CCXX2_VERSION(1.3.0,,exit)


                Even the system does not show commoncpp installed when I query it using $rpm -qa | grep commoncpp .

                Please suggest what can the problem be?? Is it that commoncpp is not getting installed properly, or there is some problem with twinkle configuration.

                Regards,
                -Manish


                Find out what India is talking about on - Yahoo! Answers India
                Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8. Get it NOW
              Your message has been successfully submitted and would be delivered to recipients shortly.