Solved

MSN messenger Audio connection blocked by Iptable

Posted on 2004-05-02
5
379 Views
Last Modified: 2012-08-14
Hi, there
   I have a intranet eastablied, geteway is running iptable as a NAT server, inside my intranet,  192.168.1.2 address is used. everything works fine until I try to use my MSN Messenger audio to chat with my friends, connection cannot be eastablied at all. I wonder if MSN has some "call back" port needs to be confured, or how can I have MSN audio connection?
     My rule set for Iptables is pretty easy:

   
    iptables -F
    iptables -t nat -F
    iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.2 -j ACCEPT

 Do I have to add more rules ?
0
Comment
Question by:Eric_Bo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 10972239
If memory serves, MSN Messenger Audio and Video requires a range of ports open for inbound connections and the port used will be randoming chosen from that range(s). As such the application isn't "firewall friendly" and having to open that range of ports constitutes a sizeable security risk.

I know that there's ongoing work by the Netfilter folks to provide a connection tracking module that eliminates the need for opening the range of ports, but as far as I know that support has not yet become a part of the iptables release. You might look around on the Netfilter site (http://www.netfilter.org/) for patches that might be usable.
0
 

Author Comment

by:Eric_Bo
ID: 10972709
what is the range(s) of these ports? or where i can find information about it ? If I would have to forward all those ports to my local machine, what would be iptable command to do so ? appreciate if you can by the way tell me that !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10978578
I think the port range depends on what version of MSN Messenger you are running. Try a web search for Messenger and firewalls. I lloked around but didn't find a definitive answer.
0
 

Author Comment

by:Eric_Bo
ID: 11039928
How would I forward a range of ports to my local machine ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11042991
iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 192.168.1.2

will forward TCP ports 2300-2400 to 192.168.1.2. Note that those ports then can't be used by any other machine.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question