Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

MSN messenger Audio connection blocked by Iptable

Posted on 2004-05-02
5
Medium Priority
?
384 Views
Last Modified: 2012-08-14
Hi, there
   I have a intranet eastablied, geteway is running iptable as a NAT server, inside my intranet,  192.168.1.2 address is used. everything works fine until I try to use my MSN Messenger audio to chat with my friends, connection cannot be eastablied at all. I wonder if MSN has some "call back" port needs to be confured, or how can I have MSN audio connection?
     My rule set for Iptables is pretty easy:

   
    iptables -F
    iptables -t nat -F
    iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.2 -j ACCEPT

 Do I have to add more rules ?
0
Comment
Question by:Eric_Bo
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 150 total points
ID: 10972239
If memory serves, MSN Messenger Audio and Video requires a range of ports open for inbound connections and the port used will be randoming chosen from that range(s). As such the application isn't "firewall friendly" and having to open that range of ports constitutes a sizeable security risk.

I know that there's ongoing work by the Netfilter folks to provide a connection tracking module that eliminates the need for opening the range of ports, but as far as I know that support has not yet become a part of the iptables release. You might look around on the Netfilter site (http://www.netfilter.org/) for patches that might be usable.
0
 

Author Comment

by:Eric_Bo
ID: 10972709
what is the range(s) of these ports? or where i can find information about it ? If I would have to forward all those ports to my local machine, what would be iptable command to do so ? appreciate if you can by the way tell me that !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10978578
I think the port range depends on what version of MSN Messenger you are running. Try a web search for Messenger and firewalls. I lloked around but didn't find a definitive answer.
0
 

Author Comment

by:Eric_Bo
ID: 11039928
How would I forward a range of ports to my local machine ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11042991
iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 192.168.1.2

will forward TCP ports 2300-2400 to 192.168.1.2. Note that those ports then can't be used by any other machine.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question