Solved

MSN messenger Audio connection blocked by Iptable

Posted on 2004-05-02
5
380 Views
Last Modified: 2012-08-14
Hi, there
   I have a intranet eastablied, geteway is running iptable as a NAT server, inside my intranet,  192.168.1.2 address is used. everything works fine until I try to use my MSN Messenger audio to chat with my friends, connection cannot be eastablied at all. I wonder if MSN has some "call back" port needs to be confured, or how can I have MSN audio connection?
     My rule set for Iptables is pretty easy:

   
    iptables -F
    iptables -t nat -F
    iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.2 -j ACCEPT

 Do I have to add more rules ?
0
Comment
Question by:Eric_Bo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 10972239
If memory serves, MSN Messenger Audio and Video requires a range of ports open for inbound connections and the port used will be randoming chosen from that range(s). As such the application isn't "firewall friendly" and having to open that range of ports constitutes a sizeable security risk.

I know that there's ongoing work by the Netfilter folks to provide a connection tracking module that eliminates the need for opening the range of ports, but as far as I know that support has not yet become a part of the iptables release. You might look around on the Netfilter site (http://www.netfilter.org/) for patches that might be usable.
0
 

Author Comment

by:Eric_Bo
ID: 10972709
what is the range(s) of these ports? or where i can find information about it ? If I would have to forward all those ports to my local machine, what would be iptable command to do so ? appreciate if you can by the way tell me that !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10978578
I think the port range depends on what version of MSN Messenger you are running. Try a web search for Messenger and firewalls. I lloked around but didn't find a definitive answer.
0
 

Author Comment

by:Eric_Bo
ID: 11039928
How would I forward a range of ports to my local machine ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11042991
iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 192.168.1.2

will forward TCP ports 2300-2400 to 192.168.1.2. Note that those ports then can't be used by any other machine.
0

Featured Post

Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question