Solved

MSN messenger Audio connection blocked by Iptable

Posted on 2004-05-02
5
373 Views
Last Modified: 2012-08-14
Hi, there
   I have a intranet eastablied, geteway is running iptable as a NAT server, inside my intranet,  192.168.1.2 address is used. everything works fine until I try to use my MSN Messenger audio to chat with my friends, connection cannot be eastablied at all. I wonder if MSN has some "call back" port needs to be confured, or how can I have MSN audio connection?
     My rule set for Iptables is pretty easy:

   
    iptables -F
    iptables -t nat -F
    iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.2 -j ACCEPT

 Do I have to add more rules ?
0
Comment
Question by:Eric_Bo
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 10972239
If memory serves, MSN Messenger Audio and Video requires a range of ports open for inbound connections and the port used will be randoming chosen from that range(s). As such the application isn't "firewall friendly" and having to open that range of ports constitutes a sizeable security risk.

I know that there's ongoing work by the Netfilter folks to provide a connection tracking module that eliminates the need for opening the range of ports, but as far as I know that support has not yet become a part of the iptables release. You might look around on the Netfilter site (http://www.netfilter.org/) for patches that might be usable.
0
 

Author Comment

by:Eric_Bo
ID: 10972709
what is the range(s) of these ports? or where i can find information about it ? If I would have to forward all those ports to my local machine, what would be iptable command to do so ? appreciate if you can by the way tell me that !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10978578
I think the port range depends on what version of MSN Messenger you are running. Try a web search for Messenger and firewalls. I lloked around but didn't find a definitive answer.
0
 

Author Comment

by:Eric_Bo
ID: 11039928
How would I forward a range of ports to my local machine ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11042991
iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 192.168.1.2

will forward TCP ports 2300-2400 to 192.168.1.2. Note that those ports then can't be used by any other machine.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now