Solved

MSN messenger Audio connection blocked by Iptable

Posted on 2004-05-02
5
376 Views
Last Modified: 2012-08-14
Hi, there
   I have a intranet eastablied, geteway is running iptable as a NAT server, inside my intranet,  192.168.1.2 address is used. everything works fine until I try to use my MSN Messenger audio to chat with my friends, connection cannot be eastablied at all. I wonder if MSN has some "call back" port needs to be confured, or how can I have MSN audio connection?
     My rule set for Iptables is pretty easy:

   
    iptables -F
    iptables -t nat -F
    iptables -t nat -A POSTROUTING -s 192.168.1.2 -j MASQUERADE
    echo 1 > /proc/sys/net/ipv4/ip_forward

    iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
    iptables -A FORWARD -d 192.168.1.2 -j ACCEPT

 Do I have to add more rules ?
0
Comment
Question by:Eric_Bo
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 10972239
If memory serves, MSN Messenger Audio and Video requires a range of ports open for inbound connections and the port used will be randoming chosen from that range(s). As such the application isn't "firewall friendly" and having to open that range of ports constitutes a sizeable security risk.

I know that there's ongoing work by the Netfilter folks to provide a connection tracking module that eliminates the need for opening the range of ports, but as far as I know that support has not yet become a part of the iptables release. You might look around on the Netfilter site (http://www.netfilter.org/) for patches that might be usable.
0
 

Author Comment

by:Eric_Bo
ID: 10972709
what is the range(s) of these ports? or where i can find information about it ? If I would have to forward all those ports to my local machine, what would be iptable command to do so ? appreciate if you can by the way tell me that !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10978578
I think the port range depends on what version of MSN Messenger you are running. Try a web search for Messenger and firewalls. I lloked around but didn't find a definitive answer.
0
 

Author Comment

by:Eric_Bo
ID: 11039928
How would I forward a range of ports to my local machine ?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 11042991
iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 2300:2400 -j DNAT --to 192.168.1.2

will forward TCP ports 2300-2400 to 192.168.1.2. Note that those ports then can't be used by any other machine.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now