Bug#297178: New NAT configuration fails because it doesn't listen
on the ports it tests.
Daniel Burrows
Daniel Burrows <dburrows@debian.org>, 297178@bugs.debian.org
Sun, 27 Feb 2005 13:29:24 -0500
--nextPart1562107.jeqcesZVfH
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Package: gnomemeeting
Version: 1.2.0+1.2.1cvs20050220-1
Severity: normal
I've been trying to get gnomemeeting 1.2's NAT to work, and I found a
rather bizarre problem. My networking setup is "simple": I have a Linux
NAT/firewall machine and several computers behind it. Only one of these
computers needs to use Gnomemeeting, so I've just forwarded the necessary
ports to it: TCP ports 1720 and 30000:30010 and UDP ports 5000:5016 and
5020:5023. The forwarding rules I'm using work for every other program,
but Gnomemeeting insists I have "symmetric NAT".
I decided to look into the problem further by dumping the network
traffic generated by gnomemeeting. Here's what I get on the computer
running gnomemeeting:
13:19:02.131768 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:02.131839 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable
13:19:07.010161 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:19:07.132799 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:07.132869 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable
As you can see, the port forwarding works fine: the external computer's
packets are successfully being passed to port 5020 on my computer.
However, my computer is responding by saying that the port is unreachable,
which I take to mean that no program is listening on port 5020 (I have no
iptables rules on this machine, so that sure isn't it!). Running "netstat"
during the test doesn't display anything with -Ainet, but with -Ainet6 I ge=
t:
tcp6 0 0 *:1720 *:*
LISTEN 13853/gnomemeeting =20
udp6 0 0 *:5021 *:*
13853/gnomemeeting =20
I don't think this is an ipv6 problem, though, because port 5021 seems
to be just fine:
13:25:09.575514 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:09.696921 IP 81.208.104.136.3478 > jester.burrows.local.5021: UDP, le=
ngth: 56
13:25:09.697448 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:14.695847 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:19.715796 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:24.721852 IP jester.burrows.local.5021 > 81.208.104.139.3479: UDP, le=
ngth: 28
13:25:24.846795 IP 81.208.104.139.3479 > jester.burrows.local.5021: UDP, le=
ngth: 56
It's only the ports not listed by netstat that show up failing.
In short, it looks like gnomemeeting doesn't even listen on most of the
ports that it tests, causing the test to report that my firewall is
incorrectly configured when it isn't.
Daniel
=2D- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1) (ignored: LC_=
ALL set to en_US)
Versions of packages gnomemeeting depends on:
ii gconf2 2.8.1-4 GNOME configuration database s=
yste
ii libart-2.0-2 2.3.17-1 Library of functions for 2D gr=
aphi
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libaudiofile0 0.2.6-5 Open-source version of SGI's a=
udio
ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library
ii libbonoboui2- 2.8.1-1 The Bonobo UI library
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii libebook8 1.0.3-2 Client library for evolution a=
ddre
ii libedataserve 1.0.3-2 Utily library for evolution da=
ta s
ii libesd0 0.2.35-2 Enlightened Sound Daemon - Sha=
red=20
ii libgcc1 1:3.4.3-9 GCC support library
ii libgconf2-4 2.8.1-4 GNOME configuration database s=
yste
ii libglib2.0-0 2.6.2-1 The GLib library of C routines
ii libgnome2-0 2.8.1-2 The GNOME 2 library - runtime =
file
ii libgnomecanva 2.8.0-1 A powerful object-oriented dis=
play
ii libgnomeui-0 2.8.1-1 The GNOME 2 libraries (User In=
terf
ii libgnomevfs2- 2.8.4-1 The GNOME virtual file-system =
libr
ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interf=
ace=20
ii libhowl0 0.9.8-2 Library for Zeroconf service d=
isco
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libopenh323-1 1.15.3-1 H.323 aka VoIP library
ii liborbit2 1:2.10.5-0.1 libraries for ORBit2 - a CORBA=
ORB
ii libpango1.0-0 1.8.0-3 Layout and rendering of intern=
atio
ii libpopt0 1.7-5 lib for parsing cmdline parame=
ters
ii libpt-1.8.3 1.8.4-1 Portable Windows Library
ii libpt-plugins 1.8.4-1 Portable Windows Library Audio=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Audio=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Video=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Video=
Plu
ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-4.1 Simple DirectMedia Layer
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Manage=
ment
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii libxml2 2.6.16-3 GNOME XML library
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) con=
figu
ii zlib1g 1:1.2.2-4 compression library - runtime
=2D- no debconf information
=2D-=20
/------------------- Daniel Burrows <dburrows@debian.org> -----------------=
=2D\
| A conclusion is the place =
|
| where you got tired of thinking. =
|
\------ Listener-supported public radio -- NPR -- http://www.npr.org ------=
=2D/
--nextPart1562107.jeqcesZVfH
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQBCIhGNch6xsM7kSXgRAiSaAJ9GE955Q4ReG+MC4yPXnxvyhw/LLwCgjdI8
D5E/dYvUC38vjlZfciq34dY=
=ZJpI
-----END PGP SIGNATURE-----
--nextPart1562107.jeqcesZVfH--