Bug#297178: marked as done (New NAT configuration fails because
it doesn't listen on the ports it tests.)
Debian Bug Tracking System
owner@bugs.debian.org
Sat, 07 May 2005 15:03:10 -0700
Your message dated Sat, 7 May 2005 17:54:09 -0400
with message-id <200505071754.18579.dburrows@debian.org>
and subject line oops
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Feb 2005 18:29:39 +0000
>From dburrows@debian.org Sun Feb 27 10:29:39 2005
Return-path: <dburrows@debian.org>
Received: from f05s05.cac.psu.edu (f05n05.cac.psu.edu) [128.118.141.48]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D5TAh-00063a-00; Sun, 27 Feb 2005 10:29:39 -0800
Received: from jester.burrows.local (pool-141-151-236-206.alt.east.verizon.net [141.151.236.206])
(authenticated bits=0)
by f05n05.cac.psu.edu (8.13.2/8.13.2) with ESMTP id j1RITb7Q022500
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
for <submit@bugs.debian.org>; Sun, 27 Feb 2005 13:29:38 -0500
From: Daniel Burrows <dburrows@debian.org>
To: submit@bugs.debian.org
Subject: New NAT configuration fails because it doesn't listen on the ports it tests.
Date: Sun, 27 Feb 2005 13:29:24 -0500
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart1562107.jeqcesZVfH";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200502271329.33711.dburrows@debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--nextPart1562107.jeqcesZVfH
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Package: gnomemeeting
Version: 1.2.0+1.2.1cvs20050220-1
Severity: normal
I've been trying to get gnomemeeting 1.2's NAT to work, and I found a
rather bizarre problem. My networking setup is "simple": I have a Linux
NAT/firewall machine and several computers behind it. Only one of these
computers needs to use Gnomemeeting, so I've just forwarded the necessary
ports to it: TCP ports 1720 and 30000:30010 and UDP ports 5000:5016 and
5020:5023. The forwarding rules I'm using work for every other program,
but Gnomemeeting insists I have "symmetric NAT".
I decided to look into the problem further by dumping the network
traffic generated by gnomemeeting. Here's what I get on the computer
running gnomemeeting:
13:19:02.131768 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:02.131839 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable
13:19:07.010161 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:19:07.132799 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:07.132869 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable
As you can see, the port forwarding works fine: the external computer's
packets are successfully being passed to port 5020 on my computer.
However, my computer is responding by saying that the port is unreachable,
which I take to mean that no program is listening on port 5020 (I have no
iptables rules on this machine, so that sure isn't it!). Running "netstat"
during the test doesn't display anything with -Ainet, but with -Ainet6 I ge=
t:
tcp6 0 0 *:1720 *:*
LISTEN 13853/gnomemeeting =20
udp6 0 0 *:5021 *:*
13853/gnomemeeting =20
I don't think this is an ipv6 problem, though, because port 5021 seems
to be just fine:
13:25:09.575514 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:09.696921 IP 81.208.104.136.3478 > jester.burrows.local.5021: UDP, le=
ngth: 56
13:25:09.697448 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:14.695847 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:19.715796 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:24.721852 IP jester.burrows.local.5021 > 81.208.104.139.3479: UDP, le=
ngth: 28
13:25:24.846795 IP 81.208.104.139.3479 > jester.burrows.local.5021: UDP, le=
ngth: 56
It's only the ports not listed by netstat that show up failing.
In short, it looks like gnomemeeting doesn't even listen on most of the
ports that it tests, causing the test to report that my firewall is
incorrectly configured when it isn't.
Daniel
=2D- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1) (ignored: LC_=
ALL set to en_US)
Versions of packages gnomemeeting depends on:
ii gconf2 2.8.1-4 GNOME configuration database s=
yste
ii libart-2.0-2 2.3.17-1 Library of functions for 2D gr=
aphi
ii libatk1.0-0 1.8.0-4 The ATK accessibility toolkit
ii libaudiofile0 0.2.6-5 Open-source version of SGI's a=
udio
ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library
ii libbonoboui2- 2.8.1-1 The Bonobo UI library
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
ii libebook8 1.0.3-2 Client library for evolution a=
ddre
ii libedataserve 1.0.3-2 Utily library for evolution da=
ta s
ii libesd0 0.2.35-2 Enlightened Sound Daemon - Sha=
red=20
ii libgcc1 1:3.4.3-9 GCC support library
ii libgconf2-4 2.8.1-4 GNOME configuration database s=
yste
ii libglib2.0-0 2.6.2-1 The GLib library of C routines
ii libgnome2-0 2.8.1-2 The GNOME 2 library - runtime =
file
ii libgnomecanva 2.8.0-1 A powerful object-oriented dis=
play
ii libgnomeui-0 2.8.1-1 The GNOME 2 libraries (User In=
terf
ii libgnomevfs2- 2.8.4-1 The GNOME virtual file-system =
libr
ii libgtk2.0-0 2.6.2-3 The GTK+ graphical user interf=
ace=20
ii libhowl0 0.9.8-2 Library for Zeroconf service d=
isco
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libopenh323-1 1.15.3-1 H.323 aka VoIP library
ii liborbit2 1:2.10.5-0.1 libraries for ORBit2 - a CORBA=
ORB
ii libpango1.0-0 1.8.0-3 Layout and rendering of intern=
atio
ii libpopt0 1.7-5 lib for parsing cmdline parame=
ters
ii libpt-1.8.3 1.8.4-1 Portable Windows Library
ii libpt-plugins 1.8.4-1 Portable Windows Library Audio=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Audio=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Video=
Plu
ii libpt-plugins 1.8.4-1 Portable Windows Library Video=
Plu
ii libsdl1.2debi 1.2.7+1.2.8cvs20041007-4.1 Simple DirectMedia Layer
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Manage=
ment
ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol clien=
t li
ii libxml2 2.6.16-3 GNOME XML library
ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) con=
figu
ii zlib1g 1:1.2.2-4 compression library - runtime
=2D- no debconf information
=2D-=20
/------------------- Daniel Burrows <dburrows@debian.org> -----------------=
=2D\
| A conclusion is the place =
|
| where you got tired of thinking. =
|
\------ Listener-supported public radio -- NPR -- http://www.npr.org ------=
=2D/
--nextPart1562107.jeqcesZVfH
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQBCIhGNch6xsM7kSXgRAiSaAJ9GE955Q4ReG+MC4yPXnxvyhw/LLwCgjdI8
D5E/dYvUC38vjlZfciq34dY=
=ZJpI
-----END PGP SIGNATURE-----
--nextPart1562107.jeqcesZVfH--
---------------------------------------
Received: (at 297178-done) by bugs.debian.org; 7 May 2005 21:54:25 +0000
>From dburrows@debian.org Sat May 07 14:54:25 2005
Return-path: <dburrows@debian.org>
Received: from f05s05.cac.psu.edu (f05n05.cac.psu.edu) [128.118.141.48]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DUXFh-0004UZ-00; Sat, 07 May 2005 14:54:25 -0700
Received: from jester.burrows.local ([141.151.236.206])
(authenticated bits=0)
by f05n05.cac.psu.edu (8.13.2/8.13.2) with ESMTP id j47LsMvL025772
(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
for <297178-done@bugs.debian.org>; Sat, 7 May 2005 17:54:23 -0400
From: Daniel Burrows <dburrows@debian.org>
To: 297178-done@bugs.debian.org
Subject: oops
Date: Sat, 7 May 2005 17:54:09 -0400
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart29359720.rrS8UfsKSg";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200505071754.18579.dburrows@debian.org>
Delivered-To: 297178-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--nextPart29359720.rrS8UfsKSg
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
PEBCAK
=2D-=20
/------------------- Daniel Burrows <dburrows@debian.org> -----------------=
=2D\
| "You mean, you'll drop your rock and =
|
| I'll drop my sword and we'll just try to =
|
| kill one another like civilized people?" =
|
| -- "The Princess Bride" =
|
\--- Be like the kid in the movie! Play chess! -- http://www.uschess.org -=
=2D/
--nextPart29359720.rrS8UfsKSg
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQBCfTkKch6xsM7kSXgRAvSYAJ9k+IVQ8m1cc6dpsL01eyLRhX17lwCfes1n
a782Vf3gH+lC7xjdpQNfcG4=
=3t9X
-----END PGP SIGNATURE-----
--nextPart29359720.rrS8UfsKSg--