Bug#297178: marked as done (New NAT configuration fails because it doesn't listen on the ports it tests.)

Debian Bug Tracking System owner@bugs.debian.org
Sat, 07 May 2005 15:03:10 -0700


Your message dated Sat, 7 May 2005 17:54:09 -0400
with message-id <200505071754.18579.dburrows@debian.org>
and subject line oops
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Feb 2005 18:29:39 +0000
>From dburrows@debian.org Sun Feb 27 10:29:39 2005
Return-path: <dburrows@debian.org>
Received: from f05s05.cac.psu.edu (f05n05.cac.psu.edu) [128.118.141.48] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D5TAh-00063a-00; Sun, 27 Feb 2005 10:29:39 -0800
Received: from jester.burrows.local (pool-141-151-236-206.alt.east.verizon.net [141.151.236.206])
	(authenticated bits=0)
	by f05n05.cac.psu.edu (8.13.2/8.13.2) with ESMTP id j1RITb7Q022500
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
	for <submit@bugs.debian.org>; Sun, 27 Feb 2005 13:29:38 -0500
From: Daniel Burrows <dburrows@debian.org>
To: submit@bugs.debian.org
Subject: New NAT configuration fails because it doesn't listen on the ports it  tests.
Date: Sun, 27 Feb 2005 13:29:24 -0500
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1562107.jeqcesZVfH";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200502271329.33711.dburrows@debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

--nextPart1562107.jeqcesZVfH
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Package: gnomemeeting
Version: 1.2.0+1.2.1cvs20050220-1
Severity: normal

  I've been trying to get gnomemeeting 1.2's NAT to work, and I found a
rather bizarre problem.  My networking setup is "simple": I have a Linux
NAT/firewall machine and several computers behind it.  Only one of these
computers needs to use Gnomemeeting, so I've just forwarded the necessary
ports to it: TCP ports 1720 and 30000:30010 and UDP ports 5000:5016 and
5020:5023.  The forwarding rules I'm using work for every other program,
but Gnomemeeting insists I have "symmetric NAT".

  I decided to look into the problem further by dumping the network
traffic generated by gnomemeeting.  Here's what I get on the computer
running gnomemeeting:

13:19:02.131768 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:02.131839 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable
13:19:07.010161 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:19:07.132799 IP 81.208.104.139.3479 > jester.burrows.local.5020: UDP, le=
ngth: 56
13:19:07.132869 IP jester.burrows.local > 81.208.104.139: icmp 92: jester.b=
urrows.local udp port 5020 unreachable

  As you can see, the port forwarding works fine: the external computer's
packets are successfully being passed to port 5020 on my computer.
However, my computer is responding by saying that the port is unreachable,
which I take to mean that no program is listening on port 5020 (I have no
iptables rules on this machine, so that sure isn't it!).  Running "netstat"
during the test doesn't display anything with -Ainet, but with -Ainet6 I ge=
t:

tcp6       0      0 *:1720                  *:*
          LISTEN     13853/gnomemeeting =20
udp6       0      0 *:5021                  *:*
                     13853/gnomemeeting =20


  I don't think this is an ipv6 problem, though, because port 5021 seems
to be just fine:

13:25:09.575514 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:09.696921 IP 81.208.104.136.3478 > jester.burrows.local.5021: UDP, le=
ngth: 56
13:25:09.697448 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:14.695847 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:19.715796 IP jester.burrows.local.5021 > 81.208.104.136.3478: UDP, le=
ngth: 28
13:25:24.721852 IP jester.burrows.local.5021 > 81.208.104.139.3479: UDP, le=
ngth: 28
13:25:24.846795 IP 81.208.104.139.3479 > jester.burrows.local.5021: UDP, le=
ngth: 56

  It's only the ports not listed by netstat that show up failing.

  In short, it looks like gnomemeeting doesn't even listen on most of the
ports that it tests, causing the test to report that my firewall is
incorrectly configured when it isn't.

  Daniel

=2D- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1) (ignored: LC_=
ALL set to en_US)

Versions of packages gnomemeeting depends on:
ii  gconf2        2.8.1-4                    GNOME configuration database s=
yste
ii  libart-2.0-2  2.3.17-1                   Library of functions for 2D gr=
aphi
ii  libatk1.0-0   1.8.0-4                    The ATK accessibility toolkit
ii  libaudiofile0 0.2.6-5                    Open-source version of SGI's a=
udio
ii  libbonobo2-0  2.8.1-2                    Bonobo CORBA interfaces library
ii  libbonoboui2- 2.8.1-1                    The Bonobo UI library
ii  libc6         2.3.2.ds1-20               GNU C Library: Shared librarie=
s an
ii  libebook8     1.0.3-2                    Client library for evolution a=
ddre
ii  libedataserve 1.0.3-2                    Utily library for evolution da=
ta s
ii  libesd0       0.2.35-2                   Enlightened Sound Daemon - Sha=
red=20
ii  libgcc1       1:3.4.3-9                  GCC support library
ii  libgconf2-4   2.8.1-4                    GNOME configuration database s=
yste
ii  libglib2.0-0  2.6.2-1                    The GLib library of C routines
ii  libgnome2-0   2.8.1-2                    The GNOME 2 library - runtime =
file
ii  libgnomecanva 2.8.0-1                    A powerful object-oriented dis=
play
ii  libgnomeui-0  2.8.1-1                    The GNOME 2 libraries (User In=
terf
ii  libgnomevfs2- 2.8.4-1                    The GNOME virtual file-system =
libr
ii  libgtk2.0-0   2.6.2-3                    The GTK+ graphical user interf=
ace=20
ii  libhowl0      0.9.8-2                    Library for Zeroconf service d=
isco
ii  libice6       4.3.0.dfsg.1-12.0.1        Inter-Client Exchange library
ii  libldap2      2.1.30-3                   OpenLDAP libraries
ii  libopenh323-1 1.15.3-1                   H.323 aka VoIP library
ii  liborbit2     1:2.10.5-0.1               libraries for ORBit2 - a CORBA=
 ORB
ii  libpango1.0-0 1.8.0-3                    Layout and rendering of intern=
atio
ii  libpopt0      1.7-5                      lib for parsing cmdline parame=
ters
ii  libpt-1.8.3   1.8.4-1                    Portable Windows Library
ii  libpt-plugins 1.8.4-1                    Portable Windows Library Audio=
 Plu
ii  libpt-plugins 1.8.4-1                    Portable Windows Library Audio=
 Plu
ii  libpt-plugins 1.8.4-1                    Portable Windows Library Video=
 Plu
ii  libpt-plugins 1.8.4-1                    Portable Windows Library Video=
 Plu
ii  libsdl1.2debi 1.2.7+1.2.8cvs20041007-4.1 Simple DirectMedia Layer
ii  libsm6        4.3.0.dfsg.1-12.0.1        X Window System Session Manage=
ment
ii  libstdc++5    1:3.3.5-8                  The GNU Standard C++ Library v3
ii  libx11-6      4.3.0.dfsg.1-12.0.1        X Window System protocol clien=
t li
ii  libxml2       2.6.16-3                   GNOME XML library
ii  xlibs         4.3.0.dfsg.1-12            X Keyboard Extension (XKB) con=
figu
ii  zlib1g        1:1.2.2-4                  compression library - runtime

=2D- no debconf information

=2D-=20
/------------------- Daniel Burrows <dburrows@debian.org> -----------------=
=2D\
|                     A conclusion is the place                            =
 |
|                     where you got tired of thinking.                     =
 |
\------ Listener-supported public radio -- NPR -- http://www.npr.org ------=
=2D/

--nextPart1562107.jeqcesZVfH
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQBCIhGNch6xsM7kSXgRAiSaAJ9GE955Q4ReG+MC4yPXnxvyhw/LLwCgjdI8
D5E/dYvUC38vjlZfciq34dY=
=ZJpI
-----END PGP SIGNATURE-----

--nextPart1562107.jeqcesZVfH--

---------------------------------------
Received: (at 297178-done) by bugs.debian.org; 7 May 2005 21:54:25 +0000
>From dburrows@debian.org Sat May 07 14:54:25 2005
Return-path: <dburrows@debian.org>
Received: from f05s05.cac.psu.edu (f05n05.cac.psu.edu) [128.118.141.48] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DUXFh-0004UZ-00; Sat, 07 May 2005 14:54:25 -0700
Received: from jester.burrows.local ([141.151.236.206])
	(authenticated bits=0)
	by f05n05.cac.psu.edu (8.13.2/8.13.2) with ESMTP id j47LsMvL025772
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT)
	for <297178-done@bugs.debian.org>; Sat, 7 May 2005 17:54:23 -0400
From: Daniel Burrows <dburrows@debian.org>
To: 297178-done@bugs.debian.org
Subject: oops
Date: Sat, 7 May 2005 17:54:09 -0400
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart29359720.rrS8UfsKSg";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200505071754.18579.dburrows@debian.org>
Delivered-To: 297178-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

--nextPart29359720.rrS8UfsKSg
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

PEBCAK
=2D-=20
/------------------- Daniel Burrows <dburrows@debian.org> -----------------=
=2D\
|                 "You mean, you'll drop your rock and                     =
 |
|                  I'll drop my sword and we'll just try to                =
 |
|                  kill one another like civilized people?"                =
 |
|                   -- "The Princess Bride"                                =
 |
\--- Be like the kid in the movie!  Play chess! -- http://www.uschess.org -=
=2D/

--nextPart29359720.rrS8UfsKSg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQBCfTkKch6xsM7kSXgRAvSYAJ9k+IVQ8m1cc6dpsL01eyLRhX17lwCfes1n
a782Vf3gH+lC7xjdpQNfcG4=
=3t9X
-----END PGP SIGNATURE-----

--nextPart29359720.rrS8UfsKSg--