[OLUG] IPChains and MS-NetMeeting

puzzled puzzled at home.com
Thu May 11 01:18:22 UTC 2000 

   When you have a problem like this it would be helpful to get a sniffer trace of what is going on.



   There is a shared library called libpcap (lib packet capture). This library has functions which
can be used by tcpdump, ethereal, and other programs to capture and display traffic.


   My first step to troubleshoot something like this would be to open two ssh sessions to the
firewall and issue the following commands

session #1
tcpdump -i eth0 host <internal host trying to use netmeeting box>

session #2
tcpdump -i eth1 host <netmeeting host


   Note that you can't run the netmeeting session from the same box you ssh'd in from or you'll get
an endless stream of capture showing your ssh session displaying things to tcpdump.


   The kernel modules for ipchains that handle things like cu-seeme are generally not to hard to
understand. In the case of cu-seeme I believe that in addition to the source and dest addresses in
the actual IP header there is another instance where the *exact* IP of the client machine is
embedded in the data packet. The cu-seeme module handles getting that IP address correct as well as
the tcp/ip header rewriting.

   I haven't read up on netmeeting (because m$ stuff sucks) but I would suspect its got one of those
things where it opens some port N outbound and then the server responds by opening port N+1 on the
client machine. When you have a NAT box between you and the outside world the netmeeting box tries
to open port N+1 on the firewall and gets rejected.

  There is a program called ipmasqadm that is a companion to ipchains which handles port fowarding
(tcp tunnels) and auto forwarding. Auto forwarding is likely the thing you need to fix the
netmeeting problem ... and you find out exactly *which* ports are involved by using tcpdump to
examine the traffic.


   If all this seems a bit mystical the best route to understanding it is to pick up a copy of W
Richard Stevens TCP/IP Illustrated, Volume 1. This book explains all of the operations of TCP/IP in
very good detail and it has lots of examples of using tcpdump to debug things.


   If there is enough interest I would be willing to take people aside at the next meeting and do a
30 minute primer on the joys of packet capture.



kaygee wrote:

> Matt,
> I know that things like cu-seeme and vdolive require kernel modules to be
> loaded on the firewall (NAT box).  My assumption would be that Netmeeting
> requires something similar because it's the same type of program and I'm
> sure it uses a proprietary MSoft protocol, but as far as I know there is
> not a module for Netmeeting.  Don't take my word as gospel, but that's my
> guess as to why it doesn't work when you just open the right ports.
> Anybody care to elaborate?
>
> Keith
> ----------
> There's ease of use and then there's ease of usefulness.
> Choose usefulness. Choose Linux.
>
> On Mon, 8 May 2000, Matt Payne wrote:
>
> >
> >
> > I'm using a RedHat 6.0 and PmFirewall (http://pointman.org/PMFirewall/)
> > for IPChaining/masquerading for the house LAN.
> >
> > Things work great, except it's not clear how to enable things like
> > MS NetMeeting on the NT/98 boxes.
> >
> > Is anyone running a similar configuration?  Would you please point me in
> > the right configuration direction?
> >
> > I tried adding these two lines to /usr/local/pmfirewall.rules.2
> > $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1720 -j ACCEPT
> > $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 1731 -j ACCEPT
> > But this didn't do the trick.
> >
> > Thanks! -Matt
> >
> >
> > -------------------------------------------------------------------------
> > Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/
> > To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`
> >
>
> -------------------------------------------------------------------------
> Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/
> To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`


-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net`

More information about the OLUG mailing list