Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Ports And Nat

2007-04-30
2013-05-01
  • scott plonsky
    scott plonsky
    2007-04-30

    I currently have Dim Dim  1.6.0_Alpha installed on a win 2003 server that is NAT behind a Public address. I can create a new conference on the external network (WAN) and share documents and do voice and video. I can also connect to the server VIA a VPN connection and start a conference and share correctly. If I start a conference on the internal network (LAN) then I can not share or do video,voice,etc. I can if the external person starts the conference first. So basically LAN to LAN =Nothing..... WAN to LAN=works

    I do have the server running at ports: 65.xxx.xxx.xx edit for post !
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 1723
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 47
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq www
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq ftp
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq ftp-data
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 1023
    access-list 103 permit udp any host 65.xxx.xxx.xx eq 1935
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 1935
    access-list 103 permit udp any host 65.xxx.xxx.xx eq 8005
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 8005
    access-list 103 permit udp any host 65.xxx.xxx.xx eq 8009
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 8009
    access-list 103 permit udp any host 65.xxx.xxx.xx eq 8433
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 8433
    access-list 103 permit udp any host 65.xxx.xxx.xx eq 8443
    access-list 103 permit tcp any host 65.xxx.xxx.xx eq 8443

    I show hits on the my access list as follows:

        110 permit tcp any host 65.xxx.xxx.xxx eq 1723 (24120 matches)
        120 permit tcp any host 65.xxx.xxx.xxx eq 47
        130 permit tcp any host 65.xxx.xxx.xxx eq www (114182 matches)
        140 permit tcp any host 65.xxx.xxx.xxx eq ftp (30 matches)
        150 permit tcp any host 65.xxx.xxx.xxx  eq ftp-data
        160 permit tcp any host 65.xxx.xxx.xxx eq 1023
        170 permit udp any host 65.xxx.xxx.xxx eq 1935
        180 permit tcp any host 65.xxx.xxx.xxx eq 1935 (21749 matches)
        190 permit udp any host 65.xxx.xxx.xxx eq 8005
        200 permit tcp any host 65.xxx.xxx.xxx eq 8005
        210 permit udp any host 65.xxx.xxx.xxx eq 8009
        220 permit tcp any host 65.xxx.xxx.xxx eq 8009
        230 permit udp any host 65.xxx.xxx.xxx eq 8433
        240 permit tcp any host 65.xxx.xxx.xxx eq 8433
        250 permit udp any host 65.xxx.xxx.xxx eq 8443
        260 permit tcp any host 65.xxx.xxx.xxx eq 8443

    I can connect to the server from the LAN side and create a conference but just not share any documents or desktop,voice,video..

    My question is what am I missing for ports or what exactly is the server looking for when a client internal is trying to share?

     
    • scott plonsky
      scott plonsky
      2007-04-30

      I did leave out a important fact about the server. The server has two NIC's. For this  post. I will name one NIC abc.local and the second as xyz.local as their hostname
      abc.local is NAT to PUBLIC ADDRESS  xyz.local is internal --- vpn

      both abc.local and xyz.local is seen on the LAN as seperate names.

      The problem that I seen is internal when I start a conference it goes to the correct NIC=abc.local but however when I start a shared document it goes to the wrong NIC=xyz.local

      I seen this via a cmd prompt and show netstat

      My question is how to bind the correct NIC to the internal resouce?

      PORT 80=abc.local
      PORT 1935=xyz.local----wrong !!!!!!!!!!!!!!!!

       
      • dimdim_uday
        dimdim_uday
        2007-04-30

        Hi splonsky,
        In your server.xml file, you need to have the abc.local IP Address in the connector information.
        Can you please try this out?
        It might be easier to do walk through this configuration in a chat or call, please let me know if it is possible for us to have a talk sometime?
        Please email me uday(@)dimdim.com

        Regards,
        Uday

         
    • scott plonsky
      scott plonsky
      2007-05-03

      I finally had to full expose the server to a true WAN IP address. This was the only way that I could get a conference started internally(LAN) and have external(WAN) conferences working correctly. I was able to get it to work on the LAN but then anyone connected outside to the server wasn't able to view the camera or see any shared documents and vice-versa. NO NAT !