La fonctionnalité de l'ouverture de ports dynamiques se nomme
UPnP (l'Universal Plug & Play), aka AMEF (Another Microsoft Evil Feature).
J'ai eu la surprise de voir que pas mal de periphériques réseau "modernes" (genre les routeurs ADSL
Netgear) le supportaient par défaut (comme quoi, quand des gens dans l'Etat de Washington
imaginent quelque chose, ça finit toujours par se retrouver un peu partout).
Par contre, à ma connaissance, il n'y a que les client propriétaires
d'IM et de visio-conférence de Microsoft à utiliser cette feature. Vous en connaissez d'autres ?
Ce n'est pas étonnant que l'on y arrive pas, je vais chercher certainement un autre logiciel de visioconférence gaim-w ekiga que je n'arrive pas à compiler pour l'instant.
Bonne soirée
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- dns-adsl-gpe2-b.wanadoo.fr anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns-adsl-gpe2-b.wanadoo.fr anywhere
ACCEPT tcp -- dns-adsl-gpe2-a.wanadoo.fr anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns-adsl-gpe2-a.wanadoo.fr anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere gilles01
INBOUND all -- anywhere ALille-152-1-36-180.w83-198.abo.wanadoo.fr
INBOUND all -- anywhere 10.255.255.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere localnet/8 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere localnet/8 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-b.wanadoo.fr tcp dpt:domain
ACCEPT udp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-b.wanadoo.fr udp dpt:domain
ACCEPT tcp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-a.wanadoo.fr tcp dpt:domain
ACCEPT udp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-a.wanadoo.fr udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
merci
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- dns-adsl-gpe2-b.wanadoo.fr anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns-adsl-gpe2-b.wanadoo.fr anywhere
ACCEPT tcp -- dns-adsl-gpe2-a.wanadoo.fr anywhere tcp flags:!SYN,RST,ACK/SYN
ACCEPT udp -- dns-adsl-gpe2-a.wanadoo.fr anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere gilles01
INBOUND all -- anywhere ALille-152-1-36-180.w83-198.abo.wanadoo.fr
INBOUND all -- anywhere 10.255.255.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere localnet/8 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere localnet/8 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-b.wanadoo.fr tcp dpt:domain
ACCEPT udp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-b.wanadoo.fr udp dpt:domain
ACCEPT tcp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-a.wanadoo.fr tcp dpt:domain
ACCEPT udp -- ALille-152-1-36-180.w83-198.abo.wanadoo.fr dns-adsl-gpe2-a.wanadoo.fr udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Merci pour ton aide.
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
extrait de la FAQ de amsm
Si vous utilisez un parefeu, vous devez être sûr d'allouer les connexions entrantes pour le port 6891(et les suivants si vous voulez effectuer plusieurs transferts en même temps).
Si vous appartenez à un réseau privé avec des adresses tel que 192.168.0.x alors il est plus compliqué de faire fonctionner le transfert des fichiers. Vous devez envoyer la vraie adresse internet (que vous pouvez entrer manuellement ou demander à aMSN de la deviner à partir d'une page web) au lieu de votre adresse au sein du réseau et indiquer à la passerelle (l'ordinateur qui possède la connexion directe à l'internet) de transmettre les connexions entrantes sur le port 6891 à votre ordinateur au sein du réseau privé.
(J'ai trouvé Ekiga, je vais certainement l'essayé.)
Si vous avez une solution pour amsm, je vais encore lire de la doc cela finira bien par passer.
Bonne soirée.
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 6890:6900 -m state --state ! INVALID -j DNAT --to-destination 10.201.57.226
iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 6890:6900 -m state --state ! INVALID -j DNAT --to-destination 10.201.57.226
en partant du principe que l'interface de ta connexion adsl est ppp0 (ifconfig pour savoir laquelle c'est)
Par contre, si tu as des règles blindées au niveau du forward (la chaine FORWARD), faut aussi accepter le forward entre ton interface ppp0ð0 pour ces ports là.
iptables -t nat -L
permet de visualiser les chaînes PREROUTING (en autre)
iptables -t -nat -F
Pour flusher TOUTES règles contenues dans les chaînes PREROUTING&POSTROUTING
attention, tu dois avoir le masquerade dans le POSTROUTING, si tu l'enlèves, t'auras plus de partages de connexion...
Armen libéré depuis ce midi...
]>A mon avis il faut que tu fasses une redirection de ports depuis ton routeur vers la machine sur laquelle tu utilises amsn. Maintenant je sais faire sur mon routeur Linksys ou sur la Freebox, mais sous linux je sais pas ... :oops:
Peut être qu'un charmant Andesien pourra t'expliquer ??
Usti
]>Ma configuration
gilles01 10.201.57.221 c'est le serveur mais aussi le routeur j'accéde à internet par celui-ci via un sagem usb. Linux
gilles06 10.201.57.226 c'est le client avec amsn (je surf normalement et je chat avec amsn) Linux
J'ai la dernière version amsn 0.95-3
je n'arrive pas à ouvrir les ports avec firestarter amsn protocole inconnu comment faire autrement.
Merci
You are firewalled or behind a router
If you are unable to view a webcam in aMSN after a contact has send you an invite, or after you have issued the command to receive/send webcam, and you are behind a router, you may need to follow these steps:
If you receive: IP-Restrict-NAT and you receive false in webcam wizard, that means your connection is firewalled. (does not send the IP)
If this is the case, you will need to open some ports for the webcam to use because they are currently blocked.
To do this, open your router web-based configuration (check router manual for details on this). Once you have the web-based configuration open, browse for a setting called "port forwarding" or "port range forwarding" or something similar to that. (This might be found under the advanced features for your router).
Now that you have the port forwarding page open, you will want to set the port forwarding range so that aMSN will be able to accept and send the webcam stream.
Here's an example of how you will set up your port forwarding:
Application: aMSN
Start: 6890
End: 6900
Protocol: Both(TCP & UDP)
IP: xxx.xxx.x.xxx
Enabled: X (Yes/True)
Note: xxx.xxx.x.xxx is the IP of your machine that you are trying to send / receive webcam
If you have a web server open on your port 80, you can try to disable it too, sometimes it helps.
General port instructions for Apple Airport Base Station or Airport Express (of course, use ports 6891 to 6900 in the configurations)
]>