You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by kaffeesurrogat <ka...@posteo.de> on 2020/07/10 05:28:11 UTC
Firewall settings/Failed to set remote answer
Dear List,
I followed the thread "RE: InvalidStateError: Failed to set remote
answer sdp: Called in wrong state: kStable".
Alain DEVILLE talked about this problem he had with opening up ports
49152:65535/udp for incoming and outgoing traffic.
On Ubuntu 18.04 LTS I installed ufw to set up a firewall.
ufw status verbose gives:
22 ALLOW IN Anywhere
3478/tcp ALLOW IN Anywhere
3478/udp ALLOW IN Anywhere
5443/tcp ALLOW IN Anywhere
8888/tcp ALLOW IN Anywhere
49152:65535/udp ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
3478/tcp (v6) ALLOW IN Anywhere (v6)
3478/udp (v6) ALLOW IN Anywhere (v6)
5443/tcp (v6) ALLOW IN Anywhere (v6)
8888/tcp (v6) ALLOW IN Anywhere (v6)
49152:65535/udp (v6) ALLOW IN Anywhere (v6)
49152:65535/udp ALLOW OUT Anywhere
49152:65535/udp (v6) ALLOW OUT Anywhere (v6)
So I believe they are open.
Using telnet myserver 49152 gives a "trying myserver" until there is a
timeout.
Disabling ufw and telneting again says:
Trying myserver...
telnet: connect to address myserver: Connection refused
Thus the firewall rules make a difference.
Using sudo nmap -sU -p 49152 myserver
PORT STATE SERVICE
49152/udp closed unknown
even if I enabled ufw firewall
This contradicts the telnet result doesn't it ?
The "kStable ....." error still shows up from time to time ....
My questions:
1) How can I test for open ports49152:65535 and be sure about the result?
2) My Provider is Strato. Do I have to contact the provider to open up
the ports for incoming and outgoing udp packages ?
3) Are my firewall rules correct?
I did not manage to find instructions on installing the pure iptables
alternative on ubuntu 18.04. I've tried to implement the stuff from the
ALVARO-manual about SSL. This time using ufw.
Many thanks ....
kaffeesurrogat ....
Re: Firewall settings/Failed to set remote answer
Posted by Maxim Solodovnik <so...@gmail.com>.
AFAIK coturn listening on port 3478
then necessary port is allocated during negotiation (only if needed)
On Fri, 10 Jul 2020 at 19:08, kaffeesurrogat <ka...@posteo.de>
wrote:
> Dear List,
>
> i gathered more information:
>
> 1) I talked to my provider. They promised, that there is no other
> firewall between my VPS and the Internet.
>
> 2) Did some more port testing.
>
> On my server i issued (netcat):
>
> ls | nc -l -u -p 49152
>
> that means pipe ls output to nc listening in udp mode on 49152
>
> On my client side:
>
> sudo nmap -sU -p 49152 myserver
>
> The answer was:
>
> PORT STATE SERVICE
> 49152/udp open unknown
>
>
> Without the pipe through netcat nmap shows me a closed port for 49152
> ... (coturn) even though coturn is up and running ....
>
> Did i misconfigure my coturn or is coturn opening up the port only if
> needed ?
>
>
> Greeting,
>
> kaffeesurrogat
>
> On 10/07/2020 07:28, kaffeesurrogat wrote:
> > Dear List,
> >
> > I followed the thread "RE: InvalidStateError: Failed to set remote
> > answer sdp: Called in wrong state: kStable".
> > Alain DEVILLE talked about this problem he had with opening up ports
> > 49152:65535/udp for incoming and outgoing traffic.
> >
> > On Ubuntu 18.04 LTS I installed ufw to set up a firewall.
> >
> >
> > ufw status verbose gives:
> >
> >
> > 22 ALLOW IN Anywhere
> > 3478/tcp ALLOW IN Anywhere
> > 3478/udp ALLOW IN Anywhere
> > 5443/tcp ALLOW IN Anywhere
> > 8888/tcp ALLOW IN Anywhere
> > 49152:65535/udp ALLOW IN Anywhere
> > 22 (v6) ALLOW IN Anywhere (v6)
> > 3478/tcp (v6) ALLOW IN Anywhere (v6)
> > 3478/udp (v6) ALLOW IN Anywhere (v6)
> > 5443/tcp (v6) ALLOW IN Anywhere (v6)
> > 8888/tcp (v6) ALLOW IN Anywhere (v6)
> > 49152:65535/udp (v6) ALLOW IN Anywhere (v6)
> >
> > 49152:65535/udp ALLOW OUT Anywhere
> > 49152:65535/udp (v6) ALLOW OUT Anywhere (v6)
> >
> > So I believe they are open.
> >
> > Using telnet myserver 49152 gives a "trying myserver" until there is a
> > timeout.
> >
> > Disabling ufw and telneting again says:
> >
> >
> > Trying myserver...
> > telnet: connect to address myserver: Connection refused
> >
> >
> > Thus the firewall rules make a difference.
> >
> > Using sudo nmap -sU -p 49152 myserver
> >
> >
> > PORT STATE SERVICE
> > 49152/udp closed unknown
> >
> >
> > even if I enabled ufw firewall
> >
> > This contradicts the telnet result doesn't it ?
> >
> >
> > The "kStable ....." error still shows up from time to time ....
> >
> >
> > My questions:
> >
> >
> > 1) How can I test for open ports49152:65535 and be sure about the result?
> > 2) My Provider is Strato. Do I have to contact the provider to open up
> > the ports for incoming and outgoing udp packages ?
> > 3) Are my firewall rules correct?
> > I did not manage to find instructions on installing the pure iptables
> > alternative on ubuntu 18.04. I've tried to implement the stuff from the
> > ALVARO-manual about SSL. This time using ufw.
> >
> > Many thanks ....
> >
> > kaffeesurrogat ....
> >
> >
> >
>
>
--
Best regards,
Maxim
Re: Firewall settings/Failed to set remote answer
Posted by kaffeesurrogat <ka...@posteo.de>.
Dear List,
i gathered more information:
1) I talked to my provider. They promised, that there is no other
firewall between my VPS and the Internet.
2) Did some more port testing.
On my server i issued (netcat):
ls | nc -l -u -p 49152
that means pipe ls output to nc listening in udp mode on 49152
On my client side:
sudo nmap -sU -p 49152 myserver
The answer was:
PORT STATE SERVICE
49152/udp open unknown
Without the pipe through netcat nmap shows me a closed port for 49152
... (coturn) even though coturn is up and running ....
Did i misconfigure my coturn or is coturn opening up the port only if
needed ?
Greeting,
kaffeesurrogat
On 10/07/2020 07:28, kaffeesurrogat wrote:
> Dear List,
>
> I followed the thread "RE: InvalidStateError: Failed to set remote
> answer sdp: Called in wrong state: kStable".
> Alain DEVILLE talked about this problem he had with opening up ports
> 49152:65535/udp for incoming and outgoing traffic.
>
> On Ubuntu 18.04 LTS I installed ufw to set up a firewall.
>
>
> ufw status verbose gives:
>
>
> 22 ALLOW IN Anywhere
> 3478/tcp ALLOW IN Anywhere
> 3478/udp ALLOW IN Anywhere
> 5443/tcp ALLOW IN Anywhere
> 8888/tcp ALLOW IN Anywhere
> 49152:65535/udp ALLOW IN Anywhere
> 22 (v6) ALLOW IN Anywhere (v6)
> 3478/tcp (v6) ALLOW IN Anywhere (v6)
> 3478/udp (v6) ALLOW IN Anywhere (v6)
> 5443/tcp (v6) ALLOW IN Anywhere (v6)
> 8888/tcp (v6) ALLOW IN Anywhere (v6)
> 49152:65535/udp (v6) ALLOW IN Anywhere (v6)
>
> 49152:65535/udp ALLOW OUT Anywhere
> 49152:65535/udp (v6) ALLOW OUT Anywhere (v6)
>
> So I believe they are open.
>
> Using telnet myserver 49152 gives a "trying myserver" until there is a
> timeout.
>
> Disabling ufw and telneting again says:
>
>
> Trying myserver...
> telnet: connect to address myserver: Connection refused
>
>
> Thus the firewall rules make a difference.
>
> Using sudo nmap -sU -p 49152 myserver
>
>
> PORT STATE SERVICE
> 49152/udp closed unknown
>
>
> even if I enabled ufw firewall
>
> This contradicts the telnet result doesn't it ?
>
>
> The "kStable ....." error still shows up from time to time ....
>
>
> My questions:
>
>
> 1) How can I test for open ports49152:65535 and be sure about the result?
> 2) My Provider is Strato. Do I have to contact the provider to open up
> the ports for incoming and outgoing udp packages ?
> 3) Are my firewall rules correct?
> I did not manage to find instructions on installing the pure iptables
> alternative on ubuntu 18.04. I've tried to implement the stuff from the
> ALVARO-manual about SSL. This time using ufw.
>
> Many thanks ....
>
> kaffeesurrogat ....
>
>
>