Netmeeting + Firewall = Hell

Factual Questions
1

So, as a gag gift, I got my best friend a cheapie little webcam as a birthday gift. I got one for me too. We’ve been making jokes about video-phones for at least two decades and I thought it would be fun.

Little did I know…

We’re both behind Linksys routers which have firewalls built in.

We both tried to use Microsoft Netmeeting.

Neither could connect with the other.

  1. I know about port forwarding. Netmeeting requires you to forward ten billion ports…which kinda defeats the whole damn purpose of the firewall, right?

  1. I know about the DMZ feature in the Linksys. A) It also defeats the whole purpose of having a firewall, B) since we’re both using a Linksys, there are apparently issues anyway. C) Anyway, we activated the DMZ feature and it didn’t work in any case.

  2. I tried Yahoo Messenger, and it locked my system up something fierce.

  3. So, any ideas (OTHER than “Ditch the firewall” or “Windoze sux d00d” :wink: ) ? Or alternate programs that do the same thing as Netmeeting, but don’t want to use every port in existance?

Fenris

2

Fenris, I understand the frustration, been through it myself.

First, I would recommend that for testing, you move one of machines out from behind the Linksys, so that one computer is directly on the Internet, and leave the other behind the firewall.

I’m not sure where you got that list of ports for port forwarding.

You’ve got 1503, but you shouldn’t need the others (443 is SSL, for Hotmail login? I have no clue).

What you will need to configure, in addition to 1503 (all TCP), are:

389
522
1024
1720
1731

You’ll also need to free up dynamic UDP ports 1024-65535, although this may not need to be congfigured (this relates to audio only, so if you end up with video and no audio, look here).

Now, once you have the one Linksys configured, have that computer initiate the call to the directly connected PC. You should get video, at least. If that works, then begin troubleshooting any remaining issues, then move the other PC behind the second Linksys, configured the same way.

Make sure both Linksys are running at least firmware version 1.39 or above.

3

why, hi there Fenris!

I haven’t read any of your parodies as of late. Am I missing them or have you stopped writing them?

But I’m disgressing. As it turns out, I am the miserable owner of a linksys router (a networkeverywhere very similar in functionality to the more known BEFR041). And just in case you were wondering, Linksys routers suck. Mine is the most problematic piece of hardware I have purchased since the audio excel 16 I had on my Pentium 100 eight years ago.

I have basically been battling that damn router since I bought it. And sadly enough, I have become an expert on the topic from all the tinkering I did with it. Hell, I even uncovered a really weird bug. Basically, everytime I download a file that contains a certain hexadecimal value that corresponds to my IP, the router will convert that value to another on the fly thus corrupting the file. Of course, this is a rare occurrence (you’ll get it every 20 Gb downloaded or so) so nobody actually knows about it. But I’m disgressing again…

The DMZ function of the router performs fairly well most of the time, but it is faulty. When dealing with direct connections with people that are also behind routers, the incidence of problems increases dramatically. I assume you already deduced that. the UPNP forwarding is also not 100% compatible with windows which creates even more problems.

Ok, now that I have convinced you that you made a very bad purchase and that you shall suffer for all eternity for it, I’ll tell you the cause of your problem. your computer has an internal IP which is 192.168.1.xxx that can only be reached by computers (your router is a stripped down computer) in your Local Area Network (LAN). Your router ,on the other hand, has two IPs: one internal which is 192.168.1.1 and one external that is reachable by the outside world. When you initiate a netmeeting session, your computer sends data to your friends computer and that data includes the IP that your friend’s computer should answer to. Now your computer is stupid and sends 192.168.1.xxx and the router is supposed to do it’s job and convert that to your external IP adress before sending it to your friend. But it’s a linksys router so it’s probably playing strip poker with a couple netgear routers in Japan and not paying attention to the packets it’s forwarding. And that is why you cannot have the crystal clear audio and smooth high resolution fullscreen video videoconference with your friend.

Now that I have bored you, flattered myself and patronized you, I’m actually going to suggest some solutions (hear! hear!):

1- You can try forwarding the ports you mentionned earlier on the linksys configuration menu. Be sure to try that in all port forwarding, port range forwarding AND port triggering. have fun trying all the possible combinations and harassing your friends to do the same.

2- This is stupid but try alternating the active caller. You probably tried that already.

3- Alternate videoconference programs:
-microsoft messenger’s embedded videoconference
-Dwyco
-ICUII
-CuSeeMe (you have to find an old free version. They want you to suscribe to use the latest one)

If none of these pleases you, you can find more choices HERE

If I can be of any further assistance, do not hesitate to email or instant message me at gozu@hotmail.com . It would by an honor to help the great Fenris. (feeling the pressure yet?)

PS: you STILL haven’t answered my two emails :stuck_out_tongue:

4

Sorry to hear Yahoo messenger didn’t work for you. It’s the only video-phone system I have found that routinely works in such situations for me.

5
  1. AZCowboy: That list looks somewhat better than my own, but what’s with dynamic UDP ports 1024-65535? I’m way out of my depth here: is this an invitation to the entire internet to say “Hey! Let’s raid his computer!”? (I know…sort of…what TCP is. I have no idea what UDP is. Or UPNP.)

I also have a horrible suspicion that the whole damn problem is that we’re both behind firewalls and a linksys refuses to talk to another linksys. I’m gonna unhook mine on sunday and see if we can connect that way. I tried ICU II and someone connected with me. For spam purposes, mind you, but still: a connection…yet I still can’t connect with my friend over it.

  1. Gozu Thanks for all the info! I hadn’t tried using anything in UPnP forwarding…I’m not even sure what it is. (As you know, Linksys’s manuals suk)

  2. Ftg: I know. I’ve heard good things about Yahoo messenger. But it keeps locking up. < sigh >

6

UPnP is Universal Plug and Play. Basically it allows computers to automatically recognize the router. AFAIK, only Windows XP supports this by default. It’s not really a big deal.

UDP is TCP’s connectionless (as opposed to connection-oriented) cousin. That just means that TCP does error checking while UDP does not. UDP has less overhead than TCP and the lack of error correction makes it an appropriate protocol for applications such as streaming video in which small errors aren’t really important.

As for your specific problem, sorry I can’t be of assistance. I’ve spent many hours messing with several different models of Linksys routers for several different reasons, but I’ve never had to deal with videoconferencing.

I guess you get what you pay for. I managed to convince my boss to pony up the $750 for a Sonicwall SOHO3 and I couldn’t be happier. Everything always works right the first time with that sucker.

7

The solution that has worked for me (I use a Linksys router also):

  1. Have ZoneAlarm running.
  2. Put comp into the DMZ of the router.
  3. Run NetMeeting, tell ZA that NetMeeting can have access.
  4. Use the IP that the Linksys router has obtained from your ISP (not the 192.168.X.X ones!) for connection purposes.
  5. When done, take comp out of DMZ, and shut down ZA if you want.

That way, you still have ZA fielding all the stuff that is now being passed along by the router, but you aren’t wide open to everybody passing by.

Hopefully this will work for you…

<< BATCH: A group, kinda like a herd.
>>

8

Fenris, hopefully, you will have found a way around your problem by now. If not, I reiterate my previous offer. These things are really best dealt with in real time. Good luck anyways.