LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-08-2004, 06:11 AM   #1
gubak
Member
 
Registered: Jul 2004
Posts: 324

Rep: Reputation: 30
Squid config for voice chat


I use RedHat9, squid.
I want to use voice chat, but it seems unable because the squid.
How can I configure squid to be able to use voice chat?
Thank you!

Last edited by gubak; 10-16-2006 at 05:58 AM.
 
Old 12-14-2004, 12:56 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
you mean like with MSN and stuff?? your regular iptables (netfilter) should take care of the voice and video on MSN, without having to touch squid...
 
Old 12-14-2004, 06:58 AM   #3
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
You mean I have to change iptable on linux machine?

Last edited by gubak; 10-16-2006 at 05:59 AM.
 
Old 12-14-2004, 05:56 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally posted by gubak
You mean I have to change iptable on linux machine?
yeah, if you're not getting audio/video on the lan, then you need to make sure iptables is properly set-up on the linux gateway...
 
Old 12-15-2004, 02:59 AM   #5
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
Here is my iptables config file. Can you tell me how to change it to allow voice chat (msn messanger)?

Thank you!


-----------------------------------------------------------------------------------

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

Last edited by gubak; 10-16-2006 at 06:01 AM.
 
Old 12-15-2004, 11:18 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
your current script seems to have policies of ACCEPT on all the chains, i'm not sure why you're doing that...

anyways, you don't really need anything special in your iptables to have msn voice working... a simple script like this example should work fine:

Code:
#!/bin/sh

IPT="/sbin/iptables"
EXT="eth0"
INT="eth1"

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward

$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT

$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# This rule allows the LAN side to connect to a Squid daemon on the gateway:
$IPT -A INPUT -p TCP -i $INT --dport 3128 --m state --state NEW -j ACCEPT

$IPT -A INPUT -j LOG --log-prefix "INPUT DROP: "

$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INT -o $EXT -m state --state NEW -j ACCEPT

$IPT -A FORWARD -j LOG --log-prefix "FORWARD DROP: "

$IPT -t nat -A POSTROUTING -o $EXT -j MASQUERADE

Last edited by win32sux; 12-16-2004 at 06:50 AM.
 
Old 12-16-2004, 01:14 AM   #7
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
I've tried it but I'm not sure I've all did correctly.
I have simply changed my iptables text file (/etc/sysconfig/iptables) to yours. I have put the ip address of one of my network machine to this file and finally I have restarted the iptables (service iptables restart), but I have got error message like this:

Flushing all current rules and user defined chains: [OK]
Clearing all current rules and user defined chains: [OK]
Applying iptables firewall rules: Bad argument 'PT="/usr/sbin/iptables'
[FAILED]


I have no file which name is iptables in the /usr/sbin/

Can you help me?

Last edited by gubak; 10-16-2006 at 06:01 AM.
 
Old 12-16-2004, 01:42 AM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i don't think you should try to add it to your startup files until you are sure it works...

it's best if you just save the script to a text file, make it executable, and then run it to see how things go first...

oh, and yes: you need to adjust the script to reflect your iptables locaton... i think on red hat systems it's /sbin/iptables but you can make sure by doing a:

Code:
whereis iptables
you also need to make sure eth0 is your external interface, and if it's not, then adjust the EXT and INT variables in the script...

PS: i've just updated the script, i had missed some stuff...


Last edited by win32sux; 12-16-2004 at 06:40 AM.
 
Old 12-16-2004, 03:22 AM   #9
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
I have made the changes you told me. Now I have to double click on the script, haven't I?

Last edited by gubak; 10-16-2006 at 06:02 AM.
 
Old 12-16-2004, 05:08 AM   #10
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
I have run the script but the problem is still exist.
What to do now?

Last edited by gubak; 10-16-2006 at 06:02 AM.
 
Old 12-16-2004, 06:38 AM   #11
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
to execute the script just go to a console or a terminal window, cd to the directory the script is in, become root and do a:

Code:
./whatever-script.sh
the script in this example is named "whatever-script.sh" but it can be called whatever you saved it as...

the "./" executes the script... you could also execute it like so:

Code:
sh whatever-script.sh
you need to be root to run a firewall script...

also, it would help me help you if you would give me a bigger picture about your setup... you have a windows network with a linux gateway, right?? what configuration have you given the machines on the lan?? does the other stuff work (ping, web browsing, email, etc...) fine on the lan?? what kinda connection is it (cable modem, dsl, etc.)?? is squid working fine for web browsing?? are you using squid in transparent mode, or do you specify the proxy address on the client machines?? any other info you can post would be helpful...

i'm quite concerned about the double-clicking thing, though... cuz either you:

A - are doing it as a normal user, in which case it would have NO EFFECT or...

B - you are doing it as root, in which case you are possibly logged-into X as root which is a VERY BAD idea...

i hope it's A...

=)

Last edited by win32sux; 12-16-2004 at 09:40 AM.
 
Old 12-17-2004, 02:30 AM   #12
gubak
Member
 
Registered: Jul 2004
Posts: 324

Original Poster
Rep: Reputation: 30
I have run the script with the command sh scriptname.sh, but after that my server became invisible for the rest of the network computer. I had to restart server. Now everything works like before, but the voice chat is still doesn't work.

This is my system:

As you said, I have a windows (win98 and winxp) network with a linux gateway. In the lan the windows machines have a simple windows installation, workgroup network, static internal ip, UTP cable for the internat network. I have wireless internet, public ip address . Ping work only in internal networ (I can't ping any host in the internet), because there is a router between me and my provider and the ping function is disabled. There is a mail server, a web server, an ftp server, proxy (squid). Everything works fine. There is no firewall. I specify the proxy address on the client machines (the proxy doesn't work in transparent mode).

I have tryed to connect internet directly on one of the windows machines (Draw the internet cable out of the linux eth0 and put it in the windows machine), in that case the voice chat has worked fine.

Last edited by gubak; 10-16-2006 at 06:02 AM.
 
Old 12-17-2004, 10:10 AM   #13
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
is your squid listening on port 3128??

if it's not then you have to edit the script...

make sure that the machines on the lan have the ip address of your linux box's eth1 set as their gateway (for the NAT)... also make sure the DNS server addresses on the lan machine are correct...

you should probably focus on getting the NAT working properly and then setting-up squid should be a snap...

i can't figure-out why the firewall script above isn't working, maybe there's a bug in it, i'll look at it again... meanwhile, take a look at your logfile when you attempt to access the internet from the lan while the script is active... the script is set to log all dropped input and forward packets so you'll be able to see if something is getting dropped that shouldn't...

a test:

after running the script, attempt to connect from a machine on the lan to a web server on the linux box by putting the ip address of the internal interface (eth1) in the browser... remember to remove the proxy server from the browser's configuration as you wanna go direct... then you should see the port 80/tcp packets getting dropped in the linux box's log file right-away... if you see those, then you know the input chain is okay...

to monitor the syslog in "real-time" use something like:

Code:
tail -f /var/log/syslog

Last edited by win32sux; 12-17-2004 at 10:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is there a prog like gaim that has voice chat, chat to groups, and webcam support? kublador Linux - Software 3 07-08-2008 07:53 AM
enable voice chat, web cam in MSN & Yahoo Messenger in a squid Configuration shajal_linux Linux - Networking 8 07-14-2006 09:51 PM
voice chat or text chat rezapci General 2 06-07-2006 01:42 AM
I want to use voice chat gubak Linux - Security 1 02-16-2006 12:30 PM
Voice chat in Q2 m0rl0ck Linux - Software 0 10-10-2004 08:15 PM


All times are GMT -5. The time now is 05:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration