Hi folks, here's the dilemms; was using a voip service with xlite softphone very successfully before I switched to linux, now I can't use ANY voip service at all. Tried several phones, from ekiga to idefsk to twinkle and a linux version of xlite. All end up with the same problems, server times out and I can't make, or receive calls. Gave up after awhile using Mandriva 2001.1, and have just been trying again with Mandriva 2008.0. For 10 blessed minutes I was able to make calls to my mobile, then the timeout failed. At first (using twinke) I could restart my computer, open twinkle, be asked for a password and user settings to my account, then be able to make calls for another few minutes...before it dropped out an I was getting the 'server reques timeout' message. Then when I opened twinkle I was asked for nothing... Tried xlite again, looged in briefly, couldn't make any calls, then won't log in again. What gives? Tried disabling my firewall, opening ports tcp/udp: 5060, setting my security level to poor in the MCC, nothing will work. Even uninstalled twinkle, erased the .twinkle folder under my user home to get rid of any settings, then reinstalled. Still no luck. What am I doing wrong. I've no intention of going back to windows just for this...but it was so bloody easy...

Any and all help is appreciated.

~Mitchell

Can you repeat the situation when you can make a connection shortly after reboot? If so, reboot, open a terminal as root and run
iptables -L
to display complete firewall settings. Then wait until the problem occurs and run iptables -L again. Are the results different? If so, post them.

Hi Mara, thanks for your help, sorry it's taken me a couple days to reply.

I haven't been able to get it working again, even configuring Twinkle on another desktop from scratch. At least for about 30 seconds I seemed to be registered, until I tried to make a call. Then my registration dropped out, I couldn't make the call, and I got this message:

registration failed: 408 Request Timeout

Frustrating.

Here is the output from 'iptables -L'. First one is when it 'appeared' to be working, second is when it had stopped 'working'. Thanks.

[root@localhost mitchell]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Ifw 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject 0 -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain Ifw (1 references)
target prot opt source destination

Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW

Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2fw 0 -- anywhere anywhere

Chain eth0_out (1 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain logdrop (0 references)

----------------------
Second instance (not working)
----------------------
[root@localhost mitchell]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Ifw 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject 0 -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain Ifw (1 references)
target prot opt source destination

Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW

Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2fw 0 -- anywhere anywhere

Chain eth0_out (1 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdropROP:'
DROP 0 -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere

Chain net2all (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP 0 -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp dpt:5060
net2all 0 -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- 192.168.1.255 anywhere
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere


target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdropROP:'
DROP 0 -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere

Chain net2all (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP 0 -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp dpt:5060
net2all 0 -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere

It may be the firewall, but the configuration you provide is quite complex and it'd take some time to analyze it. In the mean-time, turn the firewall for a while in the following way:
first tun it off from the tool you do it normally
Then run the following commands:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F INPUT
iptables -F OUTPUT
Note that it removes the protection left completely. So test your voip application and restart firewall immediately after that.

Hi Mara, now it's even odder...we are winning, I think...

Before I could try your suggestions, I had to do a system restore through Mondo to an earlier point, which happened to be before I had installed Twinkle. For good measure I erased all Twinkle's configuration files in my home directory, and did a fresh install. Again, everything was working perfectly for the first 5 minutes, then it stopped. Tried the above commands, and I could accept incoming calls, but I couldn't make outgoing ones. Then I re-enabled the firewall again, and same result, I can recieve calls, but I can't make them. Keep getting error 408, registration timeout. So I'm not sure if it's the firewall or not. I'm using Shorewall, part of Mandriva 2008.0 free edition. When I look at the graphical interface for Shorewall, I'm asked what services I want to allow the internet to connect to. Nothing is checked. Have tried enabling the right ports, no effect. Oddly enough the settings for shorewall ask if I want to let this computer connect to a POP or IMAP server, which are not ticked. I'm able to connect to these servers fine however, so I've no idea what shorewall is actually doing...

Also, twice now on startup of Twinkle I've been asked to log into my account, both times I was able to make calls. Now I'm not being asked to log in anymore.

Below is the current output from "iptables -L"
Doesn't look any different to me, but now I can accept incoming calls, just can't make outgoing ones...

Thanks Mara.
--------------------------------------------------

[root@localhost curious]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Ifw 0 -- anywhere anywhere
eth0_in 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject 0 -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
eth0_out 0 -- anywhere anywhere
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:'
reject 0 -- anywhere anywhere

Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,microsoft-ds
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain Ifw (1 references)
target prot opt source destination

Chain Reject (4 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:auth
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,microsoft-ds
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,netbios-ssn,microsoft-ds
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain

Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (2 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW

Chain eth0_in (1 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere

Chain eth0_out (1 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdropROP:'
DROP 0 -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere

Chain net2all (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2allROP:'
DROP 0 -- anywhere anywhere

Chain reject (11 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 192.168.1.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- 192.168.1.255 anywhere
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfsROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere

Making outgoing requests is usually easier with firewall than accepting incomming ones. The problem may be indeed not because of the firewall. Do you have any network equipment like cable/DSL modem you connect your computer to?

Hi Mara, odd, thought I relied already...

I have a Prestige 2000 series Zyxel ADSL2+ Modem/router, and a data lan cable attached to it from the computer. Have never had any problem using it with MS Windows, and it seems to be working fine in Linux...but have never gotten Voip working properly under linux yet either. It is voip enabled, and I have a telephone plugged into it independently of the computer. Am able to make voip calls through it, unfortunately using only one service provider it is locked to, but would also like my computer able to receive and make voip calls. I use a usb headset for that.

Thanks Mara.

p.s. Just logged into my desktop, opened twinkle, and it's working! Was prompted for my username and password again from mobileinnovations.com, the server I'm using (basically). Can make calls, I'm guessing temporarily. Will post when it dies again. Message saying "Tue 11:45:26
CuriuosPhone, registration succeeded (expires = 3600 seconds)"

Arrrghhh! Not working again, same pattern as last time. Very odd that I can receive calls though, that's working fine...I'm wondering if I have some setting not configured correctly with the server... I was never able to receive calls using voip properly in windows, only make them. When I received them, the people couldn't hear me. Funny it's working the other way with Linux. (sigh) Thanks again Mara.

Here are all the messages in the 'display' area of Twinkle:
-------------------------------------------

Twinkle 1.1, 21 July 2007
Copyright (C) 2005-2007 Michel de Boer

Tue 11:45:26
CuriuosPhone, registration succeeded (expires = 3600 seconds)

Tue 11:45:38
Line 1: call released.

Tue 11:47:45
Line 1: incoming call for sip:0386828577@voice.mibroadband.com.au

Tue 11:47:51
Line 1: far end cancelled call.

Tue 11:49:00
Line 1: call failed.
408 Request Timeout