[AG-TECH] Possible firewall / NAT issue

Jason Bell j.bell at cqu.edu.au
Thu Sep 25 01:26:40 CDT 2008 

Hi guys

I have been helping a site attempt to get their Access Grid up and
running, in which I have stumbled across a couple of issues that I hope
someone could possibly assist with.

Firstly, let me state that I suspect the issue is related to either the
firewall and/or being behind a NAT network.

System information for AG Node

*	Single AG node running Windows XP
*	Windows firewall turned off
*	AG 3.2
*	Unicast only
*	Connected to a NAT network

Initially the problem was that the site couldn't see any other sites
connected in various venues.  Anyway, after some testing, we found that
if the site was transmitting audio, it would then be able to receive
audio.  (This was in the APAG lobby).

We also found that if the site was running a consumer process only, the
site would not receive any video in "vic".  After plugging in a USB
webcam, and running both a video consumer and video producer, everyone
else's video would then appear, but only in the producer service only
(therefore had to un-mute the streams).

Another interesting thing that occurred is that when using a video
service only, no incoming video could be received (whether transmitting
or not).  Therefore we had to run the other 2 services to receive video
from other sites.

Also, if we moved to a different Virtual Venue, audio would stop
receiving...  The participants would be listed, but incoming would
always be 0.0 b/s.  Transmission was fine!

Note, that we tried various unicast bridges and the same issues would
occur!

Now the site is behind a corporate firewall running IPTables, with ports
50000-52000 open for both udp and tcp for input.

Given that it works perfectly in the APAG lobby, one would assume that
the firewall is "sorta" configured correctly, otherwise it wouldn't work
at all.  I initially though it might be a "Stateful" firewall issue, but
now I am beginning to think the issue is more likely a Nat issue.

Therefore, my question is, has anyone else seen similar issues and what
did you have to do to resolve the problem?

*	Did you have to do some special type of packet forwarding?

Unfortunately, the site I am assisting is nearly 2000 klm's away, but if
you have any advice, I would greatly appreciate it.

Thanks very much for your time,
Jason.

--------------------------------------------
Jason Bell, B.I.T. (Honours)

Research Systems Support Officer
Information Technology Division 
CQ University Australia

Australian Research Collaboration Service
http://www.arcs.org.au/

E-mail : j.bell at cqu.edu.au
         jason.bell at arcs.org.au
Work   : +61 7 4930 9229
Mobile : 0409 630897
Postal : Building 19
         Central Queensland University
         Bruce Highway
         Rockhampton, Queensland, Australia, 4702
--------------------------------------------
Patience is a virtue.

But if I wanted Patience,
I would have become a Doctor.
--------------------------------------------

More information about the ag-tech mailing list