Date: Wed, 29 Sep 2004 13:45:40 +0100 From: Jim Hatfield <subscriber@insignia.com> To: freebsd-questions@freebsd.org Subject: ipnat and "udp consistent translation" (Skype related) Message-ID: <30bll0dfbc3nhd9h7enu0vhil6odofkb16@4ax.com>
next in thread | raw e-mail | index | archive | help
Using Skype on a machine behind a FreeBSD 4.x firewall using ipf/ipnat, if I try a file transfer I get "your connection is relayed" which suggests that there are problems using "UDP hole punching" to get a direct connection. The Skype help page sends you to: http://bgp.lcs.mit.edu/~dga/view.cgi where ipnat gets a "no" in the "udp consistent translation" column. I also ran the "natcheck" utility from here: http://midcom-p2p.sourceforge.net/ on the firewall box itself (ie no NAT) I get: >Request 20 of 20... > >TCP RESULTS: >TCP consistent translation: YES (GOOD for peer-to-peer) >TCP simultaneous open: YES (GOOD for peer-to-peer) >TCP loopback translation: YES (GOOD for peer-to-peer) >TCP unsolicited connections filtered: YES (GOOD for security) > >UDP RESULTS: >UDP consistent translation: YES (GOOD for peer-to-peer) >UDP loopback translation: YES (GOOD for peer-to-peer) >UDP unsolicited messages filtered: YES (GOOD for security) but on a machine inside I get: >Request 4 of 20... >Request 5 of 20... >checkloopback connect: Invalid argument which doesn't look good. Googling didn't find anything so I was wondering if anyone else had experienced this and if so what their resolution was. It would be a shame to have to switch to a different firewall when ipf/ipnat is so easy to use and works so well for everything else, but at the same time I don't like the idea of someone else having to relay the Skype traffic unnecessarily. jim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30bll0dfbc3nhd9h7enu0vhil6odofkb16>