Shorewall users - Aug 2008 - How to enable msn video call?

Hi people.

   I''m new to shorewall, I have some doubts about how to enable windows
msn
8.1 video call communication. I have been googling around but I still
don''t
get a clue how make this possible.

   Im using shorewall 3.x on gentoo.

   Thanks all for your time!!!


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Periko Support wrote:
>   Hi people.
> 
>    I''m new to shorewall, I have some doubts about how to enable
windows
> msn 8.1 video call communication. I have been googling around but I 
> still don''t get a clue how make this possible.
This is Shorewall FAQ #3

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Is this legal?

In a multi-isp setup, is it "legal" to setup an internal host in the
shorewall/nat file with the same IP and two different external ip''s?

I.e.

#EXTERNAL       INTERFACE       INTERNAL        ALL             LOCAL
#                                               INTERFACES
<ISP1 IP>	    eth1:2          10.0.1.11		no
no
<ISP2 IP>	    eth2:2          10.0.1.11		no
no

Or is this just asking for trouble?

My multi-isp setup is per the template at
http://www.shorewall.net/MultiISP.html



Keith Mitchell
CTO
Productivity Associates, Inc.


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

On Tue, Aug 12, 2008 at 5:13 AM, Keith Mitchell <keithm@paisd.com> wrote:
> Is this legal?
>
> In a multi-isp setup, is it "legal" to setup an internal host in
the
> shorewall/nat file with the same IP and two different external
ip''s?
>
It should work (not used it myself)

Now depending on your default route (or policy route), the interface is
chosen. Remember IPtables does not choose the interface. Once the interface
is chosen, then the IP is set according to masq/nat - this is for outgoing
packets. For incoming packets, any thing coming in on that virtual interface
should just be DNAT''ed and sent to the local IP. With "mark"
in place it
should be just like a normal multi-ISP setup.

Note that this line will add an aliased interface to each interface that you
have, unless you are specifying
ADD_IP_ALIASES<http://shorewall.net/manpages/shorewall.conf.html>
="no" . Since you seem to have an alias already, you may want to check
that.

Prasanna.
-- 
Want to manage multiple office networks?
Want to securely connect all your locations?
Want to do it in a budget?
www.elinanetworks.com


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

Thanks Prasanna.

I''m having some wierd problems with encrypted traffic that I''m
trying to
troubleshoot.  I do have the interface aliases all setup and working.

I actually setup an alternate to test by assigning an additional private 
IP to the internal host and separating the NATS for each interface, but 
it didn''t help.

#EXTERNAL       INTERFACE       INTERNAL        ALL             LOCAL
#                                               INTERFACES
<ISP1 IP>	    eth1:2          10.0.1.11		no
no
<ISP2 IP>	    eth2:2          10.0.1.12		no
no


The troubleshooting continues.

Thank you very much for the feedback though.  I couldn''t find anything 
in the Shorewall docs as to whether what I was doing was "legal" or
not
(not to say it might not be there), but you at least told me I wasn''t 
stupid.  (And I still owe you and the wiki documentation on my current 
setup, but I''m not so sure I''ve worked out the kinks yet).

Keith Mitchell
CTO
Productivity Associates, Inc.

Prasanna Krishnamoorthy wrote:
> On Tue, Aug 12, 2008 at 5:13 AM, Keith Mitchell <keithm@paisd.com 
> <mailto:keithm@paisd.com>> wrote:
>
>     Is this legal?
>
>     In a multi-isp setup, is it "legal" to setup an internal host
in the
>     shorewall/nat file with the same IP and two different external
ip''s?
>
> It should work (not used it myself)
>
> Now depending on your default route (or policy route), the interface 
> is chosen. Remember IPtables does not choose the interface. Once the 
> interface is chosen, then the IP is set according to masq/nat - this 
> is for outgoing packets. For incoming packets, any thing coming in on 
> that virtual interface should just be DNAT''ed and sent to the
local
> IP. With "mark" in place it should be just like a normal
multi-ISP setup.
>
> Note that this line will add an aliased interface to each interface 
> that you have, unless you are specifying ADD_IP_ALIASES 
> <http://shorewall.net/manpages/shorewall.conf.html>="no" .
Since you
> seem to have an alias already, you may want to check that.
>
> Prasanna.
> -- 
> Want to manage multiple office networks?
> Want to securely connect all your locations?
> Want to do it in a budget?
> www.elinanetworks.com <http://www.elinanetworks.com>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
> Build the coolest Linux based applications with Moblin SDK & win great
prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> ------------------------------------------------------------------------
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>   

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

On Mon, Aug 11, 2008 at 4:23 PM, Tom Eastep <teastep@shorewall.net> wrote:
> Periko Support wrote:
>
>>  Hi people.
>>
>>   I''m new to shorewall, I have some doubts about how to enable
windows msn
>> 8.1 video call communication. I have been googling around but I still
don''t
>> get a clue how make this possible.
>>
>
> This is Shorewall FAQ #3
>
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
  Tom thanks for your info.

  I think is I have to search another app no uPnP, I have to search for a
app with video enable but I don''t want to open  my ports  like MSN.

 Thanks for your info!!!


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/