Hi all, First of all, thank you for the nice work bringing Ekiga to the world. It's one of the best softphones out there, and it's free!
I've run into a problem trying to set up Ekiga and luckily was able to fix it. As I didn't find a (specific) mention of it in the FAQ and it seems to me to be fairly common, I'm sending it to you in hope of helping someone else. Maybe it should go to the FAQ? Here is the problem: I've got a simple setup, Linux (Fedora 6), no NAT, a direct connection to the net, but I've got a strict firewall (iptables, stateful). Concerning UDP, only ESTABLISHED,RELATED packets are allowed in, all packets are allowed out. Pretty simple, pretty common, I suppose. The problem is, with this setup Ekiga (as configured by the wizard, with STUN) only receives calls just after connecting to ekiga.net (or any other SIP provider). I can make calls, but if I let Ekiga running after some time I can't receive any calls. Here is the cause: Ekiga (probably following SIP) registers with a service using UDP and the service (probably following SIP) expects to find Ekiga at the port it sent the registration (I guess :)). Well, in Linux with IP iptables, this port is only accessible for 180 seconds after the registration. After this time, the firewall will block the packets coming from the SIP service, as it considers the "session" to be over. Here is the solution: There are two ways of coping with that. If you can control your host (root), you can set the UDP iptables timeout to one hour: # echo 3600 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream The FAQ hints at this buried in the script of section 6.2, but it points to the wrong variable ip_conntrack_udp_timeout instead of ip_conntrack_udp_timeout_stream. See http://ipsysctl-tutorial.frozentux.net/ipsysctl-tutorial.html#AEN730 for more details. You can use the sysctl utility to set kernel variables more easily. If you don't have control of your host, you can configure each account to refresh the registration every 180 seconds. That's it. Hope I've got it right and that it is useful. :) Abraços, Gustavo _______________________________________________ ekiga-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/ekiga-list
