Re: Openmeetings 5.0.0-M3 doesn't record

Ricardo Neves Mon, 20 Apr 2020 10:36:26 -0700

The video and audio stream is sent to the room, but the audio file is not 
generated, and the video file is zeroed. The quickest test is to click: Check 
the Configuration, and try to save. The 5-second counter is not activated.
My server is VPS Hostgator, and it alone includes several rules in IPTABLES. I 
did not find the rule that blocks the correct recording, however, it is the 
problem, because when disabled, it works normally.
Below are all the rules, if you want to reproduce:









*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:icmpchk - [0:0]
:input_custom - [0:0]
:ipdrop_global - [0:0]
:output_custom - [0:0]
:ssh - [0:0]
:tcpchk - [0:0]
:udpchk - [0:0]
-A INPUT ! -i lo -p tcp -j tcpchk
-A INPUT ! -i lo -p udp -j udpchk
-A INPUT ! -i lo -p icmp -j icmpchk
-A INPUT -j ipdrop_global
-A INPUT -j input_custom
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22022 -j ssh
-A INPUT -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 2/sec 
--hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name PING_IN -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/min -j LOG 
--log-prefix "ICMP_DROP " --log-level 3
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/1 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 30 -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -s 173.245.48.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 103.21.244.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 103.22.200.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 103.31.4.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 141.101.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 108.162.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 190.93.240.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 188.114.96.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 197.234.240.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 198.41.128.0/17 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 162.158.0.0/15 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 104.16.0.0/12 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 172.64.0.0/13 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 131.0.72.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 162.241.66.218/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 198.1.121.202/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
-A INPUT -s 198.1.121.202/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 184.173.226.84/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
-A INPUT -s 184.173.226.84/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 184.172.224.50/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
-A INPUT -s 184.172.224.50/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 26 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2082 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2083 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2084 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2086 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2087 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2089 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2095 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2096 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -s 192.168.10.11/32 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -s 192.168.10.11/32 -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3478 -j ACCEPT
-A INPUT -p udp -m udp --dport 3478 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5443 -j ACCEPT
-A INPUT -p udp -m udp --dport 5443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -p udp -m udp --dport 8888 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_INPUT: "
-A INPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset
-A INPUT -j DROP
-A INPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -p tcp -j tcpchk
-A FORWARD -p udp -j udpchk
-A FORWARD -p icmp -j icmpchk
-A OUTPUT ! -o lo -p tcp -j tcpchk
-A OUTPUT -p udp -j udpchk
-A OUTPUT -p icmp -j icmpchk
-A OUTPUT -j output_custom
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d 198.1.121.202/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -d 184.173.226.84/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -d 184.172.224.50/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 1129 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 1129 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 30000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 30000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 43 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT
-A OUTPUT -p udp -m owner --uid-owner 0 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -d 74.52.223.18/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 74.52.223.66/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.7/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.8/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.9/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.12/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.13/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 64.5.52.14/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 67.18.137.84/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 67.18.137.85/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 67.18.137.86/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 67.18.137.87/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 67.18.137.88/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 74.52.222.226/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 74.52.222.242/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -d 74.52.223.2/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner 47 -j ACCEPT
-A OUTPUT -p tcp -m owner ! --uid-owner 0 -m multiport --dports 25,465,587 -m 
limit --limit 1/sec -j LOG --log-prefix "OUTBOUND-SMTP : " --log-level 5
-A OUTPUT -p udp -m udp --dport 53 -m owner ! --uid-owner 99 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -m owner ! --uid-owner 99 -j ACCEPT
-A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -d 192.168.10.11/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -m owner --uid-owner 99 -m limit --limit 
20/sec -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -m owner --uid-owner 99 -m limit --limit 
20/sec -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2086 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2087 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2089 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 37 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 2703 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22022 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 26 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 465 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 587 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2082 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2083 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2084 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2086 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2087 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2089 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2222 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2095 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 2096 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 995 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_OUTPUT: "
-A OUTPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset
-A OUTPUT -j DROP
-A OUTPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A ipdrop_global -s 43.255.190.0/23 -j DROP
-A ssh -s 67.18.2.226/32 -j ACCEPT
-A ssh -s 50.23.47.206/32 -j ACCEPT
-A ssh -s 70.87.80.194/32 -j ACCEPT
-A ssh -s 216.106.185.169/32 -j ACCEPT
-A ssh -s 12.96.160.0/24 -j ACCEPT
-A ssh -s 216.19.0.0/24 -j ACCEPT
-A ssh -p tcp -m state --state NEW -m recent --set --name DEFAULT --mask 
255.255.255.255 --rsource
-A ssh -p tcp -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 
10 --name DEFAULT --mask 255.255.255.255 --rsource -m limit --limit 10/min -j 
LOG --log-prefix "SSH-ATTACK : " --log-level 5
-A ssh -p tcp -m state --state NEW -m recent --update --seconds 60 --hitcount 
10 --name DEFAULT --mask 255.255.255.255 --rsource -j REJECT --reject-with 
tcp-reset
-A ssh -p tcp -j ACCEPT
COMMIT
# Completed on Sun Apr 19 19:19:53 2020
# Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
*nat
:PREROUTING ACCEPT [2:90]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [1:40]
COMMIT
# Completed on Sun Apr 19 19:19:53 2020
# Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
*mangle
:PREROUTING ACCEPT [2:90]
:INPUT ACCEPT [1:40]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:40]
:POSTROUTING ACCEPT [1:40]
COMMIT
# Completed on Sun Apr 19 19:19:53 2020
# Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
*raw
:PREROUTING ACCEPT [1:40]
:OUTPUT ACCEPT [1:40]
-A PREROUTING -s 192.168.10.11/32 -p udp -m udp --sport 53 -j NOTRACK
-A PREROUTING -i eth+ -p tcp -m multiport --dports 80,443 -j NOTRACK
-A PREROUTING -i lo -j NOTRACK
-A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j NOTRACK
-A OUTPUT -o eth+ -p tcp -m multiport --sports 80,443 -j NOTRACK
-A OUTPUT -o lo -j NOTRACK
COMMIT





> Em 20 de abr de 2020, à(s) 02:25, Maxim Solodovnik <[email protected]> 
> escreveu:
> 
> Well,
> 
> KMS should create RecordingEndpoint and dump stream to the disk
> And it happens same way as creating WebRTC endpoint i.e. sending
> internal RPC messages to localhost:8888
> So if video stream is being sent to the room - recording should be created
> (i.e if FW doesn't block video creation - it will also doesn't block
> recording creation)
> 
> I would appreciate any additional steps tow to reproduce this (better
> on Ubuntu :)))
> 
> So far I, personally, don't have any issues with recordings :(((

Re: Openmeetings 5.0.0-M3 doesn't record

Reply via email to