Re: Openmeetings 5.0.0-M3 doesn't record

Maxim Solodovnik Mon, 20 Apr 2020 18:31:41 -0700

There are weird issues with CentOS all the time :((

@Alvaro, you seems to have all possible VMs, maybe you can this set-up?


On Tue, 21 Apr 2020 at 00:36, Ricardo Neves <[email protected]> wrote:

> The video and audio stream is sent to the room, but the audio file is not
> generated, and the video file is zeroed. The quickest test is to click:
> Check the Configuration, and try to save. The 5-second counter is not
> activated.
> My server is VPS Hostgator, and it alone includes several rules in
> IPTABLES. I did not find the rule that blocks the correct recording,
> however, it is the problem, because when disabled, it works normally.
> Below are all the rules, if you want to reproduce:
>
>
>
>
>
>
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :icmpchk - [0:0]
> :input_custom - [0:0]
> :ipdrop_global - [0:0]
> :output_custom - [0:0]
> :ssh - [0:0]
> :tcpchk - [0:0]
> :udpchk - [0:0]
> -A INPUT ! -i lo -p tcp -j tcpchk
> -A INPUT ! -i lo -p udp -j udpchk
> -A INPUT ! -i lo -p icmp -j icmpchk
> -A INPUT -j ipdrop_global
> -A INPUT -j input_custom
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 22022 -j ssh
> -A INPUT -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit-upto 2/sec
> --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name PING_IN -j
> ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/min -j LOG
> --log-prefix "ICMP_DROP " --log-level 3
> -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
> -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 3/3 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 3/1 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
> -A INPUT -p icmp -m icmp --icmp-type 30 -j ACCEPT
> -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT
> -A INPUT -s 173.245.48.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 103.21.244.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 103.22.200.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 103.31.4.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 141.101.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 108.162.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 190.93.240.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 188.114.96.0/20 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 197.234.240.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 198.41.128.0/17 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 162.158.0.0/15 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 104.16.0.0/12 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 172.64.0.0/13 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 131.0.72.0/22 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 162.241.66.218/32 -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -s 198.1.121.202/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
> -A INPUT -s 198.1.121.202/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
> -A INPUT -s 184.173.226.84/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
> -A INPUT -s 184.173.226.84/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
> -A INPUT -s 184.172.224.50/32 -p tcp -m multiport --dports 22,80 -j ACCEPT
> -A INPUT -s 184.172.224.50/32 -p icmp -m icmp --icmp-type 8 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 26 -j ACCEPT
> -A INPUT -p udp -m udp --dport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2082 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2083 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2084 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2086 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2087 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2089 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2095 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 2096 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
> -A INPUT -s 192.168.10.11/32 -p udp -m udp --sport 53 -j ACCEPT
> -A INPUT -s 192.168.10.11/32 -p tcp -m tcp --sport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 3478 -j ACCEPT
> -A INPUT -p udp -m udp --dport 3478 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 5443 -j ACCEPT
> -A INPUT -p udp -m udp --dport 5443 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
> -A INPUT -p udp -m udp --dport 8888 -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_INPUT: "
> -A INPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset
> -A INPUT -j DROP
> -A INPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A FORWARD -p tcp -j tcpchk
> -A FORWARD -p udp -j udpchk
> -A FORWARD -p icmp -j icmpchk
> -A OUTPUT ! -o lo -p tcp -j tcpchk
> -A OUTPUT -p udp -j udpchk
> -A OUTPUT -p icmp -j icmpchk
> -A OUTPUT -j output_custom
> -A OUTPUT -o lo -j ACCEPT
> -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT
> -A OUTPUT -d 198.1.121.202/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
> -A OUTPUT -d 184.173.226.84/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
> -A OUTPUT -d 184.172.224.50/32 -p icmp -m icmp --icmp-type 0 -j ACCEPT
> -A OUTPUT -p udp -m udp --dport 1129 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 1129 -j ACCEPT
> -A OUTPUT -p udp -m udp --dport 30000 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 30000 -j ACCEPT
> -A OUTPUT -p udp -m udp --dport 110 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
> -A OUTPUT -p udp -m udp --dport 43 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT
> -A OUTPUT -p udp -m owner --uid-owner 0 -j ACCEPT
> -A OUTPUT -p icmp -j ACCEPT
> -A OUTPUT -o lo -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A OUTPUT -d 74.52.223.18/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 74.52.223.66/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.7/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.8/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.9/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.12/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.13/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 64.5.52.14/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 67.18.137.84/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 67.18.137.85/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 67.18.137.86/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 67.18.137.87/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 67.18.137.88/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 74.52.222.226/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 74.52.222.242/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -d 74.52.223.2/32 -p tcp -m tcp --dport 25 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner 47 -j ACCEPT
> -A OUTPUT -p tcp -m owner ! --uid-owner 0 -m multiport --dports 25,465,587
> -m limit --limit 1/sec -j LOG --log-prefix "OUTBOUND-SMTP : " --log-level 5
> -A OUTPUT -p udp -m udp --dport 53 -m owner ! --uid-owner 99 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 53 -m owner ! --uid-owner 99 -j ACCEPT
> -A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j ACCEPT
> -A OUTPUT -d 192.168.10.11/32 -p tcp -m tcp --dport 53 -j ACCEPT
> -A OUTPUT -p udp -m udp --dport 53 -m owner --uid-owner 99 -m limit
> --limit 20/sec -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 53 -m owner --uid-owner 99 -m limit
> --limit 20/sec -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 2086 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 2087 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 2089 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 37 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --dport 2703 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 22022 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 26 -j ACCEPT
> -A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 110 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 143 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 465 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 587 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2082 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2083 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2084 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2086 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2087 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2089 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2222 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2095 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 2096 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 993 -j ACCEPT
> -A OUTPUT -p tcp -m tcp --sport 995 -j ACCEPT
> -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_OUTPUT: "
> -A OUTPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset
> -A OUTPUT -j DROP
> -A OUTPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT
> -A OUTPUT -o lo -j ACCEPT
> -A ipdrop_global -s 43.255.190.0/23 -j DROP
> -A ssh -s 67.18.2.226/32 -j ACCEPT
> -A ssh -s 50.23.47.206/32 -j ACCEPT
> -A ssh -s 70.87.80.194/32 -j ACCEPT
> -A ssh -s 216.106.185.169/32 -j ACCEPT
> -A ssh -s 12.96.160.0/24 -j ACCEPT
> -A ssh -s 216.19.0.0/24 -j ACCEPT
> -A ssh -p tcp -m state --state NEW -m recent --set --name DEFAULT --mask
> 255.255.255.255 --rsource
> -A ssh -p tcp -m state --state NEW -m recent --rcheck --seconds 60
> --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -m limit
> --limit 10/min -j LOG --log-prefix "SSH-ATTACK : " --log-level 5
> -A ssh -p tcp -m state --state NEW -m recent --update --seconds 60
> --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j REJECT
> --reject-with tcp-reset
> -A ssh -p tcp -j ACCEPT
> COMMIT
> # Completed on Sun Apr 19 19:19:53 2020
> # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
> *nat
> :PREROUTING ACCEPT [2:90]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [1:40]
> COMMIT
> # Completed on Sun Apr 19 19:19:53 2020
> # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
> *mangle
> :PREROUTING ACCEPT [2:90]
> :INPUT ACCEPT [1:40]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1:40]
> :POSTROUTING ACCEPT [1:40]
> COMMIT
> # Completed on Sun Apr 19 19:19:53 2020
> # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020
> *raw
> :PREROUTING ACCEPT [1:40]
> :OUTPUT ACCEPT [1:40]
> -A PREROUTING -s 192.168.10.11/32 -p udp -m udp --sport 53 -j NOTRACK
> -A PREROUTING -i eth+ -p tcp -m multiport --dports 80,443 -j NOTRACK
> -A PREROUTING -i lo -j NOTRACK
> -A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j NOTRACK
> -A OUTPUT -o eth+ -p tcp -m multiport --sports 80,443 -j NOTRACK
> -A OUTPUT -o lo -j NOTRACK
> COMMIT
>
>
>
>
>
> Em 20 de abr de 2020, à(s) 02:25, Maxim Solodovnik <[email protected]>
> escreveu:
>
> Well,
>
> KMS should create RecordingEndpoint and dump stream to the disk
> And it happens same way as creating WebRTC endpoint i.e. sending
> internal RPC messages to localhost:8888
> So if video stream is being sent to the room - recording should be created
> (i.e if FW doesn't block video creation - it will also doesn't block
> recording creation)
>
> I would appreciate any additional steps tow to reproduce this (better
> on Ubuntu :)))
>
> So far I, personally, don't have any issues with recordings :(((
>
>
>

-- 
Best regards,
Maxim

Re: Openmeetings 5.0.0-M3 doesn't record

Reply via email to