I just come from my OM 5.0.3 installed on a phisical partitionon Centos 7 behind NAT and can recording rightly betweentwo users, in both directions, open ports in firewalld. Please Ricardo, run these commands to open ports in firewalld:
# service firewalld start # sudo firewall-cmd --zone=public --add-port=3478/tcp --permanent # sudo firewall-cmd --zone=public --add-port=3478/udp --permanent # sudo firewall-cmd --zone=public --add-port=5443/tcp --permanent # sudo firewall-cmd --zone=public --add-port=8888/tcp --permanent # sudo firewall-cmd --zone=public --add-port=5443/tcp --permanent # sudo firewall-cmd --zone=public --add-port=49152-65535/udp -- permanent # service firewalld restart ...and to see they are open: # firewall-cmd --list-all -------------------------------------------- El mar, 21-04-2020 a las 08:31 +0700, Maxim Solodovnik escribió: > There are weird issues with CentOS all the time :(( > @Alvaro, you seems to have all possible VMs, maybe you can this set- > up? > > On Tue, 21 Apr 2020 at 00:36, Ricardo Neves <[email protected]> > wrote: > > The video and audio stream is sent to the room, but the audio file > > is not generated, and the video file is zeroed. The quickest test > > is to click: Check the Configuration, and try to save. The 5-second > > counter is not activated. > > My server is VPS Hostgator, and it alone includes several rules in > > IPTABLES. I did not find the rule that blocks the correct > > recording, however, it is the problem, because when disabled, it > > works normally. > > Below are all the rules, if you want to reproduce: > > > > > > > > > > > > > > > > *filter > > :INPUT ACCEPT [0:0] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > :icmpchk - [0:0] > > :input_custom - [0:0] > > :ipdrop_global - [0:0] > > :output_custom - [0:0] > > :ssh - [0:0] > > :tcpchk - [0:0] > > :udpchk - [0:0] > > -A INPUT ! -i lo -p tcp -j tcpchk > > -A INPUT ! -i lo -p udp -j udpchk > > -A INPUT ! -i lo -p icmp -j icmpchk > > -A INPUT -j ipdrop_global > > -A INPUT -j input_custom > > -A INPUT -i lo -j ACCEPT > > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22022 -j ssh > > -A INPUT -p icmp -m icmp --icmp-type 8 -m hashlimit --hashlimit- > > upto 2/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit- > > name PING_IN -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 5/min -j > > LOG --log-prefix "ICMP_DROP " --log-level 3 > > -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP > > -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 3/3 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 3/1 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT > > -A INPUT -p icmp -m icmp --icmp-type 30 -j ACCEPT > > -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT > > -A INPUT -s 173.245.48.0/20 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 103.21.244.0/22 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 103.22.200.0/22 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 103.31.4.0/22 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 141.101.64.0/18 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 108.162.192.0/18 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 190.93.240.0/20 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 188.114.96.0/20 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 197.234.240.0/22 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 198.41.128.0/17 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 162.158.0.0/15 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 104.16.0.0/12 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 172.64.0.0/13 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 131.0.72.0/22 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 162.241.66.218/32 -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -s 198.1.121.202/32 -p tcp -m multiport --dports 22,80 -j > > ACCEPT > > -A INPUT -s 198.1.121.202/32 -p icmp -m icmp --icmp-type 8 -j > > ACCEPT > > -A INPUT -s 184.173.226.84/32 -p tcp -m multiport --dports 22,80 -j > > ACCEPT > > -A INPUT -s 184.173.226.84/32 -p icmp -m icmp --icmp-type 8 -j > > ACCEPT > > -A INPUT -s 184.172.224.50/32 -p tcp -m multiport --dports 22,80 -j > > ACCEPT > > -A INPUT -s 184.172.224.50/32 -p icmp -m icmp --icmp-type 8 -j > > ACCEPT > > -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 26 -j ACCEPT > > -A INPUT -p udp -m udp --dport 53 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 587 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2082 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2083 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2084 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2086 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2087 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2089 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2095 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 2096 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT > > -A INPUT -s 192.168.10.11/32 -p udp -m udp --sport 53 -j ACCEPT > > -A INPUT -s 192.168.10.11/32 -p tcp -m tcp --sport 53 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 3478 -j ACCEPT > > -A INPUT -p udp -m udp --dport 3478 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 5443 -j ACCEPT > > -A INPUT -p udp -m udp --dport 5443 -j ACCEPT > > -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT > > -A INPUT -p udp -m udp --dport 8888 -j ACCEPT > > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A INPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_INPUT: " > > -A INPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset > > -A INPUT -j DROP > > -A INPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT > > -A INPUT -i lo -j ACCEPT > > -A FORWARD -p tcp -j tcpchk > > -A FORWARD -p udp -j udpchk > > -A FORWARD -p icmp -j icmpchk > > -A OUTPUT ! -o lo -p tcp -j tcpchk > > -A OUTPUT -p udp -j udpchk > > -A OUTPUT -p icmp -j icmpchk > > -A OUTPUT -j output_custom > > -A OUTPUT -o lo -j ACCEPT > > -A OUTPUT -p icmp -m state --state NEW,ESTABLISHED -j ACCEPT > > -A OUTPUT -d 198.1.121.202/32 -p icmp -m icmp --icmp-type 0 -j > > ACCEPT > > -A OUTPUT -d 184.173.226.84/32 -p icmp -m icmp --icmp-type 0 -j > > ACCEPT > > -A OUTPUT -d 184.172.224.50/32 -p icmp -m icmp --icmp-type 0 -j > > ACCEPT > > -A OUTPUT -p udp -m udp --dport 1129 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 1129 -j ACCEPT > > -A OUTPUT -p udp -m udp --dport 30000 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 30000 -j ACCEPT > > -A OUTPUT -p udp -m udp --dport 110 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT > > -A OUTPUT -p udp -m udp --dport 43 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 873 -j ACCEPT > > -A OUTPUT -p udp -m owner --uid-owner 0 -j ACCEPT > > -A OUTPUT -p icmp -j ACCEPT > > -A OUTPUT -o lo -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT > > -A OUTPUT -d 74.52.223.18/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 74.52.223.66/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.7/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.8/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.9/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.12/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.13/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 64.5.52.14/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 67.18.137.84/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 67.18.137.85/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 67.18.137.86/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 67.18.137.87/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 67.18.137.88/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 74.52.222.226/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 74.52.222.242/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -d 74.52.223.2/32 -p tcp -m tcp --dport 25 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner 47 -j > > ACCEPT > > -A OUTPUT -p tcp -m owner ! --uid-owner 0 -m multiport --dports > > 25,465,587 -m limit --limit 1/sec -j LOG --log-prefix "OUTBOUND- > > SMTP : " --log-level 5 > > -A OUTPUT -p udp -m udp --dport 53 -m owner ! --uid-owner 99 -j > > ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 53 -m owner ! --uid-owner 99 -j > > ACCEPT > > -A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j ACCEPT > > -A OUTPUT -d 192.168.10.11/32 -p tcp -m tcp --dport 53 -j ACCEPT > > -A OUTPUT -p udp -m udp --dport 53 -m owner --uid-owner 99 -m limit > > --limit 20/sec -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 53 -m owner --uid-owner 99 -m limit > > --limit 20/sec -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 465 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 587 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 2086 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 2087 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 2089 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 37 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --dport 2703 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 22022 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 26 -j ACCEPT > > -A OUTPUT -p udp -m udp --sport 53 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 110 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 143 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 443 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 465 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 587 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2082 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2083 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2084 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2086 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2087 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2089 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2222 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2095 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 2096 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 993 -j ACCEPT > > -A OUTPUT -p tcp -m tcp --sport 995 -j ACCEPT > > -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A OUTPUT -m limit --limit 1/sec -j LOG --log-prefix "LOG_OUTPUT: " > > -A OUTPUT -p tcp -m tcp -j REJECT --reject-with tcp-reset > > -A OUTPUT -j DROP > > -A OUTPUT -p udp -m multiport --dports 49152:65535 -j ACCEPT > > -A OUTPUT -o lo -j ACCEPT > > -A ipdrop_global -s 43.255.190.0/23 -j DROP > > -A ssh -s 67.18.2.226/32 -j ACCEPT > > -A ssh -s 50.23.47.206/32 -j ACCEPT > > -A ssh -s 70.87.80.194/32 -j ACCEPT > > -A ssh -s 216.106.185.169/32 -j ACCEPT > > -A ssh -s 12.96.160.0/24 -j ACCEPT > > -A ssh -s 216.19.0.0/24 -j ACCEPT > > -A ssh -p tcp -m state --state NEW -m recent --set --name DEFAULT > > --mask 255.255.255.255 --rsource > > -A ssh -p tcp -m state --state NEW -m recent --rcheck --seconds 60 > > --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -m > > limit --limit 10/min -j LOG --log-prefix "SSH-ATTACK : " --log- > > level 5 > > -A ssh -p tcp -m state --state NEW -m recent --update --seconds 60 > > --hitcount 10 --name DEFAULT --mask 255.255.255.255 --rsource -j > > REJECT --reject-with tcp-reset > > -A ssh -p tcp -j ACCEPT > > COMMIT > > # Completed on Sun Apr 19 19:19:53 2020 > > # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020 > > *nat > > :PREROUTING ACCEPT [2:90] > > :INPUT ACCEPT [0:0] > > :OUTPUT ACCEPT [0:0] > > :POSTROUTING ACCEPT [1:40] > > COMMIT > > # Completed on Sun Apr 19 19:19:53 2020 > > # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020 > > *mangle > > :PREROUTING ACCEPT [2:90] > > :INPUT ACCEPT [1:40] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [1:40] > > :POSTROUTING ACCEPT [1:40] > > COMMIT > > # Completed on Sun Apr 19 19:19:53 2020 > > # Generated by iptables-save v1.4.21 on Sun Apr 19 19:19:53 2020 > > *raw > > :PREROUTING ACCEPT [1:40] > > :OUTPUT ACCEPT [1:40] > > -A PREROUTING -s 192.168.10.11/32 -p udp -m udp --sport 53 -j > > NOTRACK > > -A PREROUTING -i eth+ -p tcp -m multiport --dports 80,443 -j > > NOTRACK > > -A PREROUTING -i lo -j NOTRACK > > -A OUTPUT -d 192.168.10.11/32 -p udp -m udp --dport 53 -j NOTRACK > > -A OUTPUT -o eth+ -p tcp -m multiport --sports 80,443 -j NOTRACK > > -A OUTPUT -o lo -j NOTRACK > > COMMIT > > > > > > > > > > > > > Em 20 de abr de 2020, à(s) 02:25, Maxim Solodovnik <solomax666@gm > > > ail.com> escreveu: > > > > > > Well, > > > > > > KMS should create RecordingEndpoint and dump stream to the disk > > > And it happens same way as creating WebRTC endpoint i.e. sending > > > internal RPC messages to localhost:8888 > > > So if video stream is being sent to the room - recording should > > > be created > > > (i.e if FW doesn't block video creation - it will also doesn't > > > block > > > recording creation) > > > > > > I would appreciate any additional steps tow to reproduce this > > > (better > > > on Ubuntu :))) > > > > > > So far I, personally, don't have any issues with recordings :((( > > -- > Best regards, > Maxim
