Archived from groups: comp.dcom.videoconf,uk.telecom.broadband,rec.travel.europe (
More info?)
In message <417a1eab$0$3267$ed2619ec@ptn-nntp-reader02.plus.net>, Nat
Stott <news@nospamatmyteaparty.f9.co.invalid> writes
>"Suz" <clear@off.com> wrote in message
>news:417a0cde$0$11182$c3e8da3@news.astraweb.com...
>> My hubby will be away from home for work until Xmas, and although home at
>> the weekend, the kids will miss him terribly. We had the bright idea of
>> video conferencing to help a bit.
>> So, two questions:
>> 1. Will a cheap cam do the job? eg
>>
http://www.dabs.com/uk/ProductView?quicklinx=2FJ9
>> 2. More importantly, will the hotel's broadband connection by 'broad'
>> enough? The hotels will be
>>
http://www.runnymedehotel.com/bedrooms/services.html and
>> http://glasgow.radissonsas.com/ Their claims may be unreliable.
>
>Video will work after a sort even on a modem line, just the quality and
>frame rate will drop if the connection is slow. The size of video image is
>usually selectable.
>
>One likely problem is that the hotel will probably be using a NAT router
>between the rooms and the internet, meaning that the types of connection
>will be limited. MS Messenger I believe cannot send video from behind a NAT
>router.
I've just been experimenting with MSN Messenger and NAT on a pair of
Windows XP SP2 machines. I have a good system for experimentation at the
moment, as I have a (soon to be ceased) ntl: cable connection as well as
a routed IP block ADSL connection here.
For testing, I set up the Windows XP SP2 firewall on a laptop and
directly connected it to the ntl: cable modem - this is therefore a
no-NAT end.
My main PC has remained on the ADSL setup, which has uPnP on, and is
running multi-NAT on the router, with this machine having a dedicated
public IP address. The dedicated public IP address (in ZyXEL
terminology, a 1-1 mapping) gets round problems with incoming port
mapping - the router knows all incoming traffic on that IP address is,
so long as it passes the filters and firewall, for the LAN IP address
mapped to that public IP address.
uPnP is needed to allow MSN Messenger to open ports in the firewall for
incoming traffic.
It seems that MSN video isn't a problem if uPnP is available and the
router allows uPnP to open ports in the firewall. Video uses TCP, and
MSN Messenger 6.2.0137 (which is certainly a recent version if not the
latest) correctly drives uPnP to control the firewall. The webcam works
from either end (I only have one webcam so I can't try both ends sending
video at once - though I don't foresee a problem with bidirectional
video.).
MSN audio is a problem, though - it uses UDP. Whilst uPnP appears
capable of opening UDP ports in the firewall, it seems that this isn't
done correctly by the version of MSN Messenger I tried.
Audio works by the inviting party sending an invite to the remote party
to connect to a particular UDP port - a bit like MSN Messenger file
sending does, actually (though that uses TCP, not UDP).
With audio, if my no-NAT end invites, all works correctly (like most
people, I don't have much firewalling LAN to WAN on my router). If the
NAT end invites, the only way I can make things work properly is open
the 'high' UDP ports on the firewall for WAN to LAN traffic.
In this case, I opened 1030 to 65535, less a few well known ports -
namely 1900 which is SSDP (part of uPnP), 1433-1434 which is MS-SQL
(this machine runs MSDE 2000 because it is a Backup Exec 9.1 media
server - Microsoft Baseline Security Analyzer confirms that SQL is
patched up to date) and 2049 which is sometimes used for NFS.
Checking back through my firewall logs, I wasn't seeing any significant
incoming UDP traffic on any other port. Most (but not all) unwanted
traffic uses ports below 1024 and/or TCP. However, if anyone can think
of any more UDP ports in the range I've opened that are a good idea to
add to my firewall rules, I'm listening. For now, as I've finished
experimenting, I've disabled the firewall rule that opens the ports.
It's only about three clicks in the router's web pages to turn it back
on.
You'll note I excluded the bottom few 'high' ports from the range - UDP
1024 to 1029 carry quite a lot of 'noise' according to my firewall
logging - probably Messenger spam attempts in the main (this Messenger
is the Messenger service in Windows that throws up those pop-up windows
- not Windows or MSN Messenger).
On my setup, opening the high UDP ports in the firewall was enough to
get MSN Messenger audio working because the machine has a dedicated
public IP address, so the multi-NAT on the router knows to send all
incoming packets on the public IP address to the corresponding private
IP address.
If I was using many to one NAT on that IP address (as you would if you
had a single IP Internet account), I'd have to use port forwarding or
even the crude "DMZ" feature on some routers (which forward all
otherwise unowned incoming traffic to a certain LAN IP address) to steer
the traffic to the right place.
As you can see, particularly to get audio working behind NAT, you need
the ability to configure the router yourself.
It's also worth noting that my setup is using a higher end router than
most people here - the main router is a ZyXEL ZyWALL 35, which has a
no-NAT ZyXEL Prestige 650H-E1 on its WAN 1 port connected to my ADSL
line. It's possible other routers may not get uPnP correct if they are
running multi-NAT.
Someone else mentioned that Netmeeting will work through NAT. That's
only the case if the NAT router has a H.323 ALG. Even then, for inward
connections to work, you often need to open a port or two on the
firewall and, if necessary, make an appropriate entry in your port
forwarding setup (from memory the ports are 1503 and 1720 - both TCP).
David
--
David Wood
david@wood2.org.uk