ipnat and "udp consistent translation" (Skype related)
Jim Hatfield
subscriber at insignia.com
Wed Sep 29 05:45:41 PDT 2004
Using Skype on a machine behind a FreeBSD 4.x firewall using
ipf/ipnat, if I try a file transfer I get "your connection is relayed"
which suggests that there are problems using "UDP hole punching" to
get a direct connection. The Skype help page sends you to:
http://bgp.lcs.mit.edu/~dga/view.cgi
where ipnat gets a "no" in the "udp consistent translation" column.
I also ran the "natcheck" utility from here:
http://midcom-p2p.sourceforge.net/
on the firewall box itself (ie no NAT) I get:
>Request 20 of 20...
>
>TCP RESULTS:
>TCP consistent translation: YES (GOOD for peer-to-peer)
>TCP simultaneous open: YES (GOOD for peer-to-peer)
>TCP loopback translation: YES (GOOD for peer-to-peer)
>TCP unsolicited connections filtered: YES (GOOD for security)
>
>UDP RESULTS:
>UDP consistent translation: YES (GOOD for peer-to-peer)
>UDP loopback translation: YES (GOOD for peer-to-peer)
>UDP unsolicited messages filtered: YES (GOOD for security)
but on a machine inside I get:
>Request 4 of 20...
>Request 5 of 20...
>checkloopback connect: Invalid argument
which doesn't look good.
Googling didn't find anything so I was wondering if anyone
else had experienced this and if so what their resolution was.
It would be a shame to have to switch to a different firewall
when ipf/ipnat is so easy to use and works so well for everything
else, but at the same time I don't like the idea of someone else
having to relay the Skype traffic unnecessarily.
jim
More information about the freebsd-questions
mailing list