ii jitsi-meet 1.0.547-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.547-1 all Prosody configuration for Jitsi Meet
ii jitsi-videobridge 472-1 amd64 WebRTC compatible Selective Forwarding Unit (SFU)
The box is connected to Internet via a Cisco router and I’m using NAT to reach the server from Internet.
I modified the file sip-communicator.properties in order to specify internal/external IPs
I created port forwarding rules on Cisco as following (even if I’m quite sure that forwarding UDP ports is not needed):
!
ip nat pool JITSIFW 192.168.1.248 192.168.1.248 netmask 255.255.255.0 type rotary
ip nat inside source static tcp 192.168.1.248 443 interface FastEthernet0/0 443
ip nat inside destination list 103 pool JITSIFW
!
access-list 103 permit udp any any range 5000 6000
access-list 103 permit udp any any range 10000 20000
access-list 103 permit udp any any range 50000 60000
I’m connecting to application using FQDN and trusted SSL cert.
Name servers for our domain is configured to reply with internal or external IP according to requester location.
From LAN-to-LAN everything is working fine.
From LAN-to-Internet I cannot get remote video/audio and viceversa. Only chat is working.
Do you have any advices ?
Is UDP port forwarding needed on my setup ?
ii jitsi-meet 1.0.547-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.547-1 all Prosody configuration for Jitsi Meet
ii jitsi-videobridge 472-1 amd64 WebRTC compatible Selective Forwarding Unit (SFU)
The box is connected to Internet via a Cisco router and I’m using NAT to reach the server from Internet.
I modified the file sip-communicator.properties in order to specify internal/external IPs
I created port forwarding rules on Cisco as following (even if I’m quite sure that forwarding UDP ports is not needed):
!
ip nat pool JITSIFW 192.168.1.248 192.168.1.248 netmask 255.255.255.0 type rotary
ip nat inside source static tcp 192.168.1.248 443 interface FastEthernet0/0 443
ip nat inside destination list 103 pool JITSIFW
!
access-list 103 permit udp any any range 5000 6000
access-list 103 permit udp any any range 10000 20000
access-list 103 permit udp any any range 50000 60000
I’m connecting to application using FQDN and trusted SSL cert.
Name servers for our domain is configured to reply with internal or external IP according to requester location.
From LAN-to-LAN everything is working fine.
From LAN-to-Internet I cannot get remote video/audio and viceversa. Only chat is working.
Do you have any advices ?
Is UDP port forwarding needed on my setup ?
I don't see anything in your mail that tells your firewall to redirect
UDP ports 10K to 20K to your bridge box.
it’s here:
ip nat inside destination list 103 pool JITSIFW
It should still switch to TCP but have you made sure JVB is listening
on 443 (i.e. running as root) or that you have port forwarding in
place?
JVB is listening on 443 and I can connect from both side (LAN and WAN).
I collected a trace with Wireshark on remote client and I noticed that remote web client it’s trying to send STUN binding request to the private server IP (192.168.1.248) instead of the public one.
I checked again .sip-communicator/sip-communicator.properties, inside the user’s home that is running jvb, and IPs are correct.
I really don’t like NAT, but unfortunately I don’t have other options here.
ii jitsi-meet 1.0.547-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.547-1 all Prosody configuration for Jitsi Meet
ii jitsi-videobridge 472-1 amd64 WebRTC compatible Selective Forwarding Unit (SFU)
The box is connected to Internet via a Cisco router and I’m using NAT to reach the server from Internet.
I modified the file sip-communicator.properties in order to specify internal/external IPs
I created port forwarding rules on Cisco as following (even if I’m quite sure that forwarding UDP ports is not needed):
!
ip nat pool JITSIFW 192.168.1.248 192.168.1.248 netmask 255.255.255.0 type rotary
ip nat inside source static tcp 192.168.1.248 443 interface FastEthernet0/0 443
ip nat inside destination list 103 pool JITSIFW
!
access-list 103 permit udp any any range 5000 6000
access-list 103 permit udp any any range 10000 20000
access-list 103 permit udp any any range 50000 60000
I’m connecting to application using FQDN and trusted SSL cert.
Name servers for our domain is configured to reply with internal or external IP according to requester location.
From LAN-to-LAN everything is working fine.
From LAN-to-Internet I cannot get remote video/audio and viceversa. Only chat is working.
Do you have any advices ?
Is UDP port forwarding needed on my setup ?
I don't see anything in your mail that tells your firewall to redirect
UDP ports 10K to 20K to your bridge box.
it’s here:
ip nat inside destination list 103 pool JITSIFW
OK. I don't understand this line but if you are confident if forwards
ports 10K to 20K then fine.
It should still switch to TCP but have you made sure JVB is listening
on 443 (i.e. running as root) or that you have port forwarding in
place?
JVB is listening on 443 and I can connect from both side (LAN and WAN).
If you are connecting from LAN and WAN then you are mostly likely not
connecting on 443 but on 10K to 20K UDP.
I collected a trace with Wireshark on remote client and I noticed that remote web client it’s trying to send STUN binding request to the private server IP (192.168.1.248) instead of the public one.
There is no public one actually. Jitsi Meet does not use a STUN
server. What you are seeing are the ICE connectivity checks and if
those are not being forwarded to Jitsi videobridge then there is a
problem with your mappings.
ii jitsi-meet 1.0.547-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.547-1 all Prosody configuration for Jitsi Meet
ii jitsi-videobridge 472-1 amd64 WebRTC compatible Selective Forwarding Unit (SFU)
The box is connected to Internet via a Cisco router and I’m using NAT to reach the server from Internet.
I modified the file sip-communicator.properties in order to specify internal/external IPs
I created port forwarding rules on Cisco as following (even if I’m quite sure that forwarding UDP ports is not needed):
!
ip nat pool JITSIFW 192.168.1.248 192.168.1.248 netmask 255.255.255.0 type rotary
ip nat inside source static tcp 192.168.1.248 443 interface FastEthernet0/0 443
ip nat inside destination list 103 pool JITSIFW
!
access-list 103 permit udp any any range 5000 6000
access-list 103 permit udp any any range 10000 20000
access-list 103 permit udp any any range 50000 60000
I’m connecting to application using FQDN and trusted SSL cert.
Name servers for our domain is configured to reply with internal or external IP according to requester location.
From LAN-to-LAN everything is working fine.
From LAN-to-Internet I cannot get remote video/audio and viceversa. Only chat is working.
Do you have any advices ?
Is UDP port forwarding needed on my setup ?