Media are all muted

Hello, I just install Jistsi (via quick install) on a debian 9 server (public IP adress so no NAT)
I am using nginx as HTTPS proxy

my iptables are DROP all INPUT/FORWARD/OUTPUT by default and I opened the 443, 4443, and 10000 ports:

5266 265K ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
6666 400K ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
85 4576 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4443
2 56 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:10000

But event with that configuration, all remote participent are seen as muted and no video is transmitted.

in the Firefox console I have the following logs:

[JitsiConference.js] <X.prototype._init/this.e2eping<>: Failed to send a ping request or response. Logger.js:124:12
[modules/UI/videolayout/RemoteVideo.js] <v.prototype.updateConnectionStatusIndicator>: da4a1bc2 thumbnail connection status: active

here the netstat for the jitsi:

# netstat -anp | grep 4443
tcp6 0 0 155.133.129.132:4443 :::* LISTEN 16164/java
tcp6 0 0 10.8.1.1:4443 :::* LISTEN 16164/java
tcp6 0 0 2001:4b99:1:1:216::4443 :::* LISTEN 16164/java

# netstat -anp | grep 10000
udp6 0 0 155.133.129.132:10000 :::* 16164/java
udp6 0 0 2001:4b99:1:1:216:10000 :::* 16164/java
udp6 0 0 10.8.1.1:10000 :::* 16164/java

# netstat -anp | grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 21824/nginx: master
tcp 0 0 155.133.129.132:443 135.238.155.251:36983 ESTABLISHED 31401/nginx: worker
tcp 0 0 155.133.129.132:443 80.15.84.249:51561 FIN_WAIT2 -
tcp 0 0 155.133.129.132:443 176.179.160.98:44223 ESTABLISHED 31401/nginx: worker
tcp 0 0 155.133.129.132:443 135.238.155.251:39385 ESTABLISHED 31401/nginx: worker
tcp 0 0 155.133.129.132:443 80.15.84.249:61775 ESTABLISHED 31401/nginx: worker
tcp 0 0 155.133.129.132:443 135.238.155.251:56707 ESTABLISHED 31401/nginx: worker
tcp 0 0 155.133.129.132:443 135.238.155.251:37688 ESTABLISHED 31401/nginx: worker
tcp6 0 0 155.133.129.132:4443 :::* LISTEN 16164/java
tcp6 0 0 10.8.1.1:4443 :::* LISTEN 16164/java
tcp6 0 0 2001:4b99:1:1:216::4443 :::* LISTEN 16164/java
tcp6 0 0 2001:4b99:1:1:216:3:443 :::* LISTEN 16164/java

I think that something should be opened on the iptables, but I cannot find what.

Could someone help me to fix it?

Check jicofo logs. Do you see any error?

Can you temporarily switch the policies to ACCEPT just to confirm that the problem indeed comes from the firewall?

If you see thumbnails for the remote participants, then the XMPP connection succeded, so all the signaling should work. You can run tcpdump on the server and see if any STUN requests reach port udp/10000. You can also use chrome and open chrome://webrtc-internals, then start a conference and look for the remote candidates (confirm that you see the correct address and port).

Boris

Hello,

in jitsi log i can see the following messages:

JVB 2019-04-24 16:25:55.436 WARNING: [132414] org.ice4j.socket.MergingDatagramSocket.log() Active socket already initialized.
JVB 2019-04-24 16:25:55.641 WARNING: [132505] org.jitsi.impl.neomedia.transform.dtls.DatagramTransportImpl.log() Unknown DTLS handshake message type: -98
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with 158f60e0 not ready yet.
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can’t send a message
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with afea7958 not ready yet.
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can’t send a message
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with 708e03af not ready yet.
JVB 2019-04-24 16:25:55.771 WARNING: [474] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can’t send a message
JVB 2019-04-24 16:26:24.018 WARNING: [132757] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with 158f60e0 not ready yet.
JVB 2019-04-24 16:26:24.018 WARNING: [132757] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can’t send a message
JVB 2019-04-24 16:26:24.018 WARNING: [132757] org.jitsi.videobridge.EndpointMessageTransport.log() SCTP connection with afea7958 not ready yet.
JVB 2019-04-24 16:26:24.018 WARNING: [132757] org.jitsi.videobridge.EndpointMessageTransport.log() No available transport channel, can’t send a message
JVB 2019-04-24 16:26:24.029 WARNING: [132047] org.jitsi.videobridge.IceUdpTransportManager.log() Cannot get transport type.

with tshark i can see traffic on port 10000
I also try after flushing the iptables rules but it is the same