No audio or video in NAT self hosted install

Hello,

I have just installed a jitsi server in a Linux container (LXD). I can create meeting rooms and people can join me, but nobody can see or hear each other, despite the fact that all of us have enabled our mic and camera. I have tried a two people conference and another one with three people.

I have opened and forwarded (proxied) these ports in the host to the jitsi container using a LXD proxy:

  • publicIp:80(tcp) → 127.0.0.1:80 (container)

  • publicIp:443(tcp) → 127.0.0.1:443 (container)

  • publicIp:4443(tcp) → 127.0.0.1:4443 (container)

  • publicIp:3478(udp) → 127.0.0.1:3478 (container)

  • publicIp:5439(tcp) → 127.0.0.1:5439 (container)

  • publicIp:10000(udp) → 127.0.0.1:10000 (container)

      # lxc config device show call
    
      jitsi:80:
        connect: tcp:127.0.0.1:80
        listen: tcp:publicIP:80
        proxy_protocol: "true"
        type: proxy
      jitsi:443:
        connect: tcp:127.0.0.1:443
        listen: tcp:publicIP:443
        proxy_protocol: "true"
        type: proxy
      jitsi:3478:
        connect: udp:127.0.0.1:3478
        listen: udp:publicIP:3478
        type: proxy
      jitsi:4443:
        connect: tcp:127.0.0.1:4443
        listen: tcp:publicIP:4443
        type: proxy
      jitsi:5439:
        connect: tcp:127.0.0.1:5439
        listen: tcp:publicIP:5439
        type: proxy
      jitsi:10000:
        connect: udp:127.0.0.1:10000
        listen: udp:publicIP:10000
        type: proxy
    

When a conection is received in the publicIp on any of the ports above, it is forwarded to the container’s localhost interface (127.0.0.1).

The container is listening on these ports:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      105/lua5.2
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      132/nginx: master p
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      105/lua5.2
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      105/lua5.2
tcp        0      0 10.236.142.187:5349     0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 10.236.142.187:5349     0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 127.0.0.1:5349          0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      105/lua5.2
tcp        0      0 10.236.142.187:5350     0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 10.236.142.187:5350     0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 127.0.0.1:5350          0.0.0.0:*               LISTEN      120/turnserver
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      132/nginx: master p
tcp6       0      0 :::5269                 :::*                    LISTEN      105/lua5.2
tcp6       0      0 :::8888                 :::*                    LISTEN      86/java
tcp6       0      0 :::443                  :::*                    LISTEN      132/nginx: master p
tcp6       0      0 :::5280                 :::*                    LISTEN      105/lua5.2
tcp6       0      0 :::9090                 :::*                    LISTEN      108/java
tcp6       0      0 ::1:5347                :::*                    LISTEN      105/lua5.2
tcp6       0      0 ::1:5349                :::*                    LISTEN      120/turnserver
tcp6       0      0 ::1:5349                :::*                    LISTEN      120/turnserver
tcp6       0      0 :::5222                 :::*                    LISTEN      105/lua5.2
tcp6       0      0 ::1:5350                :::*                    LISTEN      120/turnserver
tcp6       0      0 ::1:5350                :::*                    LISTEN      120/turnserver
tcp6       0      0 127.0.0.1:8080          :::*                    LISTEN      108/java
tcp6       0      0 :::80                   :::*                    LISTEN      132/nginx: master p
sctp                ::1:5349                                        LISTEN      120/turnserver
sctp                10.236.142.187:5349                             LISTEN      120/turnserver
sctp                127.0.0.1:5349                                  LISTEN      120/turnserver
sctp                ::1:5350                                        LISTEN      120/turnserver
sctp                10.236.142.187:5350                             LISTEN      120/turnserver
sctp                127.0.0.1:5350                                  LISTEN      120/turnserver
udp        0      0 0.0.0.0:5000            0.0.0.0:*                           108/java
udp        0      0 10.236.142.187:5349     0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:5349     0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:5349          0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:5349          0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:5350     0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:5350     0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:5350          0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:5350          0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:3478     0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:3478     0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:3478          0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:3478          0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:3479     0.0.0.0:*                           120/turnserver
udp        0      0 10.236.142.187:3479     0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:3479          0.0.0.0:*                           120/turnserver
udp        0      0 127.0.0.1:3479          0.0.0.0:*                           120/turnserver
udp        0      0 0.0.0.0:68              0.0.0.0:*                           68/dhclient
udp6       0      0 :::51527                :::*                                86/java
udp6       0      0 :::5000                 :::*                                108/java
udp6       0      0 ::1:5349                :::*                                120/turnserver
udp6       0      0 ::1:5349                :::*                                120/turnserver
udp6       0      0 ::1:5350                :::*                                120/turnserver
udp6       0      0 ::1:5350                :::*                                120/turnserver
udp6       0      0 ::1:3478                :::*                                120/turnserver
udp6       0      0 ::1:3478                :::*                                120/turnserver
udp6       0      0 ::1:3479                :::*                                120/turnserver
udp6       0      0 ::1:3479                :::*                                120/turnserver
udp6       0      0 10.236.142.187:10000    :::*                                108/java

Whereas ports 80 and 443 are opened on all network interfaces (including 127.0.0.1) the 10000/udp is opened only on 10.236.142.187 which is, by the way, the private IP of the container.

I believe this can be a problem, as I am proxying the conection on the public side to 127.0.0.1 on the local side.

How can I force to open 10000/udp on 127.0.0.1?
Do I have to open/forward other ports?

Regards,

YEs, port 10000 has to be accessible from your public IP. I don’t know how to enable that in an LXD environment, sorry.

Thank you. The 10000/udp traffic wasn’t arrived to the container, that was the reason why I couldn’t hear and see anything. I changed the port forwarding to pass the traffic on port 10000 to the container and now it’s working.

Hi there,

I still have not been able to make the videobridge (udp/10000) listen on the local IP (127.0.0.1). Can I pick your brains to do that?

netstat -ln|grep 10000
udp6       0      0 10.236.143.187:10000    :::*                                136/java

Regards,

If you make videobridge listen to localhost your deployment will stop working. Videobridge should be accessible from the public ip address so web clients can reach it and send media to it.

Hi,

The jvb is running inside a LXD container with a private IP, and I’m forwarding the traffic on the public IP to the 10000/udp port on localhost, because the private container’s IP could change. That’s why I need to make jvb to listen on localhost.

Regards

I’m not sure you can do that here is what you can do: ice4j/configuration.md at master · jitsi/ice4j · GitHub
@Boris_Grozev can you force jvb to listen to localhost only?

you must be doing special with LXD because I have never seen this occurring and I use default LXD DHCP. The Mac address never changes hence the same IP is always attributed.

You are right, the DHCP server always gives each container the same IP, but you can change It if you need to. Anyway, I know I can forward the public Port to the private IP of the container, but I wonder whether is possible to make jvb to listen also on localhost. I don’t mind if It also listens on the others container’s IP.

Hello @damencho,

Eventually, I have forwarded the port on the public IP to the private IP of the container instead of using the localhost interface, as I could not make the video bridge server listen on localhost. I tried both the org.ice4j.ice.harvest.ALLOWED_INTERFACES and the org.ice4j.ice.harvest.ALLOWED_ADDRESSES options, but neither of them worked; whenever I set up the video bridge server to listen on the localhost interface, the port is not opened. Thus, it seems that the video bridge code blacklists the localhost interface.

Anyway, it is working now. I really appreciate your help.

Regards,