Deffinative answer on Netgear DG824M Windows Messenger Voice/Video compatability sort

  • Thread starter Thread starter Moonshine
  • Start date Start date
M

Moonshine

Hi this is driving me loopy.

Prior to making a purchasing decision in favour of the DG824M I thought I'd done
my homework thoroughly and discovered that with the latest Firmware upgrade
(1.4.5) the uPnP functionality on the DG824M would work 100% with Windows
Messenger 4.7.

My experiences are proving to be far from reliable. This was bought to replace a
2 box modem/linksys solution that worked pretty much flawlessly but I wanted a
neater 1 box solution with wireless LAN.

I've clean built my PC and what I'm finding is I can occasionally get a
successful voice connection if I initiate it. Any incoming attempts will fail
and will also stop me from making an out going connection until I exit messenger
and sign in again.

Is this the normal state of affairs for the DG824M or are there people out there
for whom it is working 100% both inbound and outbound calling?

Thanks a lot
 
Moonshine said:
Hi this is driving me loopy.

Prior to making a purchasing decision in favour of the DG824M I thought
I'd done
my homework thoroughly and discovered that with the latest Firmware upgrade
(1.4.5) the uPnP functionality on the DG824M would work 100% with Windows
Messenger 4.7.

My experiences are proving to be far from reliable. This was bought to
replace a
2 box modem/linksys solution that worked pretty much flawlessly but I wanted a
neater 1 box solution with wireless LAN.

I've clean built my PC and what I'm finding is I can occasionally get a
successful voice connection if I initiate it. Any incoming attempts will fail
and will also stop me from making an out going connection until I exit
messenger
and sign in again.

Sounds like your firewall in the DG824M. By default the DG824M firewall
closes all incoming ports except http, ftp etc (but leaves all outgoing
ports open). Messenger requires ports 6891-6900 to be open - which isn't
a default condition.

Have a look in your logs for discarded packets addressed to these ports.
Set a rule opening the ports [1].
Is this the normal state of affairs for the DG824M or are there people
out there
for whom it is working 100% both inbound and outbound calling?

It's a not-bad idea to set up your 824 to e-mail you the log when it
gets full. I file mine so if there's something funny going on (like the
latest crop of viruses) I can determine what's happening.

Also disable ICF (and any software firewall you might have running. Some
folk have advised me that these don't make any difference - but they did
for me.

I should add that there's a whole bunch of information on this at
Microsoft's site - just do a search on 'Messenger ports'.
 
Moonshine said:
Hi this is driving me loopy.

Prior to making a purchasing decision in favour of the DG824M I thought
I'd done
my homework thoroughly and discovered that with the latest Firmware upgrade
(1.4.5) the uPnP functionality on the DG824M would work 100% with Windows
Messenger 4.7.

My experiences are proving to be far from reliable. This was bought to
replace a
2 box modem/linksys solution that worked pretty much flawlessly but I wanted a
neater 1 box solution with wireless LAN.

I've clean built my PC and what I'm finding is I can occasionally get a
successful voice connection if I initiate it. Any incoming attempts will fail
and will also stop me from making an out going connection until I exit
messenger
and sign in again.

Sounds like your firewall in the DG824M. By default the DG824M firewall
closes all incoming ports except http, ftp etc (but leaves all outgoing
ports open). Messenger requires ports 6891-6900 to be open - which isn't
a default condition.

Have a look in your logs for discarded packets addressed to these ports.
Set a rule opening the ports [1].
Is this the normal state of affairs for the DG824M or are there people
out there
for whom it is working 100% both inbound and outbound calling?

It's a not-bad idea to set up your 824 to e-mail you the log when it
gets full. I file mine so if there's something funny going on (like the
latest crop of viruses) I can determine what's happening.

Also disable ICF (and any software firewall you might have running. Some
folk have advised me that these don't make any difference - but they did
for me.

I should add that there's a whole bunch of information on this at
Microsoft's site - just do a search on 'Messenger ports'.

Hi Tony,

The whole point of uPnP is to dynamically open and map these ports as required -
as far as I was aware it shouldn't be necessary to configure specific firewall
rules.

I have looked at the Firewall config though and you have to specify a single
destination IP address on the LAN for these open ports - kind of defeats the
object of having the router.

Is that how you have yours set-up so only one designated PC can do Messenger
Voice/Video?
 
Moonshine said:
The whole point of uPnP is to dynamically open and map these ports as
required - as far as I was aware it shouldn't be necessary to configure
specific firewall rules.

I have looked at the Firewall config though and you have to specify a
single destination IP address on the LAN for these open ports - kind
of defeats the object of having the router.

Is that how you have yours set-up so only one designated PC can do
Messenger Voice/Video?

You can specify IP ranges. There's an example in the Reference Manual on
page 5-11. Alternatively you can specify individual machines (IPs) in
individual rules. Even better, you can specify what log entries are
written on Match. Not Match, Never and Always for each rule. You
probably already know that you do have to be aware of precedence in the
rule table ordering.

The 824M has one of the more comprehensive firewalls for it's price.
For example, you can route a service to a particular machine by using a
port extension to the IP in the rules (like they do on big systems).

The only thing that I'd have liked to have seen would be a default
setting all outgoing ports to closed (except 80), with an interactive
"do you want to open this port always/this time/never like Zone Alarm
has. With the ability of course to switch off the interactive mode off.

Trying to do this via the log is inordinately difficult at this time
(which you could otherwise do) because of the large number of log
entries occurring due to trojan viruses out there. I'm being bombarded
with port 135 to 139 attacks at the moment. I've even thought about
"allowing all" on incoming, then closing those other than the "safe"
ports - then I could specify which rules warranted a log entry.
 
Moonshine said:
The whole point of uPnP is to dynamically open and map these ports as
required - as far as I was aware it shouldn't be necessary to
configure specific firewall rules.

Half the point of a firewall is to prevent outside connections to
arbitrary ports.

Having said that, I believe there are consumer firewall appliances that
'understand' UPnP; however I have UPnP switched off - any new internet
technology introduced by Microsoft I consider to be seriously insecure
until I can convince myself otherwise by understanding it. I haven't
bothered to look into UPnP at all.
I have looked at the Firewall config though and you have to specify a
single destination IP address on the LAN for these open ports - kind
of defeats the object of having the router.

Rubbish. A router is a computer that has multiple IP interfaces, and
using a routing-table, sends packets arriving on one interface out on
another interface. Port-forwarding is not any job that a router is
supposed to know about.

Consumer firewall-routers all also perform NAT; that isn't specifically
a router's job. But if a router performs NAT, then incoming connections
either get blocked, or they get sent somewhere. The port-forwarding
table tells it where. Your complaint is about that feature, which allows
you to drill holes in the NAT firewall, but only if you know what port
the incoming traffic is expected on.

It's not reasonable to expect a consumer firewall appliance to
understand UPnP, unless it says so on the box (and then you should still
read the manual and the FAQs and the newsgroups before buying it - these
devices do *not* run the latest version of Windows).
 
You can specify IP ranges. There's an example in the Reference Manual on
page 5-11. Alternatively you can specify individual machines (IPs) in
individual rules. Even better, you can specify what log entries are
written on Match. Not Match, Never and Always for each rule. You
probably already know that you do have to be aware of precedence in the
rule table ordering.

The 824M has one of the more comprehensive firewalls for it's price.
For example, you can route a service to a particular machine by using a
port extension to the IP in the rules (like they do on big systems).

The only thing that I'd have liked to have seen would be a default
setting all outgoing ports to closed (except 80), with an interactive
"do you want to open this port always/this time/never like Zone Alarm
has. With the ability of course to switch off the interactive mode off.

Trying to do this via the log is inordinately difficult at this time
(which you could otherwise do) because of the large number of log
entries occurring due to trojan viruses out there. I'm being bombarded
with port 135 to 139 attacks at the moment. I've even thought about
"allowing all" on incoming, then closing those other than the "safe"
ports - then I could specify which rules warranted a log entry.

Tony,

First are you actually using your router for Windows Messenger Voice Video? I
appreciate you offereing this advise but I'm keen to know if it based on your
own practical experience or just from info in the manual?

As regards the setting of IP ranges I've looked again at the manual to ensure
I've not missed anything - the range setting is for WAN IP addresses not LAN IP
addresses. This is to allow you to define specific source IP addresses out in
the internet that are allowed to make the connection to the specific service you
define.

Please anyone else who has this working 100% please shout.
 
Moonshine said:
First are you actually using your router for Windows Messenger Voice
Video?

Yes. My wife uses video link-ups with her two daughters (different
locations) two or three times a week.
I appreciate you offereing this advise but I'm keen to know if it based
on your own practical experience or just from info in the manual?

See above.
As regards the setting of IP ranges I've looked again at the manual to
ensure I've not missed anything - the range setting is for WAN IP
addresses not LAN IP addresses.

You blind? Page 5-11?

Can you read the words "Outbound Services" and the words "Inbound
Services" (table headers) ?

Then of course each table allows you to enter service definitions in the
"LAN Users" and "Wan Users" columns as appropriate (for the Outbound
Services), and for the Inbound Services you have "LAN Server IP address"
and "WAN Users" columns.

And in both tables, the "Service Name" column indicates the
application/port identifier (you can use the port number where
appropriate [1]).

Not exactly rocket science :-)
This is to allow you to define specific source IP addresses out in the
internet that are allowed to make the connection to the specific
service you define.
Please anyone else who has this working 100% please shout.

Bloody hell.... I don't know why I bother :-)

Please carry on Pal.....

[1] This is especially useful where you're setting up a rule in
response to a log entry.
 
In message <[email protected]>, Tony Morgan

A thought has occurred to me... Please no comments :-)

You *are* running firmware post Version 1.3 Release 03. You should be on
Version 1.4 Release 05.

V1.3 R03 introduced UPnP support (which is required for Messenger).

Also ensure you have UPnP enabled and set up correctly (Advanced/UPnP
menu selection to bring up the entry pane). The DG824M *should* default
to enabled with the correct settings, but you might have knocked them
off :-)

Also make sure you're using the V1.4 Reference Manual (you can download
it from the Netgear site if you've got an old version)..
 
Another thought.... are you running Zone Alarm?

See
http://support.microsoft.com/default.aspx?scid=kb;en-us;324214

Hi Tony,

I flashed the Router up to the latest 1.4.5 firmware as soon as I got it, and
enabled UPnP too, no I'm not running any Personal Firewall software on the PC -
including the built-in windows Internet Connection Firewall.

If I swap back to the Linksys set-up everything works fine again.

I promise I've looked very carefully at the user guide, honest.

Yes I can see the options to configure Firewall rules for Outbound & Inbound.

For inbound rules (what we are interested in here) you can only set a single IP
address on the LAN interface for where you want to forward a specific range
ports on the WAN interface ( a Service). You can set a range of addresses on the
WAN side - this is so you can specify which remote sites you will allow to make
an inbound connection. This is not relevant here as any remote address could be
the originator.

Normally this option as it states is to allow you to designate a PC on the LAN
to be your WEB server and receive the inbound port 80 traffic, etc.

The example they use for Video Conference has a single PC (192.168.0.11)
configured to receive the CUSeeMe traffic, from a limited range of remote user
IP addresses 134.177.88.1 to 134.177.88.254. Even if this worked it would not be
what I want as I don't want only a single PC to be able to use Messenger Voice &
Video.

Unfortunately the guide has very little info on the workings of UPnP, but I can
assure you the whole point is for it to open these ports through the firewall
dynamically on your behalf, no manual configuration of the Firewall should be
necessary. If it doesn't do this then its UPnP implementation is broken. I have
read elsewhere that it suffered this one way operation, but I naively thought
this was fixed in this latest version of software.
 
Back
Top