Hi this is driving me loopy.

Prior to making a purchasing decision in favour of the DG824M I thought I'd done
my homework thoroughly and discovered that with the latest Firmware upgrade
(1.4.5) the uPnP functionality on the DG824M would work 100% with Windows
Messenger 4.7.

My experiences are proving to be far from reliable. This was bought to replace a
2 box modem/linksys solution that worked pretty much flawlessly but I wanted a
neater 1 box solution with wireless LAN.

I've clean built my PC and what I'm finding is I can occasionally get a
successful voice connection if I initiate it. Any incoming attempts will fail
and will also stop me from making an out going connection until I exit messenger
and sign in again.

Is this the normal state of affairs for the DG824M or are there people out there
for whom it is working 100% both inbound and outbound calling?

Thanks a lot

In message <12n6mvguvaakto275nkhcjseqkb0eqolu9@4ax.com>, Moonshine
<newsrover@default.com> writes
Sounds like your firewall in the DG824M. By default the DG824M firewall
closes all incoming ports except http, ftp etc (but leaves all outgoing
ports open). Messenger requires ports 6891-6900 to be open - which isn't
a default condition.

Have a look in your logs for discarded packets addressed to these ports.
Set a rule opening the ports [1].
It's a not-bad idea to set up your 824 to e-mail you the log when it
gets full. I file mine so if there's something funny going on (like the
latest crop of viruses) I can determine what's happening.

Also disable ICF (and any software firewall you might have running. Some
folk have advised me that these don't make any difference - but they did
for me.

I should add that there's a whole bunch of information on this at
Microsoft's site - just do a search on 'Messenger ports'.
--
Tony Morgan
Smile in the face of adversity - and adversity will probably
think you're taking the piss and kick the shit out of you.

On Sat, 13 Sep 2003 20:23:20 +0100, Tony Morgan <tonymorgan@dsl.pipex.com>
wrote:

Hi Tony,

The whole point of uPnP is to dynamically open and map these ports as required -
as far as I was aware it shouldn't be necessary to configure specific firewall
rules.

I have looked at the Firewall config though and you have to specify a single
destination IP address on the LAN for these open ports - kind of defeats the
object of having the router.

Is that how you have yours set-up so only one designated PC can do Messenger
Voice/Video?

In message <e5t6mv45ah4afil8ausc7vecaeu9sfcfu0@4ax.com>, Moonshine
<newsrover@default.com> writes
You can specify IP ranges. There's an example in the Reference Manual on
page 5-11. Alternatively you can specify individual machines (IPs) in
individual rules. Even better, you can specify what log entries are
written on Match. Not Match, Never and Always for each rule. You
probably already know that you do have to be aware of precedence in the
rule table ordering.

The 824M has one of the more comprehensive firewalls for it's price.
For example, you can route a service to a particular machine by using a
port extension to the IP in the rules (like they do on big systems).

The only thing that I'd have liked to have seen would be a default
setting all outgoing ports to closed (except 80), with an interactive
"do you want to open this port always/this time/never like Zone Alarm
has. With the ability of course to switch off the interactive mode off.

Trying to do this via the log is inordinately difficult at this time
(which you could otherwise do) because of the large number of log
entries occurring due to trojan viruses out there. I'm being bombarded
with port 135 to 139 attacks at the moment. I've even thought about
"allowing all" on incoming, then closing those other than the "safe"
ports - then I could specify which rules warranted a log entry.

--
Tony Morgan
Smile in the face of adversity - and adversity will probably
think you're taking the piss and kick the shit out of you.

Moonshine wrote:
Half the point of a firewall is to prevent outside connections to
arbitrary ports.

Having said that, I believe there are consumer firewall appliances that
'understand' UPnP; however I have UPnP switched off - any new internet
technology introduced by Microsoft I consider to be seriously insecure
until I can convince myself otherwise by understanding it. I haven't
bothered to look into UPnP at all.
Rubbish. A router is a computer that has multiple IP interfaces, and
using a routing-table, sends packets arriving on one interface out on
another interface. Port-forwarding is not any job that a router is
supposed to know about.

Consumer firewall-routers all also perform NAT; that isn't specifically
a router's job. But if a router performs NAT, then incoming connections
either get blocked, or they get sent somewhere. The port-forwarding
table tells it where. Your complaint is about that feature, which allows
you to drill holes in the NAT firewall, but only if you know what port
the incoming traffic is expected on.

It's not reasonable to expect a consumer firewall appliance to
understand UPnP, unless it says so on the box (and then you should still
read the manual and the FAQs and the newsgroups before buying it - these
devices do *not* run the latest version of Windows).

--
Jack.

On Sat, 13 Sep 2003 22:04:46 +0100, Tony Morgan <tonymorgan@dsl.pipex.com>
wrote:

Tony,

First are you actually using your router for Windows Messenger Voice Video? I
appreciate you offereing this advise but I'm keen to know if it based on your
own practical experience or just from info in the manual?

As regards the setting of IP ranges I've looked again at the manual to ensure
I've not missed anything - the range setting is for WAN IP addresses not LAN IP
addresses. This is to allow you to define specific source IP addresses out in
the internet that are allowed to make the connection to the specific service you
define.

Please anyone else who has this working 100% please shout.

In message <8fc8mv4jmv97mibfgqlcbhob09m5ulhki1@4ax.com>, Moonshine
<newsrover@default.com> writes
Yes. My wife uses video link-ups with her two daughters (different
locations) two or three times a week.

See above.
You blind? Page 5-11?

Can you read the words "Outbound Services" and the words "Inbound
Services" (table headers) ?

Then of course each table allows you to enter service definitions in the
"LAN Users" and "Wan Users" columns as appropriate (for the Outbound
Services), and for the Inbound Services you have "LAN Server IP address"
and "WAN Users" columns.

And in both tables, the "Service Name" column indicates the
application/port identifier (you can use the port number where
appropriate [1]).

Not exactly rocket science :-)

Bloody hell.... I don't know why I bother :-)

Please carry on Pal.....

[1] This is especially useful where you're setting up a rule in
response to a log entry.

--
Tony Morgan
Smile in the face of adversity - and adversity will probably
think you're taking the piss and kick the shit out of you.

In message <E+RYL8EGPIZ$EwvD@aoyh98.dsl.pipex.com>, Tony Morgan
<tonymorgan@dsl.pipex.com> writes

A thought has occurred to me... Please no comments :-)

You *are* running firmware post Version 1.3 Release 03. You should be on
Version 1.4 Release 05.

V1.3 R03 introduced UPnP support (which is required for Messenger).

Also ensure you have UPnP enabled and set up correctly (Advanced/UPnP
menu selection to bring up the entry pane). The DG824M *should* default
to enabled with the correct settings, but you might have knocked them
off :-)

Also make sure you're using the V1.4 Reference Manual (you can download
it from the Netgear site if you've got an old version)..

--
Tony Morgan
Smile in the face of adversity - and adversity will probably
think you're taking the piss and kick the shit out of you.

In message <Oe0aThGQiIZ$EwNz@aoyh98.dsl.pipex.com>, Tony Morgan
<tonymorgan@dsl.pipex.com> writes
Another thought.... are you running Zone Alarm?

See
http://support.microsoft.com/default...b;en-us;324214
--
Tony Morgan
Smile in the face of adversity - and adversity will probably
think you're taking the piss and kick the shit out of you.

On Sun, 14 Sep 2003 22:21:51 +0100, Tony Morgan <tonymorgan@dsl.pipex.com>
wrote:

Hi Tony,

I flashed the Router up to the latest 1.4.5 firmware as soon as I got it, and
enabled UPnP too, no I'm not running any Personal Firewall software on the PC -
including the built-in windows Internet Connection Firewall.

If I swap back to the Linksys set-up everything works fine again.

I promise I've looked very carefully at the user guide, honest.

Yes I can see the options to configure Firewall rules for Outbound & Inbound.

For inbound rules (what we are interested in here) you can only set a single IP
address on the LAN interface for where you want to forward a specific range
ports on the WAN interface ( a Service). You can set a range of addresses on the
WAN side - this is so you can specify which remote sites you will allow to make
an inbound connection. This is not relevant here as any remote address could be
the originator.

Normally this option as it states is to allow you to designate a PC on the LAN
to be your WEB server and receive the inbound port 80 traffic, etc.

The example they use for Video Conference has a single PC (192.168.0.11)
configured to receive the CUSeeMe traffic, from a limited range of remote user
IP addresses 134.177.88.1 to 134.177.88.254. Even if this worked it would not be
what I want as I don't want only a single PC to be able to use Messenger Voice &
Video.

Unfortunately the guide has very little info on the workings of UPnP, but I can
assure you the whole point is for it to open these ports through the firewall
dynamically on your behalf, no manual configuration of the Firewall should be
necessary. If it doesn't do this then its UPnP implementation is broken. I have
read elsewhere that it suffered this one way operation, but I naively thought
this was fixed in this latest version of software.

"Moonshine" <newsrover@default.com> wrote in message
news:12n6mvguvaakto275nkhcjseqkb0eqolu9@4ax.com...

I have been successfully using the DG824M (version 1.4 release 01 firmware)
with MSN Messenger 6. I can initiate and receive video and audio streams if
UPnP is enabled. I can look at the UPnP portmap table and see that UPnP has
opened up the appropriate ports on the router.

I would not say that it is 100% successful however. From time to time
during 2-way web-cam and audio the firewall reports a 'UDP Flood' and stops
the UDP streams for long enough to interrupt the audio and video connection.
There is no ability (in release 1.4 firmware 01) to increase or decrease the
sensitivity of the detection of 'large' amounts of UDP traffic. I have
raised the issue with Netgear who have advised me to upgrade to the latest
firmware, but I can't see from the release notes how that would help.

Hi all

OK MSN Messenger through the DG824M router.

You can do it two ways. You can certainly add port translations fo
the appropriate IP ports for this router if you have staticly set an I
address to map it back to within your own private range, however, if yo
have lots of machines and DHCP enabled, the IP might get snapped up b
another computer from time to time. UPNP seems to be the way to go
however, I have found that the UPNP Advertisement Period is way t
high. I set it to 5 minutes and video / voice works a charm.

Hope this is helpful

Darre

--
Darren1980