I am behind a firewall which load balances between two different ISPs (internet service providers). This works well overall, and has consistently done so for years.
However, for Jami it would seem there is a problem. It turns out one ISP seems to “block” Jami.
Based on this information, I created a series of outgoing firewall rules which I thought, based on the above, should have resolved the issue by sending all calls to these ports to the “good” ISP.
Here are the rules, which appear at the top of the rules list, therefore they are always processed:
I don’t have an experience with load balancing, but could it be that you initiate one transaction through one of the ISP, then the balancer tries to continue it via the other one, resulting maybe in a different ‘return address’ of sorts which prevents proper handshake?
Thank you so much for your kind input. Much obliged.
You are quite correct in your hypothesis, but it is one I’ve tested. When all traffic is sent to the “bad” ISP, connectivity in Jami fails. When all traffic is sent to the “good” ISP, connectivity in Jami is restored.
Hence my issue, and my search to find out what ports, etc. Jami uses. Having found the documentation regarding this, it feels a bit like Jami is doing something else which I cannot tie down which means even though I have rules in place, something is evading them.
This isn’t a software failure as such, so I’m hesitant to place it on git.jami.net. I’m wondering if the documentation is missing a small something somewhere…
I’m hopeful someone at Savoir-faire Linux might be able to shed some light.
Interestingly, the “bad” ISP also blocks the www.jami.net site. I either have to use Tor or the “good” ISP to view. I really don’t know what the folks at the “bad” ISP think they’re doing. And getting answers from them is like getting blood from a stone.
I think I have it. It was making my response to Herve5 which got me thinking further. Because I have OpenDHT proxy and TURN enabled, Jami is making calls to