magicJack  and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index

magicJack and magicJack Plus Support, Reviews, FAQs and Hacks


magicJack and magicJack Plus Unofficial Technical Support. Your Magic Jack and Magic Jack Plus phone service information resource
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Select destination proxy--quick and dirty hack



 
Post new topic   Reply to topic    magicJack and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index -> magicJack Tips, Tricks, and Hacks
View previous topic :: View next topic  
Author Message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Thu Jan 08, 2009 10:15 pm    Post subject: Select destination proxy--quick and dirty hack Reply with quote

When the softphone starts, it goes like

1. Connect to a provision server
2. The provision server returns a list of available proxies
3. Connect to one of the servers in step2 to register and make calls.

There was a time that the list we got in step2 is in terms of domain name(like proxy1.cityname.talk4free.com) so we can manipulate them with local hosts file, however, its not possible now as the return value is IP address, and, how does the softphone select proxy in step3 is still quite a mystery.

So here is the quick fix--block all unwanted proxies address and left only the ones we want.

The proxy list can be found in memory dump, just search "SIPProxyURI=". To block an IP address in Windows, the quickest way is to use route command.

below is the command to block ALL proxies, save it as a bat file.
*192.168.1.2 is some non-exist ip address in your Lan, sorry, not sure about the case of direct connection, but I assume it would be the same.

Code:

route -p add 216.234.70.8 mask 255.255.255.255 192.168.1.2
route -p add 67.106.133.198 mask 255.255.255.255 192.168.1.2
route -p add 67.88.208.198 mask 255.255.255.255 192.168.1.2
route -p add 67.88.10.198 mask 255.255.255.255 192.168.1.2
route -p add 71.5.113.6 mask 255.255.255.255 192.168.1.2
route -p add 67.109.32.70 mask 255.255.255.255 192.168.1.2
route -p add 67.88.218.6 mask 255.255.255.255 192.168.1.2
route -p add 67.90.152.70 mask 255.255.255.255 192.168.1.2
route -p add 67.91.177.70 mask 255.255.255.255 192.168.1.2
route -p add 67.90.16.6 mask 255.255.255.255 192.168.1.2
route -p add 71.5.91.70 mask 255.255.255.255 192.168.1.2
route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.2
route -p add 67.88.84.6 mask 255.255.255.255 192.168.1.2
route -p add 67.91.96.134 mask 255.255.255.255 192.168.1.2
route -p add 216.234.78.8 mask 255.255.255.255 192.168.1.2
route -p add 67.90.80.134 mask 255.255.255.255 192.168.1.2
route -p add 67.110.56.198 mask 255.255.255.255 192.168.1.2
route -p add 67.107.71.134 mask 255.255.255.255 192.168.1.2
route -p add 207.155.164.198 mask 255.255.255.255 192.168.1.2
route -p add 67.107.82.70 mask 255.255.255.255 192.168.1.2
route -p add 216.234.79.8 mask 255.255.255.255 192.168.1.2
route -p add 216.234.64.8 mask 255.255.255.255 192.168.1.2
route -p add 67.88.183.70 mask 255.255.255.255 192.168.1.2
route -p add 64.1.213.70 mask 255.255.255.255 192.168.1.2
route -p add 67.91.233.134 mask 255.255.255.255 192.168.1.2
route -p add 67.108.236.70 mask 255.255.255.255 192.168.1.2
route -p add 66.104.96.198 mask 255.255.255.255 192.168.1.2
route -p add 67.90.177.70 mask 255.255.255.255 192.168.1.2
route -p add 67.111.81.6 mask 255.255.255.255 192.168.1.2
route -p add 67.88.11.6 mask 255.255.255.255 192.168.1.2


so to use a certain proxy, modify the file and comment out the line by adding a "rem" at the front, like:
Code:

rem route -p add 67.90.177.70 mask 255.255.255.255 192.168.1.2

this will force magicJack to use Washington proxy only(proxy1.washington.talk4free.com, 67.90.177.70). I do suggest you to comment out at least 2 lines as failsafe measure.

To remove the blocks
Code:

route delete 216.234.70.8       
route delete 67.106.133.198     
route delete 67.88.208.198       
route delete 67.88.10.198       
route delete 71.5.113.6         
route delete 67.109.32.70       
route delete 67.88.218.6         
route delete 67.90.152.70       
route delete 67.91.177.70       
route delete 67.90.16.6         
route delete 71.5.91.70         
route delete 66.104.81.70       
route delete 67.88.84.6         
route delete 67.91.96.134       
route delete 216.234.78.8       
route delete 67.90.80.134       
route delete 67.110.56.198       
route delete 67.107.71.134       
route delete 207.155.164.198     
route delete 67.107.82.70       
route delete 216.234.79.8       
route delete 216.234.64.8       
route delete 67.88.183.70       
route delete 64.1.213.70         
route delete 67.91.233.134       
route delete 67.108.236.70       
route delete 66.104.96.198   
route delete 67.90.177.70       
route delete 67.111.81.6         
route delete 67.88.11.6         


Above can be done in Vista as well, but slightly differnt. Our blackhole(192.168.1.2) needed to be some valid working IP in the lan but not the own system ip/127.0.0.1 or the gateway. Please refer to this post for more details. Also make sure to run the bat file(or command prompt) as administrator.

Another way in Vista(and Windows XP Pro) is to use IPSec. Read this post for details(the download file is a preset IPSec policy file).

If you're running a linux-based router, this can also be done via iptables--below is the script, blocking all the proxies, change it accordingly.

Code:

/usr/sbin/iptables -I FORWARD -d  216.234.70.8 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.106.133.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.208.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.10.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  71.5.113.6 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.109.32.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.218.6 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.90.152.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.91.177.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.90.16.6 -j DROP
/usr/sbin/iptables -I FORWARD -d  71.5.91.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  66.104.81.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.84.6 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.91.96.134 -j DROP
/usr/sbin/iptables -I FORWARD -d  216.234.78.8 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.90.80.134 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.110.56.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.107.71.134 -j DROP
/usr/sbin/iptables -I FORWARD -d  207.155.164.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.107.82.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  216.234.79.8 -j DROP
/usr/sbin/iptables -I FORWARD -d  216.234.64.8 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.183.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  64.1.213.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.91.233.134 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.108.236.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  66.104.96.198 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.90.177.70 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.111.81.6 -j DROP
/usr/sbin/iptables -I FORWARD -d  67.88.11.6 -j DROP


Known issue:
takes longer to register, in my test, around 1-2 minutes delay.


Last edited by pagemen on Fri Jan 30, 2009 8:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Jan 08, 2009 10:47 pm    Post subject: Re: Select destination proxy--quick and dirty hack Reply with quote

pagemen wrote:
So here is the quick fix--block all unwanted proxies address and left only the ones we want.


Very clever. I made a note to add it to the wiki (a bit short on time right now).

Mark
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Fri Jan 09, 2009 4:12 am    Post subject: Reply with quote

The only problem with blocking all the others is that they change. I don't know if that list is randomly generated with the exception of the first, but even as they add more, you'll have to keep it up to date. More maintenance than I'd care to do. Hence why redirecting the first tends to work better rather than using this inefficient way of rerouting.
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Fri Jan 09, 2009 8:11 pm    Post subject: Reply with quote

**update**
I've managed to completely reroute the primary ip rather than block it and almost all the rest. I can call out just fine, receive rings in, however, I cannot hear anyone calling back in. So we're left to this method or code injection.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Jan 09, 2009 8:28 pm    Post subject: Reply with quote

Trebuin wrote:
The only problem with blocking all the others is that they change.


The same problem with using the host file (before MJ began using IP addresses instead of hostnames).

If addresses change, just use dsnlookup to find the new IP address. Same thing you would have had to do with the host file.

I think it's a good solution. But, I haven't tried it yet.

I'm hoping to keep a regularly updated list of proxies and their IP addresses on the wiki.

Mark
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Fri Jan 09, 2009 8:32 pm    Post subject: Reply with quote

Here's something fun (or disturbing) I've discovered:

If I reroute my proxy and I call out, everything works fine. If I do the same and someone calls me, they can't here me, I can't hear them, but I can hear the third person in LA that picked up. They're really freaking out Sad
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Fri Jan 09, 2009 9:23 pm    Post subject: Reply with quote

OK, this method only works for me if I block the vms1 ports. Confirmed with both sets of codes. I've ran into problems blocking the proxy, but blocking the other will reroute.

Last edited by Trebuin on Fri Jan 09, 2009 9:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Jan 09, 2009 9:31 pm    Post subject: Reply with quote

Trebuin wrote:
OK, this method only works for me if I block the vms1 ports.


I have no idea what method you're talking about. Pageman's original suggestion to block proxies? Or, your idea to do something different?

Mark
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Sat Jan 10, 2009 12:07 am    Post subject: Reply with quote

ok, after tons of work, blocking the proxy1 addresses will work...the problem is the route -p add argument is only working for me for a very short time and then magicjack will connect back to the proxy I don't want it to. Still working on that fix.
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Sat Jan 10, 2009 12:35 am    Post subject: Reply with quote

route -p should be permanent and persist with reboot...

another way is to use IP security policies----but its not available on certain Windows versions. 3rd party firewall should work for the purpose as well.
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Sat Jan 10, 2009 1:06 am    Post subject: Reply with quote

pagemen wrote:
route -p should be permanent and persist with reboot...

another way is to use IP security policies----but its not available on certain Windows versions. 3rd party firewall should work for the purpose as well.


I'm trying to finetune this solution as more than just I will be using it. However; it works sometimes, and doesn't other times across boots. This is totally strange. The persistence is holding, but I'm finding out that windows itself is flawed as it is trying more than just one route to find the address, so I get the first ping blocked, but every other one will succeed.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sat Jan 10, 2009 1:08 am    Post subject: Reply with quote

Trebuin wrote:
it works sometimes, and doesn't other times across boots.


Put the route commands in a .bat file and add that file to your startup folder?

Mark
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Sat Jan 10, 2009 1:26 am    Post subject: Reply with quote

Trebuin wrote:
pagemen wrote:
route -p should be permanent and persist with reboot...

another way is to use IP security policies----but its not available on certain Windows versions. 3rd party firewall should work for the purpose as well.


I'm trying to finetune this solution as more than just I will be using it. However; it works sometimes, and doesn't other times across boots. This is totally strange. The persistence is holding, but I'm finding out that windows itself is flawed as it is trying more than just one route to find the address, so I get the first ping blocked, but every other one will succeed.


yes, you're right
i tried the solution on XP(my test tesbed system), and it works great
however, under Vista, only the first ping will get blocked.
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Sat Jan 10, 2009 1:31 am    Post subject: Reply with quote

pagemen wrote:
Trebuin wrote:
pagemen wrote:
route -p should be permanent and persist with reboot...

another way is to use IP security policies----but its not available on certain Windows versions. 3rd party firewall should work for the purpose as well.


I'm trying to finetune this solution as more than just I will be using it. However; it works sometimes, and doesn't other times across boots. This is totally strange. The persistence is holding, but I'm finding out that windows itself is flawed as it is trying more than just one route to find the address, so I get the first ping blocked, but every other one will succeed.


yes, you're right
i tried the solution on XP(my test tesbed system), and it works great
however, under Vista, only the first ping will get blocked.


So it's a vista flaw, I'm running a 64-bit. I using the batch, quicker to make changes. I also found some threads saying that it really doesn't work well so the option is use your firewall...software or hardware. Somehow, your code for iptables didn't work either...but I'll try it again in a few hours to make sure I didn't do something wrong.
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Sat Jan 10, 2009 1:42 am    Post subject: Reply with quote

no idea why iptables wouldn't work...though i didn't try it actually. Can you try "-I FORWARD" instead of "-A FORWARD"?

for vista+route, i think here is the reason:

http://forums.techarena.in/windows-vista-network/920045.htm
Quote:

I think i've got the solution...
XP accepts all target IPs (from local subnet) and routes blindly (thus
blocks) whereas Vista strictly needs a valid target IP (your own local IP
for example). If its invalid (no connection), vista will (most likely) fall
back to the next valid route to fix that.

Just a guess but at least it works. Smile


so to block the IP address in Vista:
Code:

route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.100


this will work, where 192.168.1.100 is another VALID ip address in the lan, which can't be 127.0.0.1 or my own ip address. Sad
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Sat Jan 10, 2009 4:25 am    Post subject: Reply with quote

Sorry about the delay. Anyhow, I've tried all combinations of invalid ips, from 127.0.0.1, 192.236.2.1 (from your example) 192.236.3.1 (invalid based on my gateway) 192.236.3.199 (my allowable range goes from 100-199, 199 was unassigned) no joy yet.
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Sat Jan 10, 2009 4:56 am    Post subject: Reply with quote

Trebuin wrote:
Sorry about the delay. Anyhow, I've tried all combinations of invalid ips, from 127.0.0.1, 192.236.2.1 (from your example) 192.236.3.1 (invalid based on my gateway) 192.236.3.199 (my allowable range goes from 100-199, 199 was unassigned) no joy yet.


sorry i might not get it clear
u need a VALID, working IP in the lan, but not the own system ip/127.0.0.1 or the gateway
for example, the mj system is 192.168.1.5 and there is another PC at 192.168.1.10

so
Code:

route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.2


will not work because once Vista find 1.2 is not accessible it will fall back for another route

however,
Code:

route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.10

will work as 1.10 is accessible, so Vista just do the re-routing and won't try the fallback route.

my test(vista 32bit)

Code:

C:\>ping 192.168.1.10

Pinging 192.168.1.10 with 32 bytes of data:
Reply from 192.168.1.10: bytes=32 time<1ms TTL=250
Reply from 192.168.1.10: bytes=32 time<1ms TTL=250
Reply from 192.168.1.10: bytes=32 time<1ms TTL=250
Reply from 192.168.1.10: bytes=32 time<1ms TTL=250

Ping statistics for 192.168.1.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.10
 OK!

C:\>ping 66.104.81.70

Pinging 66.104.81.70 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 66.104.81.70:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>route delete 66.104.81.70
 OK!

C:\>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.5: Destination host unreachable.
Reply from 192.168.1.5: Destination host unreachable.
Reply from 192.168.1.5: Destination host unreachable.
Reply from 192.168.1.5: Destination host unreachable.

Ping statistics for 192.168.1.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\>route -p add 66.104.81.70 mask 255.255.255.255 192.168.1.2
 OK!

C:\>ping  66.104.81.70

Pinging 66.104.81.70 with 32 bytes of data:
Reply from 192.168.1.5: Destination host unreachable.
Reply from 66.104.81.70: bytes=32 time=27ms TTL=50
Reply from 66.104.81.70: bytes=32 time=27ms TTL=50
Reply from 66.104.81.70: bytes=32 time=27ms TTL=50

Ping statistics for 66.104.81.70:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 27ms, Maximum = 27ms, Average = 27ms

C:\>


Anyway, IPSec might be a better solution under Vista...seems that its available in all versions.
Back to top
View user's profile Send private message
Trebuin
MagicJack Contributor


Joined: 21 May 2008
Posts: 53

PostPosted: Sat Jan 10, 2009 5:48 am    Post subject: Reply with quote

Hey, thanks, that's more clear. I gave the iptables a try with the -i and it worked fantastic. My firewall showed mj pinging every proxy till it hit one that worked, then it worked just fine. Took about 2 mins to start up.

I don't know if I'll be able to use that vista trick as I don't have a second computer online all the time that stays the same ip. My printer is the only candidate and if I can make it a static ip, I'll give it a try and let you know.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sun Jan 11, 2009 1:59 pm    Post subject: Re: Select destination proxy--quick and dirty hack Reply with quote

pagemen wrote:
The proxy list can be found in memory dump, just search "SIPProxyURI=".


That's pretty cool. I just noticed that it's also possible to find which proxy you use by

1) Make a call.
2) Do the dump (using pmdump, http://www.ntsecurity.nu/toolbox/pmdump/).
3) Using a text editor like www.textpad.com, search the dump for "s=ENSResip" (occuring at the start of any line in the dump).

That string occurs in repeating blocks of information, sandwiched between lines starting with "o=" and "c=". Those lines contain the proxy and vms server IP addresses respectively. A person can get those addresses and resolve them to hostnames at http://www.kloth.net/services/nslookup.php

It's always bothered me that there wasn't an easy way to conclusively know which proxy you're using. The only way was to use Wireshark, which is a bit too much work for many people. (Tomato users are lucky because Tomato lets you see the connections in its QoS charts/details.). The above method isn't bad. Even the simplest user could do that.

I'll write a wiki "how-to" for finding your proxy. I'll move the background info currently in the VPN how-to into this one. Refer the VPN how-to to this one. And, then write a how-to change the proxy using the information you presented here, and refer to the "finding your proxy" how to.

And then an FAQ "how do I find/change my proxy" referring to those two how-tos.

Mark
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sun Jan 11, 2009 11:15 pm    Post subject: Reply with quote

pagemen wrote:
sorry i might not get it clear
u need a VALID, working IP in the lan, but not the own system ip/127.0.0.1 or the gateway
for example, the mj system is 192.168.1.5 and there is another PC at 192.168.1.10


Just curious. Can you route the MJ IP address to a working WAN address? I.e., does it have to be a LAN address? Can a Vista user route it to Yahoo (or something) just to make the SIP connection fail?

Mark
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Sun Jan 11, 2009 11:40 pm    Post subject: Reply with quote

az2008 wrote:
pagemen wrote:
sorry i might not get it clear
u need a VALID, working IP in the lan, but not the own system ip/127.0.0.1 or the gateway
for example, the mj system is 192.168.1.5 and there is another PC at 192.168.1.10


Just curious. Can you route the MJ IP address to a working WAN address? I.e., does it have to be a LAN address? Can a Vista user route it to Yahoo (or something) just to make the SIP connection fail?

Mark


no, it has to be a LAN address, WAN wouldn't work...

in Vista, its better to use IPSec

1. Download and extract this file:
http://rapidshare.com/files/182300708/mj-block.zip.html
2. run Secpol.msc
3. Select "IP Security Policies on Local Computer", right click, all tasks->Import Policies, select file in step1.
4. Edit the new rule, by default, it blocks all the mj proxies. To enable certain ip, you can remove it from the list(not recommended) or change the protocol from "Any" To "ICMP"(others except "UDP" should also do the trick)
5. Apply and finally, right click the new "MJ Block" rule and select "Assign"
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sun Jan 11, 2009 11:52 pm    Post subject: Reply with quote

pagemen wrote:
in Vista, its better to use IPSec
1. Download and extract this file:


I don't use Vista. Can you explain IPSec a little? Does it come with Vista? Is there a way to do this without downloading a file from an untrusted source? (Sorry, but you know how opinions vary in this regard.).

BTW: I have created the how-to's for find and change proxies:

Find: http://en.wikibooks.org/wiki/MagicJack/Support_Resources/How-To/Proxy_Find

Change: http://en.wikibooks.org/wiki/MagicJack/Support_Resources/How-To/Proxy_Change

I'm just a little unclear about the Vista part. It would be nice if it could be explained in terms that don't require an untrusted file download.

Feel free to edit either of those if you think they can be clearer.

Mark
Back to top
View user's profile Send private message
rodak
magicJack Apprentice


Joined: 09 Dec 2008
Posts: 19

PostPosted: Wed Jan 21, 2009 10:19 pm    Post subject: Reply with quote

2 Questions:

If I want to just forward the proxy my MJ always seems to use to another I've found that usually works, would the IPTABLES command be (for example):

/usr/sbin/iptables -A FORWARD -d 67.109.32.70 -j 216.234.78.8

Does the iptables command persist across router reboots? If not, is there any way to make it happen, say, every time I restart Windows (like a .CMD file with a Telnet script).

(and yes, I am running Tomato 1.23)
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Wed Jan 21, 2009 11:25 pm    Post subject: Reply with quote

rodak wrote:
2 Questions:

If I want to just forward the proxy my MJ always seems to use to another I've found that usually works, would the IPTABLES command be (for example):

/usr/sbin/iptables -A FORWARD -d 67.109.32.70 -j 216.234.78.8

Does the iptables command persist across router reboots? If not, is there any way to make it happen, say, every time I restart Windows (like a .CMD file with a Telnet script).

(and yes, I am running Tomato 1.23)


make it persistence, add the script to(under Tomato's web interface) Administration->Scripts->Firewall
Back to top
View user's profile Send private message
rodak
magicJack Apprentice


Joined: 09 Dec 2008
Posts: 19

PostPosted: Fri Jan 23, 2009 2:52 pm    Post subject: Reply with quote

Ok, I'm doing something wrong here. I've issued the commands from the command line in a Telnet session, I've tried putting them into the Init and the Firewall scripts under Administration (then rebooted the router), but I'm still able to PING the supposedly blocked proxy hosts. What am I doing wrong?
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Jan 23, 2009 3:00 pm    Post subject: Reply with quote

rodak wrote:
but I'm still able to PING the supposedly blocked proxy hosts. What am I doing wrong?


Not that I know much about iptables/ipchains, but I'm confused because originally you said you wanted to forward one proxy to another. "Pagemen" gave you one command to do that. But, now you say you expect it to be blocked. From previous posts (and what I copied from those posts to the wiki FAQ) the command is:

Code:
/usr/sbin/iptables -I FORWARD -d  216.234.70.8 -j DROP


PS: I'd be interested in knowing if the command "Pagemen" provided really works to forward traffic destined for one proxy to another. That would be easier than blocking all proxies.

Finally, for help with Tomato, see the http://www.linksysinfo.org forum for Tomato.

Mark
Back to top
View user's profile Send private message
rodak
magicJack Apprentice


Joined: 09 Dec 2008
Posts: 19

PostPosted: Sat Jan 24, 2009 6:10 am    Post subject: Reply with quote

Sorry for the confusion. Yes, originally, I wanted to forward one address to another, but the command I suggested (i.e., "guessed at" - pageman didn't supply it) didn't work at all (invalid syntax, you apparently can't just supply another address in place of the "DROP" keyword), so I dropped back and tried to implement the initial set of iptables commands to block all proxies, then delete the one I wanted to use.

Trouble is, nothing I do seems to have any effect. Whether I enter the iptables command from the command line via telnet, or put it into Tomato's Init or Firewall script window, it doesn't seem to have any effect - I can still ping the "dropped" address, and MJ keeps connecting (successfully) to it's favorite Chicago proxy address.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sat Jan 24, 2009 10:41 am    Post subject: Reply with quote

rodak wrote:
Trouble is, nothing I do seems to have any effect. Whether I enter the iptables command from the command line via telnet, or put it into Tomato's Init or Firewall script window, it doesn't seem to have any effect - I can still ping the "dropped" address, and MJ keeps connecting (successfully) to it's favorite Chicago proxy address.


I just tried it. I SSH'ed to my Tomato router, and entered:

Code:
/usr/sbin/iptables -I FORWARD -d  66.104.81.70 -j DROP


I can still ping that (Phoenix) address. But, when I start MagicJack, it connects to San Francisco.

Are you sure your MJ is really connecting to Chicago?

Also, the Chicago proxy1 address is 71.5.91.70. Is that the address you're using?

Mark
Back to top
View user's profile Send private message
rodak
magicJack Apprentice


Joined: 09 Dec 2008
Posts: 19

PostPosted: Sat Jan 24, 2009 3:20 pm    Post subject: Reply with quote

THAT worked - the difference is in the command you just posted, it's using the -I (Insert). The command I was using was -A (Append), which is what was listed in the original post. I don't know what the difference is, but apparently (at least for me) -A doesn't work but -I does.

So after issuing the command, I can no longer ping the Chicago proxy. Restarted MJ, and it picked a different one: 67.107.82.70, which isn't in the list, and doesn't even have a reverse DNS resolution. MJ didn't work, either. It would try to dial, then hang up and go back to "Ready to Call".
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Sat Jan 24, 2009 3:31 pm    Post subject: Reply with quote

rodak wrote:
So after issuing the command, I can no longer ping the Chicago proxy. Restarted MJ, and it picked a different one: 67.107.82.70, which isn't in the list, and doesn't even have a reverse DNS resolution. MJ didn't work, either. It would try to dial, then hang up and go back to "Ready to Call".


I added the list of proxies to the Wiki how-to. You can reverse lookup the IP address there to find the hostname (if you're curious).

You could block that IP address and force it to try another one. I blocked 12-15 servers over the past two nights and it worked fine for me. It takes a while to connect when starting MJ after you've blocked 5-6 addresses. It has to fail all those before it gets an unblocked address.

I've also noticed over the past couple days that some of MJ's proxy addresses can't be nslookup'ed using the IP address (only the hostname). It's not all of them. For example, you can nslookup the IP address of the Atlanta server. But, not the San Francisco server.

That's one reason I added the list of proxies to the how-to. If this becomes a permanent limitation on nslookup, we'll have to maintain a list in the how-to so people can cross reference names and IP addresses.

I don't know if this is Dan obsessing over people changng proxies. But, there's no way he can stop it. Even if he obfuscates proxy names, there's no way he can prevent people from identifying their proxy IP address using Wireshark (worst case scenario) and blocking it, getting a new IP address in Wireshark (and so on). It doesn't matter if nobody ever knows where those proxies actually reside. They'll always be able to change proxies as long as the softphone has the feature to "failover" to a different proxy.

Mark
Back to top
View user's profile Send private message
rodak
magicJack Apprentice


Joined: 09 Dec 2008
Posts: 19

PostPosted: Sat Jan 24, 2009 3:37 pm    Post subject: Reply with quote

SUCCESS!!!!!!

Many thanks for your help, guys! I put all the iptables commands (with the -I option not -A) into the Firewall section under Administration/Scripts, and voila! Calls now routed through Atlanta (which, I note, AZ, you had very good results with in your testing). My son has a friend in the 770 area code, and he would get a bad echo every time he called him (except when using the kludgy '*' option). He's talking to him now with no echo!
Back to top
View user's profile Send private message
admin
MagicJack Contributor


Joined: 12 Nov 2007
Posts: 60

PostPosted: Fri Jan 30, 2009 6:10 pm    Post subject: Reply with quote

Great post pagemen, you won a free MagicJack
Back to top
View user's profile Send private message
pagemen
Dan isn't smart enough to hire me


Joined: 15 Dec 2008
Posts: 128

PostPosted: Fri Jan 30, 2009 8:39 pm    Post subject: Reply with quote

thanks admin for the free jack, and az2008's nomination. really nice surprise.

I updated the original post with corrected info(hopefully). For "-I"(insert, putting the rule at the beginning of the iptables chain) and "-A"(append at the end), both should work equally well on a desktop system, however, as there are some stock iptables rules in these Linux based routers, customized rules have to be put at the beginning of the chain(-I), otherwise, MJ traffic would be caught by default rules and bypass our settings.
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Wed Feb 25, 2009 8:18 pm    Post subject: Reply with quote

Hello...

I tried to block the default Philadelphia server that my MJ keeps connecting to, and when I do, I get a rapid busy signal followed by a dial tone when I dial a number.

I used the following command...

route add 26.234.67.8 mask 255.255.255.255 192.168.254.3 (which is another PC off my router).

When I delete the route and restart the MJ, it works again (including the echo of my own voice whenever I call certain land lines).

Any ideas?

Thanks,
-Tom in Scranton, PA USA
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Wed Feb 25, 2009 8:25 pm    Post subject: Reply with quote

TomMonger wrote:
I tried to block the default Philadelphia server that my MJ keeps connecting to, and when I do, I get a rapid busy signal followed by a dial tone when I dial a number.


You should follow the "find" instructions (on the wiki how-to) to see what rtp/vms server it's connecting to when you try to make a call. I.e., is it remaining in the old region you wanted to block.

Some people have reported that phenomenon. They have to block the vms server(s) as well. Which makes changing proxies less feasible because if a call comes in from the blocked region you probably won't be able to receive it because MJ will try to use the vms server in that region (which you can't connect to because you blocked it).

Mark
Back to top
View user's profile Send private message
tony
Dan Should Pay Me


Joined: 04 May 2008
Posts: 509
Location: Vancouver, BC

PostPosted: Wed Feb 25, 2009 11:31 pm    Post subject: Reply with quote

az2008 wrote:
They have to block the vms server(s) as well. Which makes changing proxies less feasible because if a call comes in from the blocked region you probably won't be able to receive it because MJ will try to use the vms server in that region (which you can't connect to because you blocked it). Mark


Hi Mark, will try blocking the vms servers. I have my MJ call forwarded to the landline. If I block the vms server, will there be an effect on incoming calls if MJ is forwarded?
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Thu Feb 26, 2009 12:01 am    Post subject: Reply with quote

Thanks for the reply, Mark, but it did the same thing when I blocked both the proxy and vms servers that were showing up in my pmdump file. All calls would just return a dial tone Sad It's like my MJ is hard-coded to use only Philly's, and it won't accept anything else. Oh well.
Back to top
View user's profile Send private message
tony
Dan Should Pay Me


Joined: 04 May 2008
Posts: 509
Location: Vancouver, BC

PostPosted: Thu Feb 26, 2009 12:51 am    Post subject: Reply with quote

TomMonger wrote:
Thanks for the reply, Mark, but it did the same thing when I blocked both the proxy and vms servers that were showing up in my pmdump file. All calls would just return a dial tone Sad It's like my MJ is hard-coded to use only Philly's, and it won't accept anything else. Oh well.


I'm having the same problem, my number is a NYC number and when I try to block the NY servers, I just get a dial tone after dialing. Please post if you find a solution.
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Feb 26, 2009 11:28 am    Post subject: Reply with quote

tony wrote:
I have my MJ call forwarded to the landline. If I block the vms server, will there be an effect on incoming calls if MJ is forwarded?


I haven't tried that. You could try it and let us know.

The only experience I have is with blocking vms servers, and then a call coming in from the region where the vms server is blocked. The notification of the incoming call came through on the proxy (in whatever region I was using). But, the instruction was to open a connection to the vms server that was blocked. After a couple failed attempts, it finally came through on a vms server in the region I was connected to.

This isn't really a failure with the blocking-proxies hack. The hack just takes advantage of MJ's capability to "fail over" to different servers if servers are down (or unreachable due to network problems). What's becoming evident is that MJ's "fail over" feature doesn't work very well. For some people, it doesn't seem to work at all.

Most business people would welcome their customers discovering shortcomings like this. But, Dan seems to want to keep his customers as far away as possible. (I.e., this forum wouldn't exist except for the fact that Dan shut down the forum that originally existed on the magicjack web site.).

Mark
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Feb 26, 2009 11:30 am    Post subject: Reply with quote

TomMonger wrote:
it did the same thing when I blocked both the proxy and vms servers that were showing up in my pmdump file. All calls would just return a dial tone Sad It's like my MJ is hard-coded to use only Philly's, and it won't accept anything else.


Did you do a pmdump and verify MJ is connecting to different proxy and vms servers? Did you block those and try yet another? (And, you restarted the softphone after each block was created?).

Mark
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Thu Feb 26, 2009 10:42 pm    Post subject: Reply with quote

az2008 wrote:

Did you do a pmdump and verify MJ is connecting to different proxy and vms servers? Did you block those and try yet another? (And, you restarted the softphone after each block was created?).


Yes, I did all that, and even created a .bat file of all 29 (or was it 31?) servers to block all but 2 or 3 servers, and it still won't connect anywhere. Unless I delete the route for that damn Philadelphia server, my MJ won't work.

So, I did a pmdump after I dialed a number. I got the correct server that I left unblocked, BUT check out the vms part:

c=IN IP4 0.0.0.0

What do I do now? I am guessing I will have to block all the vms servers I don't want? Is there a list?

Thanks again for all your help!
-Tom
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Thu Feb 26, 2009 11:17 pm    Post subject: Reply with quote

TomMonger wrote:
So, I did a pmdump after I dialed a number. I got the correct server that I left unblocked, BUT check out the vms part:

c=IN IP4 0.0.0.0

What do I do now? I am guessing I will have to block all the vms servers I don't want? Is there a list?


Normally people have to block vms servers they don't want to connect to (after seeing they're connecting to them). In your case, it doesn't to be connecting to one.

You said you blocked all the proxies except the one you want to use. Do you get the same vms problem regardless of which proxy you connect to? (if you only block one proxy and let it go to the next one in line?).

You may be one of the unfortunate people who can't use proxy blocking. It works to various degrees for different people. I'm not sure what is the distinguishing factor for the differing experiences. Maybe something specific to the proxy that a phone number is homed to.

The only thing I can think to try is to shut everything down for 30 minutes, boot, block proxies, and start MJ. (Don't let MJ connect to anything during that 30 minutes, or before blocking proxies.).

Mark
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Thu Feb 26, 2009 11:48 pm    Post subject: Reply with quote

Mark, I'm happy to report that I *finally* got it to work!

I made up a .bat file with all the proxies and matching vms servers (see below in case anyone wants to copy it). I shut down the MJ and released/renewed my IP connection. I put an REM in front of the proxies and matching vms server entries that I wanted to use in my .bat file (in this case, the two Pittsburgh servers), saved and ran the .bat file, restarted the MJ, then made a call. It stalled for a minute or two, and voila! I was talking to my mom... with NO ECHO!

Thanks again for all your help, Mark!

Oh, here's my batch file. Remember to change the IP addresses at the end of each line to match your own home network.


======================================

route add 67.88.10.198 mask 255.255.255.255 192.168.254.1
route add 67.88.10.203 mask 255.255.255.255 192.168.254.1


route add 67.88.208.198 mask 255.255.255.255 192.168.254.1
route add 67.88.208.203 mask 255.255.255.255 192.168.254.1


route add 216.234.64.8 mask 255.255.255.255 192.168.254.1
route add 216.234.64.12 mask 255.255.255.255 192.168.254.1


route add 216.234.70.8 mask 255.255.255.255 192.168.254.1
route add 216.234.70.12 mask 255.255.255.255 192.168.254.1


route add 67.90.80.134 mask 255.255.255.255 192.168.254.1
route add 67.90.80.139 mask 255.255.255.255 192.168.254.1


route add 67.90.177.70 mask 255.255.255.255 192.168.254.1
route add 67.90.177.75 mask 255.255.255.255 192.168.254.1


route add 67.109.32.70 mask 255.255.255.255 192.168.254.1
route add 67.109.32.75 mask 255.255.255.255 192.168.254.1


route add 67.91.177.70 mask 255.255.255.255 192.168.254.1
route add 67.91.177.75 mask 255.255.255.255 192.168.254.1


route add 64.1.213.70 mask 255.255.255.255 192.168.254.1
route add 64.1.213.75 mask 255.255.255.255 192.168.254.1


route add 66.104.96.198 mask 255.255.255.255 192.168.254.1
route add 66.104.96.203 mask 255.255.255.255 192.168.254.1


route add 66.104.81.70 mask 255.255.255.255 192.168.254.1
route add 66.104.81.75 mask 255.255.255.255 192.168.254.1


route add 67.88.84.6 mask 255.255.255.255 192.168.254.1
route add 67.88.84.11 mask 255.255.255.255 192.168.254.1


route add 67.88.218.6 mask 255.255.255.255 192.168.254.1
route add 67.88.218.11 mask 255.255.255.255 192.168.254.1


route add 67.108.236.70 mask 255.255.255.255 192.168.254.1
route add 67.108.236.75 mask 255.255.255.255 192.168.254.1


route add 67.106.133.198 mask 255.255.255.255 192.168.254.1
route add 67.106.133.203 mask 255.255.255.255 192.168.254.1


route add 67.91.96.134 mask 255.255.255.255 192.168.254.1
route add 67.91.96.139 mask 255.255.255.255 192.168.254.1


route add 67.110.56.198 mask 255.255.255.255 192.168.254.1
route add 67.110.56.203 mask 255.255.255.255 192.168.254.1


route add 67.91.233.134 mask 255.255.255.255 192.168.254.1
route add 67.91.233.139 mask 255.255.255.255 192.168.254.1


route add 67.90.152.70 mask 255.255.255.255 192.168.254.1
route add 67.90.152.75 mask 255.255.255.255 192.168.254.1


route add 216.234.78.8 mask 255.255.255.255 192.168.254.1
route add 216.234.78.12 mask 255.255.255.255 192.168.254.1


route add 67.90.16.6 mask 255.255.255.255 192.168.254.1
route add 67.90.16.11 mask 255.255.255.255 192.168.254.1


route add 67.111.81.6 mask 255.255.255.255 192.168.254.1
route add 67.111.81.11 mask 255.255.255.255 192.168.254.1


route add 216.234.69.8 mask 255.255.255.255 192.168.254.1
route add 216.234.69.12 mask 255.255.255.255 192.168.254.1


route add 207.155.164.198 mask 255.255.255.255 192.168.254.1
route add 207.155.164.203 mask 255.255.255.255 192.168.254.1


route add 216.234.79.8 mask 255.255.255.255 192.168.254.1
route add 216.234.79.12 mask 255.255.255.255 192.168.254.1


route add 67.88.11.6 mask 255.255.255.255 192.168.254.1
route add 67.88.11.11 mask 255.255.255.255 192.168.254.1


route add 67.107.82.70 mask 255.255.255.255 192.168.254.1
route add 67.107.82.75 mask 255.255.255.255 192.168.254.1


route add 67.107.71.134 mask 255.255.255.255 192.168.254.1
route add 67.107.71.139 mask 255.255.255.255 192.168.254.1


route add 67.88.183.70 mask 255.255.255.255 192.168.254.1
route add 67.88.183.75 mask 255.255.255.255 192.168.254.1


route add 67.111.250.134 mask 255.255.255.255 192.168.254.1
route add 67.111.250.139 mask 255.255.255.255 192.168.254.1


route add 216.234.67.8 mask 255.255.255.255 192.168.254.1
route add 216.234.67.12 mask 255.255.255.255 192.168.254.1
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Feb 27, 2009 12:00 am    Post subject: Reply with quote

TomMonger wrote:
I made up a .bat file with all the proxies and matching vms servers


The last time I checked, there were more vms servers per region. Do a nslookup on vms1, vms2, vms3, etc. So, you're not blocking all vms servers.

But, if it works, that's fine.

Mark
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Fri Feb 27, 2009 1:40 am    Post subject: Reply with quote

az2008 wrote:

The last time I checked, there were more vms servers per region. Do a nslookup on vms1, vms2, vms3, etc. So, you're not blocking all vms servers.

But, if it works, that's fine.

Mark


I guess I've got more work to do, eh? LOL Oh well!
Back to top
View user's profile Send private message
az2008
MagicJack Sensei


Joined: 20 Aug 2008
Posts: 1404
Location: Tempe, AZ

PostPosted: Fri Feb 27, 2009 12:05 pm    Post subject: Reply with quote

TomMonger wrote:
I guess I've got more work to do, eh? LOL Oh well!


If it works just blocking each region's vms1 server, then you shouldn't have to do more (you shouldn't even have to do that). I just wanted to point out that each region has more vms servers. They have more proxy servers too (nslookup proxy2, 3, etc.). I suspect the proxy servers are load balanced. You connect to proxy1 and it hands you off to 2, 3, etc. using something like BigIP (so it's transparent to you). But, the vms servers seem to be different. I've noticed that I've connected directly to vms2, 3 etc. Especially when it's an incoming call.

I've also noticed some regions have servers named {ip-address}.{city-name}.talk4free.com.

I don't know if that was a temporary naming convention while MJ upgraded hardware, or intended to throw off its customers who try to improve their service by blocking servers.

Mark
Back to top
View user's profile Send private message
TomMonger
MagicJack Newbie


Joined: 01 Feb 2009
Posts: 6

PostPosted: Sat Feb 28, 2009 12:02 am    Post subject: Reply with quote

Last night, it worked. Tonight, no go. After I'd dial a number, I'd get an immediate dial tone.

So... I listed all the Proxy1, Proxy2... and VMS1, VMS2... servers in my batch file, and rem'd out the ones I wanted to allow. No luck either.

So, now I'm back to my echo'ing MJ whenever I call certain people.

-T.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    magicJack and magicJack Plus Support, Reviews, FAQs and Hacks Forum Index -> magicJack Tips, Tricks, and Hacks All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB Turbo Extended Edition © 2010, phpBB Group