Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router

[m-redlich t-online de (Matthias Redlich)]

Hi Gnomemeeting-List,

I'm writing this additional mail because I think I forgot to write some
more technical information yesterday. That's because I hadn't much time,
I just wanted to inform you that it is possible to use the h.323 with a
BSD router. Here are some more details:

Of course, IP Filter has to be startet (ipf -E). You have to add 2
entries in your ipnat configuration (/etc/ipnat.rules). First of all the
syntax for the h.323 proxy:

map ext-interface int-address/24 -> ext-address/32 proxy port 1720
h323/tcp

int-address/24 depends on your LAN, but in most cases it will be /24
(c-class network). Otherwise you' ll have to change /24 to /16, /8 or
perhaps /26 (if you are using CIDR)
Many people of you will use a dialup connection with a dynamic
IP-address, here one practical example (0/32 is for the dynamic
address):

map ppp0 192.168.0.0/24 -> 0/32 proxy port 1720 h323/tcp

To be able to receive incoming calls you have to redirect tcp port 1720
to your computer. 

rdr ext-interface ext-address/32 port 1720 -> int-address/32 port 1720
tcp

Here is an example:

rdr ppp0 0/32 port 1720 -> 192.168.0.42/32 port 1720

Restart ipnat and test your new ruleset.Please make sure to refresh your
ipnat rules if you' ve got a new IP-address (reconnect).

To ensure every packet can pass the packet filter, check that the
following ports are permitted by your ruleset. I won't write any rules
for your packet filter because everyone thinks different about security.
Just check if it is secure enough for your needs (specify the source,
destination and so on). Here are the ports you have to permit (more
information in the GM FAQ):
- TCP: 1720, 30000 - 30010 (depends on h.245 tunneling)
- UDP: 5000 - 5003

Ok, this might be enough. 

Best regards,
Matthias Redlich