Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router

From: Damien Sandras <sandras info ucl ac be>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router
Date: 13 Aug 2002 12:30:28 +0200

Thanks a lot for this contribution!

I'll add this to the FAQ ASAP :))


Le mar 13/08/2002 à 14:14, Matthias Redlich a écrit :
> Hi Gnomemeeting-List,
> 
> I'm writing this additional mail because I think I forgot to write some
> more technical information yesterday. That's because I hadn't much time,
> I just wanted to inform you that it is possible to use the h.323 with a
> BSD router. Here are some more details:
> 
> Of course, IP Filter has to be startet (ipf -E). You have to add 2
> entries in your ipnat configuration (/etc/ipnat.rules). First of all the
> syntax for the h.323 proxy:
> 
> map ext-interface int-address/24 -> ext-address/32 proxy port 1720
> h323/tcp
> 
> int-address/24 depends on your LAN, but in most cases it will be /24
> (c-class network). Otherwise you' ll have to change /24 to /16, /8 or
> perhaps /26 (if you are using CIDR)
> Many people of you will use a dialup connection with a dynamic
> IP-address, here one practical example (0/32 is for the dynamic
> address):
> 
> map ppp0 192.168.0.0/24 -> 0/32 proxy port 1720 h323/tcp
> 
> To be able to receive incoming calls you have to redirect tcp port 1720
> to your computer. 
> 
> rdr ext-interface ext-address/32 port 1720 -> int-address/32 port 1720
> tcp
> 
> Here is an example:
> 
> rdr ppp0 0/32 port 1720 -> 192.168.0.42/32 port 1720
> 
> Restart ipnat and test your new ruleset.Please make sure to refresh your
> ipnat rules if you' ve got a new IP-address (reconnect).
> 
> To ensure every packet can pass the packet filter, check that the
> following ports are permitted by your ruleset. I won't write any rules
> for your packet filter because everyone thinks different about security.
> Just check if it is secure enough for your needs (specify the source,
> destination and so on). Here are the ports you have to permit (more
> information in the GM FAQ):
> - TCP: 1720, 30000 - 30010 (depends on h.245 tunneling)
> - UDP: 5000 - 5003
> 
> Ok, this might be enough. 
> 
> Best regards,
> Matthias Redlich
> 
> 
> 
> _______________________________________________
> Gnomemeeting-list mailing list
> Gnomemeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
-- 
 _      Damien Sandras
(o-     GnomeMeeting - H.323 Videoconferencing Application -
//\              web - http://www.gnomemeeting.org/
v_/_     H.323 phone - callto://ils.seconix.com/dsandras seconix com

References:
- [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router
  - From: Matthias Redlich
- Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router
  - From: Matthias Redlich

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]