[GnomeMeeting-list] Gnomemeeting and firewall rules?
- From: Jeffrey Bell <jfbell earthlink net>
- To: gnomemeeting-list gnome org
- Subject: [GnomeMeeting-list] Gnomemeeting and firewall rules?
- Date: 05 Mar 2002 08:36:52 -0500
Hi,
I am running a debian box, kernel 2.4.17 with gm-0.12.2, I sit behind a
debian firewall also running 2.4.17 using iptables. I have used the
"patch-o-matic" to apply the cvs version of the newnat-0.7 patch to the
firewall box. I recompile, reboot and have edited the firewall ruleset
so upon a initialization the firewall loads the ip_conntrack_h323 and
ip_nat_h323 modules.
lsmod shows:
ip_conntrack_h323 2144 1 (autoclean)
ip_nat_h323 2496 0 (unused)
ip_conntrack 15244 10 (autoclean) [ip_nat_irc ip_conntrack_irc
ip_nat_ftp ip_conntrack_ftp ip_conntrack_h323 ip_nat_h323 ipt_MASQUERADE
iptable_nat ipt_state]
is the above ip_nat_h323 (unused) correct?
<snip..snip> firewall script
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_h323
/sbin/modprobe ip_conntrack_h323
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
/sbin/modprobe ip_nat_irc ports=$IRCPORTS
I have found these two rules from the net somewhere reguarding firewall
and gm,
$IPTABLES -A INPUT -p tcp -i $EXTIF --dport 1720 -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $EXTIF -j DNAT -p tcp --dport 1720
--to 192.168.1.9:1720
now the 192.168.1.9:1720 is my internal IP from the workstation I
running gm on. By the way, this machine is a dhcp client which I have
recentley disabled because of this rule, anyway around this --to
192.168.1.9.:1720?
Now my understanding is that if I enable h.245 tunneling from within gm
that I don't have to worry about opening a couple ports or so. I know
nm/gm has a few different ports to open in order to work and that the
modules are supposed to assist in this reguard.
I have seen and received video and have been told that I have sent audio
to someone who is runnning netmeeting on a windows box. I have yet to
receive any audio from anyone. I run gnome with esd sound, I have to
disable (kill) esd in order to use gm, I understand that I should use
ALSA sound daemon instead of esd.
My question, is my firewall rules, shown above, with the h.245 tunneling
enabled in gm, set up correctly to enable audio/video both way?
What is everybody else doing with reguards to gm behind a firewall?
--
Jeffrey Bell <jfbell earthlink net>
-------------------------------------------------------------
Research is what I'm doing when I don't know what I'm doing.
-- Wernher von Braun --
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]