[GnomeMeeting-list] Gnomemeeting and firewall rules?

From: Jeffrey Bell <jfbell earthlink net>
To: gnomemeeting-list gnome org
Subject: [GnomeMeeting-list] Gnomemeeting and firewall rules?
Date: 05 Mar 2002 08:36:52 -0500

Hi,

I am running a debian box, kernel 2.4.17 with gm-0.12.2, I sit behind a
debian firewall also running 2.4.17 using iptables. I have used the
"patch-o-matic" to apply the cvs version of the newnat-0.7 patch to the
firewall box. I recompile, reboot and have edited the firewall ruleset
so upon a initialization the firewall loads the ip_conntrack_h323 and
ip_nat_h323 modules. 

lsmod shows:

ip_conntrack_h323 2144 1 (autoclean)
ip_nat_h323 2496 0 (unused)
ip_conntrack 15244  10 (autoclean) [ip_nat_irc ip_conntrack_irc
ip_nat_ftp ip_conntrack_ftp ip_conntrack_h323 ip_nat_h323 ipt_MASQUERADE
iptable_nat ipt_state]

is the above ip_nat_h323 (unused) correct?

<snip..snip> firewall script

/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_h323
/sbin/modprobe ip_conntrack_h323
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_irc ports=$IRCPORTS
/sbin/modprobe ip_nat_irc ports=$IRCPORTS

I have found these two rules from the net somewhere reguarding firewall
and gm,

$IPTABLES -A INPUT -p tcp -i $EXTIF  --dport 1720 -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $EXTIF  -j DNAT -p tcp --dport 1720
--to 192.168.1.9:1720

now the 192.168.1.9:1720 is my internal IP from the workstation I
running gm on. By the way, this machine is a dhcp client which I have
recentley disabled because of this rule, anyway around this --to
192.168.1.9.:1720?

Now my understanding is that if I enable h.245 tunneling from within gm
that I don't have to worry about opening a couple ports or so. I know
nm/gm has a few different ports to open in order to work and that the
modules are supposed to assist in this reguard.

I have seen and received video and have been told that I have sent audio
to someone who is runnning netmeeting on a windows box. I have yet to
receive any audio from anyone. I run gnome with esd sound, I have to
disable (kill) esd in order to use gm, I understand that I should use
ALSA sound daemon instead of esd.

My question, is my firewall rules, shown above, with the h.245 tunneling
enabled in gm, set up correctly to enable audio/video both way?

What is everybody else doing with reguards to gm behind a firewall?

-- 
Jeffrey Bell <jfbell earthlink net>
   -------------------------------------------------------------
   Research is what I'm doing when I don't know what I'm doing.
                        -- Wernher von Braun --

Follow-Ups:
- Re: [GnomeMeeting-list] Gnomemeeting and firewall rules?
  - From: Ivo Clarysse
- Re: [GnomeMeeting-list] Gnomemeeting and firewall rules?
  - From: Jonathan A. Davis
- Re: [GnomeMeeting-list] Gnomemeeting and firewall rules?
  - From: Ivo Clarysse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]