Re: [GnomeMeeting-list] Gnomemeeting and firewall rules?

[Ivo Clarysse <soggie soti org>]

On Tue, 5 Mar 2002, Jonathan A. Davis wrote:

> On 5 Mar 2002, Jeffrey Bell wrote:
> 
> > 
> > What is everybody else doing with reguards to gm behind a firewall?
> > 
> > 
> 
> I'm doing pretty much the same thing.  The only thing is, although I'm
> running 2.4.17 on the NAT box, I shoehorned the (for 2.4.13)  
> newnat-suite from http://www.kfki.hu/%7Ekadlec/sw/netfilter/newnat-suite.
> Mainly as I didn't know there *was* a CVS lurking around with something
> newer.  :-)
> 
> In any case, I have basically the identical entries such as:
> 
> $IPTABLES -A PREROUTING -i $GATEWAY -p tcp -m tcp --dport 1720 -j DNAT 
> --to-destination athena
> 
> One difference might be that I'm not summarily DROPping ports above 1023, 
> but only selected ones.
> 
> If memory serves, net/gnomemeeting uses the following:
> 
>  389/TCP     ILS
>  522/TCP     ULS

AFAIK, Gnomemeeting does not support ULS (User Location Service) - it uses
ILS instead.  NetMeeting can also use ILS.

> 1503/TCP     T.120

Gnonemeeting does not support T.120.

> 1720/TCP     H.323 & H.225 (video and call setup)

> 1731/TCP     Audio

This port is (according to http://www.shenton.org/~chris/nasa-hq/netmeeting/)
Microsoft's msiccp 'Audio call control' protocol.  Again, AFAIK Gnomemeeting
does not use or support this.

>  Dyn/TCP     H.245
>  Dyn/UDP     RTCP/RTP
> 
> Thus you may need to check and open a hole for 1731...

(I tested with allowing all inbound UDP/TCP on 1024-65535, just to
make sure if that would help, but it didn't, nor did forwarding
port 1731 to the internal host)
> 
Ivo.

-- 
Ivo Clarysse               PGP key: DF533D7C           <soggie soti org>

H.R. Leuven 107057
BTW: BE 708.837.396
Rek: 735-0029047-32                         http://www.soti.org/~soggie/