Re: [GnomeMeeting-list] through NAT without _any_ forwarding - this seems to be possible!

[Damien Sandras <dsandras seconix com>]

Le sam 09/11/2002 à 02:41, Rafa³ Kleger-Rudomin a écrit :
> 
> Hello!

[...]

> I tried it recently: I opened UDP port 5000
> # nc -l -u -p 5000 
> my friend called me form behind masq:
> # nc -u myIP 5000
> and we established two-way communication.
> 
> 
> The conclusion: in my case gm must use router's IP in outcoming 
> UDP stream when replying to NATed machine. Can that really be so simple? 
> If so, how to try it? Is it easy to hack gm code to try it?
> 

Not really. If you are NATTED, then GM can replace your NAT IP in the
packets by the IP of your router.

However, I"m 100% sure that Netmeeting doesn't work from behind a
firewall/NAT router. There is no way. Even if you put the IP of their
router instead of their natted IP in the packets, when their firewall
will receive the packets, it will not forward them to the internal
machine except if the audio/video connection was started from their
inside lan. But if the audio/video connection is started from your
machine, it will arrive to their router, and the packets will be
dropped. And you cannot really control who is starting the audio/video
connection. It doesn't depend of who is calling/called. That is
negotiated in the protocol.

I understand the admin doesn't want to make any effort to make NM work
from behind the firewall, because it would need to allow all imaginable
ports. They are all random in Netmeeting.



> Best Regards,
> Rafal
> 
> -- 
> Rafa~ Kleger-Rudomin (klakier pld org pl)
> 
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
-- 
  _
 (o-      SANDRAS Damien
 //\      
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/