[GnomeMeeting-list] video conferencing config ???

["vincent blondel" <vincent blondel chello be>]

Hi all,

 

I just subscribed on this mailing-list because I got some questions to implement a video conferencing infrastructure.

I give you below a graphical representation of our network. We want to authorize h.323 traffic from and to domains dev1 and dev2.

 

I searched on the net for examples of such a configuration but I didn't find it. I found well some explanations on some subjects as GnomeMeeting, firewall, nat h.323 but not all this together.

 

I will first begin by giving you an explanation on our situation.

- The communication between the lan domains and the internet pass through one DMZ zone

- DMZ is made by two servers running slackware 8.0

- DMZ1 is configured with kernel 2.4.18 patched with patch-o-matic20020825 and iptables is upgraded to 1.2.7a so I

  got modules to make h.323 nat

- dev1 and dev2 communicates with dmz through hardware switch/nat/firewall SMC7008BR ( I don't think they have nat h323

  incorporated )

- we have several clients with linux and/or windows stations running Gnomemeeting and/or Netmeeting

... and finally we want to open webcams from DEV1 and DEV2 to the net.

 

          10.66.0.xxx
     +---------------+
     |   SMC7008BR   |
     +---------------+
          10.66.1.xxx
              DEV2
            |        |
  +---------+-+   +--+--------+
  | slack 8.0 |   | Slack 8.0 |
  +-----------+   +-----------+
                  192.168.0.xxx   +-----+       10.66.0.xxx
                                  | pp0 |  +---------------+
                                  +--+--+  |   switch      |
                                     |     +---------------+
                                              DMZ
                                     +-------+  +-------------+
                                     | DMZ2  |  |  DMZ1       |

                                     |       |  |             |

                                     |  NS2  |  | NS1         |
                10.66.0.xxx          |  HTTP2|  | HTTP1       |
           +---------------+         +-------+  | FTP         +--ISP
           |   SMC7008BR   |                    | SMTP        |
           +---------------+                    +-------------+
              192.168.0.xxx                      192.168.0.xxx
                  DEV1
             |          |
 +-----------+-+      +-+---------+
 |   linux     | .... |    w2k    |
 +-------------+      +-----------+
  GnomeMeeting         NetMeeting

 

 

 

So my problems are the followings :

 

- I found on the net this configuration for module ip_nat_h323

  #! /bin/bash
  EXTERNAL_IF=eth0
  EXTERNAL_IP=mon.ip.pub.lic
  PCA_HOST=mon.ip.pri.vee

  $IPTABLES=/usr/local/sbin/iptables

  /sbin/modprobe -a -k -s -v ip_nat_h323

  logger -s "H323 Ports"
  H323_PORTS="389 522 1503 1720 1731 8080"
  for PORT in $H323_PORTS; do
  $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p tcp -d $EXTERNAL_IP \
  --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
  -j DNAT --to-destination $PCA_HOST -v
  done

  logger -s "H323 Ports"
  H323_PORTS="389 522 1503 1720 1731 8080"
  for PORT in $H323_PORTS; do
  $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p udp -d $EXTERNAL_IP \
  --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
  -j DNAT --to-destination $PCA_HOST -v
  done

  It is a very good example but this configuration concerns config with one client running Gnomemeeting and/or Netmeeting

- so maybe solution for above problem is maybe to configure on DMZ1 or DMZ2 a h323 Gatekeeper ???

    but in this case, do I have to replace in the above script $PCA_HOST by DMZ1 ip address so 10.66.0.1

- and finally, if I have to configure a h323 GateKeeper, what do you think about these ones : 

    http://www.gnugk.org/h323develop.html or this one http://www.gnugk.org/

 

If one of you is using such a config, help, suggestions and remarks will be appreciated.

 

Thanks in advance

Vincent