Re: [GnomeMeeting-list] video conferencing config ???

From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] video conferencing config ???
Date: 13 Nov 2002 23:25:48 +0100
Le mer 13/11/2002 à 23:18, vincent blondel a écrit :
> Ok I am completely right with what you say but let's take a look to your
> example
> 

[...]

> 
> - you specify 1 ip adresse ( I have 15 users using webcams and / or audio )
> - for port 1720, you make dnat AND forward .... for what reason. Let's
> imagine I have three users using gnomeeting at the same time.
>   To which host do I have to redirect packets ???

You can use different ports than 1720. User x could listen on port
(1720+x). If you plan to use ILS as contact point for the users, just
know that a callto URL doesn't change with ports. I'm always reachable
using callto://ils.seconix.com/dsandras seconix com whatever my port is.

> - same thing with ports 30000:30010. Even if I use different port on each
> workstation how, can I say in my iptables config, to redirect which port
>    to which host ???

Of course you can.

> 
> and the same thing to the rest ???
> 
> So I am sorry but I don't imagine how I can use your script in ma situation
> ???

I never said you had to use that script, I think that if you have 15
users a good gatekeeper might be the right solution (as described in the
FAQ, see also the limitations). Notice that using a gatekeeper doing
proxy will introduce small delays in the voice and the video because of
the proxying of the data.

> Thanks to give me more explanations ...
> 
> Vincent
> 
> ----- Original Message -----
> From: "Damien Sandras" <dsandras seconix com>
> To: <gnomemeeting-list gnome org>
> Sent: Wednesday, November 13, 2002 10:27 PM
> Subject: Re: [GnomeMeeting-list] video conferencing config ???
> 
> 
> Pay attention that the H323 NAT module is broken with GnomeMeeting and
> with Netmeeting too.
> 
> I suggest you to read this part of the FAQ:
> http://www.gnomemeeting.org/index.php?rub=3&pos=0#AEN192
> 
> given the fact that GnomeMeeting can run behind firewalls/nat gateways
> with simple port forwarding, I don't think you need DMZ's. For
> Netmeeting, you will have to use a gatekeeper (there is an error in the
> FAQ, external users can call you even without registering to your GK if
> you configure it that way).
> 
> 
> Le mer 13/11/2002 à 21:48, vincent blondel a écrit :
> > Hi all,
> >
> > I just subscribed on this mailing-list because I got some questions to
> implement a video conferencing infrastructure.
> > I give you below a graphical representation of our network. We want to
> authorize h.323 traffic from and to domains dev1 and dev2.
> >
> > I searched on the net for examples of such a configuration but I didn't
> find it. I found well some explanations on some subjects as GnomeMeeting,
> firewall, nat h.323 but not all this together.
> >
> > I will first begin by giving you an explanation on our situation.
> > - The communication between the lan domains and the internet pass through
> one DMZ zone
> > - DMZ is made by two servers running slackware 8.0
> > - DMZ1 is configured with kernel 2.4.18 patched with patch-o-matic20020825
> and iptables is upgraded to 1.2.7a so I
> >   got modules to make h.323 nat
> > - dev1 and dev2 communicates with dmz through hardware switch/nat/firewall
> SMC7008BR ( I don't think they have nat h323
> >   incorporated )
> > - we have several clients with linux and/or windows stations running
> Gnomemeeting and/or Netmeeting
> > ... and finally we want to open webcams from DEV1 and DEV2 to the net.
> >
> >           10.66.0.xxx
> >      +---------------+
> >      |   SMC7008BR   |
> >      +---------------+
> >           10.66.1.xxx
> >               DEV2
> >             |        |
> >   +---------+-+   +--+--------+
> >   | slack 8.0 |   | Slack 8.0 |
> >   +-----------+   +-----------+
> >                   192.168.0.xxx   +-----+       10.66.0.xxx
> >                                   | pp0 |  +---------------+
> >                                   +--+--+  |   switch      |
> >                                      |     +---------------+
> >                                               DMZ
> >                                      +-------+  +-------------+
> >                                      | DMZ2  |  |  DMZ1       |
> >                                      |       |  |             |
> >                                      |  NS2  |  | NS1         |
> >                 10.66.0.xxx          |  HTTP2|  | HTTP1       |
> >            +---------------+         +-------+  | FTP         +--ISP
> >            |   SMC7008BR   |                    | SMTP        |
> >            +---------------+                    +-------------+
> >               192.168.0.xxx                      192.168.0.xxx
> >                   DEV1
> >              |          |
> >  +-----------+-+      +-+---------+
> >  |   linux     | .... |    w2k    |
> >  +-------------+      +-----------+
> >   GnomeMeeting         NetMeeting
> >
> >
> >
> > So my problems are the followings :
> >
> > - I found on the net this configuration for module ip_nat_h323
> >   #! /bin/bash
> >   EXTERNAL_IF=eth0
> >   EXTERNAL_IP=mon.ip.pub.lic
> >   PCA_HOST=mon.ip.pri.vee
> >
> >   $IPTABLES=/usr/local/sbin/iptables
> >
> >   /sbin/modprobe -a -k -s -v ip_nat_h323
> >
> >   logger -s "H323 Ports"
> >   H323_PORTS="389 522 1503 1720 1731 8080"
> >   for PORT in $H323_PORTS; do
> >   $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p tcp -d $EXTERNAL_IP \
> >   --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
> >   -j DNAT --to-destination $PCA_HOST -v
> >   done
> >
> >   logger -s "H323 Ports"
> >   H323_PORTS="389 522 1503 1720 1731 8080"
> >   for PORT in $H323_PORTS; do
> >   $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p udp -d $EXTERNAL_IP \
> >   --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
> >   -j DNAT --to-destination $PCA_HOST -v
> >   done  It is a very good example but this configuration concerns config
> with one client running Gnomemeeting and/or Netmeeting- so maybe solution
> for above problem is maybe to configure on DMZ1 or DMZ2 a h323 Gatekeeper
> ???    but in this case, do I have to replace in the above script $PCA_HOST
> by DMZ1 ip address so 10.66.0.1- and finally, if I have to configure a h323
> GateKeeper, what do you think about these ones :
> >     http://www.gnugk.org/h323develop.html or this one
> http://www.gnugk.org/
> >
> > If one of you is using such a config, help, suggestions and remarks will
> be appreciated.
> >
> > Thanks in advance
> > Vincent
> --
>   _
>  (o-      SANDRAS Damien
>  //\
>  v_/_     Check Out Gnome Meeting !
>           http://www.gnomemeeting.org/
> 
> 
> 
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
> 
> 
> _______________________________________________
> GnomeMeeting-list mailing list
> GnomeMeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
-- 
  _
 (o-      SANDRAS Damien
 //\      
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/
References:
- [GnomeMeeting-list] video conferencing config ???
  - From: vincent blondel
- Re: [GnomeMeeting-list] video conferencing config ???
  - From: Damien Sandras
- Re: [GnomeMeeting-list] video conferencing config ???
  - From: vincent blondel
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]