Re: [GnomeMeeting-list] Gnomemeeting behind a Cisco Nat Firewall

From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] Gnomemeeting behind a Cisco Nat Firewall
Date: 05 Mar 2003 16:25:50 +0100

Le mer 05/03/2003 à 16:09, Christian Nabski a écrit :
> Interesting topic because I am also trying that. :-) 
> They have something like fixup h323 which should provide native h323 ?

That's possible, many routers support now H.323, but the problem is that
most of them support older version of H.323, that's why you have to
disable Fast Start and H.245 Tunneling.

> And from what I understand you should then make static route from your 
> outside interface to the inside ip address and tcp h323
> Then make an acl list which gives the permission from outside to inside ip 
> tcp h323 ?
> 

yes, only for port 1720 as the other ports are resulting from the
connection and if the router supports H.323 and Statefull firewalling,
you only need to allow the initial port, 1720.

> If someone has a working config ... Please share it maybe we can add it to 
> the faq.
> 

Another suggestion is to add patches for NAT penetration in GnomeMeeting
and make it register to an external gatekeeper which supports NAT
penetration. I'll do that soon.

-- 
 _	Damien Sandras
(o-	GnomeMeeting: http://www.gnomemeeting.org/
//\	FOSDEM 2003:  http://www.fosdem.org
v_/_	H.323 phone:  callto://ils.seconix.com/dsandras seconix com

Follow-Ups:
- Re: [GnomeMeeting-list] Gnomemeeting behind a Cisco Nat Firewall
  - From: Christian Nabski

References:
- Re: [GnomeMeeting-list] Gnomemeeting behind a Cisco Nat Firewall
  - From: Christian Nabski

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]