Re: [GnomeMeeting-list] Partial success!

From: Josep Puigdemont <baldrick terra es>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] Partial success!
Date: Mon, 01 Mar 2004 21:13:17 +0100

Hi Anne,

On Mon, 2004-03-01 at 20:04, Anne Wilson wrote:
> On Monday 01 March 2004 11:10, Josep Puigdemont wrote:
> > Hi Anne,
> >
> > I also use shorewall with GnomeMeeting. I don't know for you, but
> > my firewall is located in my gateway (on another computer), so I
> > have to use DNAT and forward the ports to a my computer inside the
> > network. If your videoconference computer is the same as your
> > firewall, then the rules should be ok, if it is just a gateway,
> > like for me, change "ACCEPT" for "DNAT", and specify a computer
> > inside your network, like:
> >
> > # Rules for GnomeMeeting
> > DNAT            net     loc:192.168.1.4         tcp     1720
> > DNAT            net     loc:192.168.1.4         tcp     30000:30010
> > DNAT            net     loc:192.168.1.4         udp     5000:5003
> >
> > The internal IP for my computer is 192.168.1.4, and my internal
> > network is called "loc" in the "zones" configuration file of
> > Shorewall. And "net" defines the Internet zone.
> >
> Josep, I fully understand the basis of a firewall, but am very 
> inexperienced in the details.  In my case shorewall is on my local 
> box.  I have a hardware router/firewall that is the first line of 
> defence, but it does not allow me to open ranges of ports, just 
> individual ones, so I decided that the easiest and most practical 
> solution would be to go dmz for the duration of a call, with 
> shorewall giving me local protection.

So if I understand it right, there's another box doing NAT between you
and the Internet. If so, then I'm almost certain that you have to set up
that box.
Going to dmz on your first firewall doesn't solve the problem, as you
still need to forward those ports from the first firewall to a certain
computer on your dmz.

At my parent's, they have a DSL modem with integrated firewall/nat, etc,
and I can't specify a range of ports to be forwarded either, so I had to
forward them one by one, but you do that only once! :)


Hope it helps!

Salut!

/Josep


> I assume, therefore, that dnat is not applicable in this case.  Nor, I 
> think is forwarding?  I may well be totally wrong - as I said, I am 
> feeling my way in this, and would be grateful for any help you can 
> give me.
> 
> BTW - I have started a GnomeMeeting page on the Mandrake Community 
> TWiki, so any help I get on this will end up on there too, to help 
> others in future.
> 
> Anne
> - -- 
> Registered Linux User No.293302
> Have you visited http://twiki.mdklinuxfaq.org yet?

Follow-Ups:
- Re: [GnomeMeeting-list] Partial success!
  - From: Anne Wilson

References:
- Re: [GnomeMeeting-list] Partial success!
  - From: Damien Sandras
- Re: [GnomeMeeting-list] Partial success!
  - From: Josep Puigdemont
- Re: [GnomeMeeting-list] Partial success!
  - From: Anne Wilson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]