Re: [GnomeMeeting-list] Major ILS change
- From: Damien Sandras <damien sandras it-optics com>
- To: Craig Southeren <craigs postincrement com>
- Cc: gnomemeeting-list gnome org
- Subject: Re: [GnomeMeeting-list] Major ILS change
- Date: Mon, 15 Mar 2004 11:18:46 +0100
Le lun, 15/03/2004 à 21:13 +1100, Craig Southeren a écrit :
> It is not a requirement for a H.323 call that one (or either) endpoint
> be listening on port 1720. That port is simply a "well known" port that
> all endpoints agree to use in the absence of any other information.
> Using an ILS (or LDAP server) is an excellent example of where port 1720
> is NOT required, because you can advertise that you are using another
> port for incoming calls.
>
I know this, see the previous emails on the devel mailing list where I
explained the problem I was having with the port.
> > But I don't understand what your approach brings as advantage to
> > the current one. Perhaps I'm missing something in the explanation. It
> > would however decrease the load of the server.
>
> The approach I described allows you to deny registration to people who
> cannot possibly receive calls (because they are behind a NAT firewall
> which is not H.323 aware) while not forcing everyone to use port 1720
> (which I suspect will cause many people to be rejected who are perfectly
> able to receive calls).
Your approach will only allow people registering on another port than
1720 on a public IP to be registered. People behind NAT using another
port with 1720 will still have the same problem.
> Consider the situation where you have three people all on the same local
> LAN behind the same NAT firewall. Forcing the use of port 1720 means
> only one of them could be registered with the seconix ILS as only one of
> them can receive incoming connections on port 1720. To my mind, this is
> a serious restriction, especially as some ISPs use NAT firewalls.
No, the restriction is based on the public IP, if one of them is
registered to the ILS on port 1720, all of them will be allowed to
register.
I could port scan on the port, the problem is the internal structure of
the PERL ILS backend which prevents me to do that without rewriting a
lot of things.
--
_ Damien Sandras
(o-
//\ It-Optics s.a.
v_/_ GnomeMeeting: http://www.gnomemeeting.org/
FOSDEM 2004: http://www.fosdem.org
H.323 phone: callto:ils.seconix.com/dsandras seconix com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]