Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router
- From: Damien Sandras <sandras info ucl ac be>
- To: gnomemeeting-list gnome org
- Subject: Re: [GnomeMeeting-list] Gnomemeeting behind a BSD-Firewall/Router
- Date: 13 Aug 2002 12:30:28 +0200
Thanks a lot for this contribution!
I'll add this to the FAQ ASAP :))
Le mar 13/08/2002 à 14:14, Matthias Redlich a écrit :
> Hi Gnomemeeting-List,
>
> I'm writing this additional mail because I think I forgot to write some
> more technical information yesterday. That's because I hadn't much time,
> I just wanted to inform you that it is possible to use the h.323 with a
> BSD router. Here are some more details:
>
> Of course, IP Filter has to be startet (ipf -E). You have to add 2
> entries in your ipnat configuration (/etc/ipnat.rules). First of all the
> syntax for the h.323 proxy:
>
> map ext-interface int-address/24 -> ext-address/32 proxy port 1720
> h323/tcp
>
> int-address/24 depends on your LAN, but in most cases it will be /24
> (c-class network). Otherwise you' ll have to change /24 to /16, /8 or
> perhaps /26 (if you are using CIDR)
> Many people of you will use a dialup connection with a dynamic
> IP-address, here one practical example (0/32 is for the dynamic
> address):
>
> map ppp0 192.168.0.0/24 -> 0/32 proxy port 1720 h323/tcp
>
> To be able to receive incoming calls you have to redirect tcp port 1720
> to your computer.
>
> rdr ext-interface ext-address/32 port 1720 -> int-address/32 port 1720
> tcp
>
> Here is an example:
>
> rdr ppp0 0/32 port 1720 -> 192.168.0.42/32 port 1720
>
> Restart ipnat and test your new ruleset.Please make sure to refresh your
> ipnat rules if you' ve got a new IP-address (reconnect).
>
> To ensure every packet can pass the packet filter, check that the
> following ports are permitted by your ruleset. I won't write any rules
> for your packet filter because everyone thinks different about security.
> Just check if it is secure enough for your needs (specify the source,
> destination and so on). Here are the ports you have to permit (more
> information in the GM FAQ):
> - TCP: 1720, 30000 - 30010 (depends on h.245 tunneling)
> - UDP: 5000 - 5003
>
> Ok, this might be enough.
>
> Best regards,
> Matthias Redlich
>
>
>
> _______________________________________________
> Gnomemeeting-list mailing list
> Gnomemeeting-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnomemeeting-list
--
_ Damien Sandras
(o- GnomeMeeting - H.323 Videoconferencing Application -
//\ web - http://www.gnomemeeting.org/
v_/_ H.323 phone - callto://ils.seconix.com/dsandras seconix com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]