Re: [GnomeMeeting-list] video conferencing config ???

From: Damien Sandras <dsandras seconix com>
To: gnomemeeting-list gnome org
Subject: Re: [GnomeMeeting-list] video conferencing config ???
Date: 13 Nov 2002 22:27:06 +0100
Pay attention that the H323 NAT module is broken with GnomeMeeting and
with Netmeeting too.

I suggest you to read this part of the FAQ:
http://www.gnomemeeting.org/index.php?rub=3&pos=0#AEN192

given the fact that GnomeMeeting can run behind firewalls/nat gateways
with simple port forwarding, I don't think you need DMZ's. For
Netmeeting, you will have to use a gatekeeper (there is an error in the
FAQ, external users can call you even without registering to your GK if
you configure it that way).


Le mer 13/11/2002 à 21:48, vincent blondel a écrit :
> Hi all,
> 
> I just subscribed on this mailing-list because I got some questions to implement a video conferencing infrastructure.
> I give you below a graphical representation of our network. We want to authorize h.323 traffic from and to domains dev1 and dev2.
> 
> I searched on the net for examples of such a configuration but I didn't find it. I found well some explanations on some subjects as GnomeMeeting, firewall, nat h.323 but not all this together.
> 
> I will first begin by giving you an explanation on our situation.
> - The communication between the lan domains and the internet pass through one DMZ zone
> - DMZ is made by two servers running slackware 8.0
> - DMZ1 is configured with kernel 2.4.18 patched with patch-o-matic20020825 and iptables is upgraded to 1.2.7a so I 
>   got modules to make h.323 nat
> - dev1 and dev2 communicates with dmz through hardware switch/nat/firewall SMC7008BR ( I don't think they have nat h323
>   incorporated )
> - we have several clients with linux and/or windows stations running Gnomemeeting and/or Netmeeting
> ... and finally we want to open webcams from DEV1 and DEV2 to the net.
> 
>           10.66.0.xxx
>      +---------------+
>      |   SMC7008BR   |
>      +---------------+
>           10.66.1.xxx
>               DEV2
>             |        |
>   +---------+-+   +--+--------+
>   | slack 8.0 |   | Slack 8.0 |
>   +-----------+   +-----------+
>                   192.168.0.xxx   +-----+       10.66.0.xxx
>                                   | pp0 |  +---------------+
>                                   +--+--+  |   switch      |
>                                      |     +---------------+
>                                               DMZ
>                                      +-------+  +-------------+
>                                      | DMZ2  |  |  DMZ1       |
>                                      |       |  |             |
>                                      |  NS2  |  | NS1         |
>                 10.66.0.xxx          |  HTTP2|  | HTTP1       | 
>            +---------------+         +-------+  | FTP         +--ISP
>            |   SMC7008BR   |                    | SMTP        |
>            +---------------+                    +-------------+
>               192.168.0.xxx                      192.168.0.xxx
>                   DEV1
>              |          | 
>  +-----------+-+      +-+---------+
>  |   linux     | .... |    w2k    |
>  +-------------+      +-----------+
>   GnomeMeeting         NetMeeting
> 
> 
> 
> So my problems are the followings :
> 
> - I found on the net this configuration for module ip_nat_h323
>   #! /bin/bash
>   EXTERNAL_IF=eth0
>   EXTERNAL_IP=mon.ip.pub.lic
>   PCA_HOST=mon.ip.pri.vee
> 
>   $IPTABLES=/usr/local/sbin/iptables
> 
>   /sbin/modprobe -a -k -s -v ip_nat_h323
> 
>   logger -s "H323 Ports"
>   H323_PORTS="389 522 1503 1720 1731 8080"
>   for PORT in $H323_PORTS; do
>   $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p tcp -d $EXTERNAL_IP \
>   --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
>   -j DNAT --to-destination $PCA_HOST -v
>   done
> 
>   logger -s "H323 Ports"
>   H323_PORTS="389 522 1503 1720 1731 8080"
>   for PORT in $H323_PORTS; do
>   $IPTABLES -t nat -A PREROUTING -i $EXTERNAL_IF -p udp -d $EXTERNAL_IP \
>   --dport $PORT -m state --state NEW,ESTABLISHED,RELATED \
>   -j DNAT --to-destination $PCA_HOST -v
>   done  It is a very good example but this configuration concerns config with one client running Gnomemeeting and/or Netmeeting- so maybe solution for above problem is maybe to configure on DMZ1 or DMZ2 a h323 Gatekeeper ???    but in this case, do I have to replace in the above script $PCA_HOST by DMZ1 ip address so 10.66.0.1- and finally, if I have to configure a h323 GateKeeper, what do you think about these ones : 
>     http://www.gnugk.org/h323develop.html or this one http://www.gnugk.org/ 
> 
> If one of you is using such a config, help, suggestions and remarks will be appreciated.
> 
> Thanks in advance
> Vincent
-- 
  _
 (o-      SANDRAS Damien
 //\      
 v_/_     Check Out Gnome Meeting !
          http://www.gnomemeeting.org/
Follow-Ups:
- Re: [GnomeMeeting-list] video conferencing config ???
  - From: vincent blondel
References:
- [GnomeMeeting-list] video conferencing config ???
  - From: vincent blondel
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]