Re: [GnomeMeeting-list] Major ILS change
- From: Craig Southeren <craigs postincrement com>
- To: Damien Sandras <damien sandras it-optics com>, gnomemeeting-list gnome org
- Subject: Re: [GnomeMeeting-list] Major ILS change
- Date: Mon, 15 Mar 2004 21:25:46 +1100
On Mon, 15 Mar 2004 11:18:46 +0100
Damien Sandras <damien sandras it-optics com> wrote:
..deleted
> > The approach I described allows you to deny registration to people who
> > cannot possibly receive calls (because they are behind a NAT firewall
> > which is not H.323 aware) while not forcing everyone to use port 1720
> > (which I suspect will cause many people to be rejected who are perfectly
> > able to receive calls).
>
> Your approach will only allow people registering on another port than
> 1720 on a public IP to be registered.
This is not correct.
> People behind NAT using another port with 1720 will still have the same problem.
This is not correct either
> > Consider the situation where you have three people all on the same local
> > LAN behind the same NAT firewall. Forcing the use of port 1720 means
> > only one of them could be registered with the seconix ILS as only one of
> > them can receive incoming connections on port 1720. To my mind, this is
> > a serious restriction, especially as some ISPs use NAT firewalls.
>
> No, the restriction is based on the public IP, if one of them is
> registered to the ILS on port 1720, all of them will be allowed to
> register.
Then the test is bogus. That means that once a user has registered with
a public IP address, then any number of users behind the same firewall
will be accepted for registration regardless of whether they can acually accept
calls or not.
> I could port scan on the port, the problem is the internal structure of
> the PERL ILS backend which prevents me to do that without rewriting a
> lot of things.
Then I do not understand what you are doing. Aren't you already port
scanning port 1720?
Craig
-----------------------------------------------------------------------
Craig Southeren, craigs postincrement com http://www.postincrement.com
Post Increment - Software, Consulting and Services
Co-founder of the only open source H.323 project
Phone: +61 2 43654666 Fax: +61 2 43673140 Mobile: +61 417 231046
ICQ: #86852844 MSN: craig_southeren hotmail com
GnuPG Public Key: http://www.postincrement.com/pgp.txt
Blog: http://www.southeren.com/blog/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]