It's not do-able in a masquerade environment. Say you have 5 Netmeeting users behind the firewall and a connection request comes in to the firewall with your external IP address on it. The firewall has no way to know which of the 5 users it is supposed to go to. With the ip_masq_h232 module you can initiate connections because then the firewall can keep track of who you are talking to and route incoming packets properly.
A variation that should work is if you only have one Netmeeting client. Then you can tell the firewall to pass any h323 traffic to a specific user IP address and are actually port-forwarding instead of masquerading. The only problem if I recall correctly is that the h323 protocol or Netmeeting (not sure which) requires a ton of ports to be open because it selection ports dynamically. This means you've left a lot of opportunities to go through your firewall and attack you PC directly. If you have only specific users you need to have Netmeetings with then setting up VPN connections solves this problem since you no longer masquerade the traffic and Netmeeting works fine. But VPNs are discussion for a different thread :) - Todd > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David Fallin > Sent: Friday, November 02, 2001 10:07 AM > To: [EMAIL PROTECTED] > Subject: [Leaf-user] h323 > > > Anyone had any luck getting this to work on incoming connections > (primarily > with NetMeeting)? > > dwf > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
