It understandable with the multi-user setup - not doable. but i've only got
a single client that i'm interested in. i've tried passing/forwarding the
h.323 ports back to him but it still doesn't work - but i also don't see any
rejects occuring in the logs? i would expect to see some from some of the
dynamic ports...i guess i was hoping the 323 protocol would take care of the
dynamic mapping and i could just port-forward what ever else needed it!
incedentally, vpn IS how we're getting around it now - but going through 3
(effectively 4) Eiger boxes seems to be zapping performance. 2 that want to
talk, connect to a single vpn site, then one calls the other over that
connection. i'm just thinking that connecting directly would sure help on
the performance! ('course we could up the cpu and/or net card on the eiger
boxes!)
thanks!
dwf
-----Original Message-----
From: Todd Pearsall [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 02, 2001 9:29 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [Leaf-user] h323
It's not do-able in a masquerade environment. Say you have 5 Netmeeting
users behind the firewall and a connection request comes in to the firewall
with your external IP address on it. The firewall has no way to know which
of the 5 users it is supposed to go to. With the ip_masq_h232 module you
can initiate connections because then the firewall can keep track of who you
are talking to and route incoming packets properly.
A variation that should work is if you only have one Netmeeting client.
Then you can tell the firewall to pass any h323 traffic to a specific user
IP address and are actually port-forwarding instead of masquerading. The
only problem if I recall correctly is that the h323 protocol or Netmeeting
(not sure which) requires a ton of ports to be open because it selection
ports dynamically. This means you've left a lot of opportunities to go
through your firewall and attack you PC directly.
If you have only specific users you need to have Netmeetings with then
setting up VPN connections solves this problem since you no longer
masquerade the traffic and Netmeeting works fine. But VPNs are discussion
for a different thread :)
- Todd
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Fallin
> Sent: Friday, November 02, 2001 10:07 AM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] h323
>
>
> Anyone had any luck getting this to work on incoming connections
> (primarily
> with NetMeeting)?
>
> dwf
>
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
