Here some info if you haven't seen it. http://www.coritel.it/coritel/ip/sofia/nat/nat2/nat2.htm
There used to be a site that listed how to masq a bunch a applications, but I couldn't find it. Anyone know the one I mean? I thought it was a link on Rick O's site, but didn't see it now. - Todd > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David Fallin > Sent: Friday, November 02, 2001 3:40 PM > To: 'Todd Pearsall'; [EMAIL PROTECTED] > Subject: RE: [Leaf-user] h323 > > > It understandable with the multi-user setup - not doable. but > i've only got > a single client that i'm interested in. i've tried passing/forwarding the > h.323 ports back to him but it still doesn't work - but i also > don't see any > rejects occuring in the logs? i would expect to see some from some of the > dynamic ports...i guess i was hoping the 323 protocol would take > care of the > dynamic mapping and i could just port-forward what ever else needed it! > > incedentally, vpn IS how we're getting around it now - but going through 3 > (effectively 4) Eiger boxes seems to be zapping performance. 2 > that want to > talk, connect to a single vpn site, then one calls the other over that > connection. i'm just thinking that connecting directly would sure help on > the performance! ('course we could up the cpu and/or net card on the eiger > boxes!) > > thanks! > > dwf > > -----Original Message----- > From: Todd Pearsall [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 02, 2001 9:29 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: [Leaf-user] h323 > > > It's not do-able in a masquerade environment. Say you have 5 Netmeeting > users behind the firewall and a connection request comes in to > the firewall > with your external IP address on it. The firewall has no way to > know which > of the 5 users it is supposed to go to. With the ip_masq_h232 module you > can initiate connections because then the firewall can keep track > of who you > are talking to and route incoming packets properly. > > A variation that should work is if you only have one Netmeeting client. > Then you can tell the firewall to pass any h323 traffic to a specific user > IP address and are actually port-forwarding instead of masquerading. The > only problem if I recall correctly is that the h323 protocol or Netmeeting > (not sure which) requires a ton of ports to be open because it selection > ports dynamically. This means you've left a lot of opportunities to go > through your firewall and attack you PC directly. > > If you have only specific users you need to have Netmeetings with then > setting up VPN connections solves this problem since you no longer > masquerade the traffic and Netmeeting works fine. But VPNs are discussion > for a different thread :) > > - Todd > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of David Fallin > > Sent: Friday, November 02, 2001 10:07 AM > > To: [EMAIL PROTECTED] > > Subject: [Leaf-user] h323 > > > > > > Anyone had any luck getting this to work on incoming connections > > (primarily > > with NetMeeting)? > > > > dwf > > > > > > _______________________________________________ > > Leaf-user mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
