RE: [leaf-user] H323/NetMeeting support in Bering
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Noyes I'm not sure if this will help, but have you considered using a Gatekeeper? pn] Thanks Mike. I'll check out these links. --- Peter Nosko --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] H323/NetMeeting support in Bering
On Thu, 2003-01-23 at 17:25, Mike Noyes wrote: On Thu, 2003-01-23 at 16:39, John Mullan wrote: If anyone has or ends up being successful on implementing this on their LEAF NAT, please let me (and of course the rest of the list) know how you did it. I second this suggestion. Everyone, For those that may be interested in tackling this problem, here are some source references that may help. newnat-summary.txt http://cvs.netfilter.org/netfilter/documentation/ h323-conntrack-nat* http://cvs.netfilter.org/netfilter/patch-o-matic/extra/ -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
On Tue, 2003-01-21 at 22:17, David Pitts wrote: I would like to use NetMeeting from my Bering protected home network. My research indicates that requires the H323-conntrack module and maybe some other configuration. Please feel free to correct me if that's wrong. However, I get the impression NetMeeting will still not be fully functional. Is that correct? Can someone tell me what limitations are placed on the operation of Net Meeting by the available modules? David, Yes. The limitations along with the ports used are listed at the link below. The h323-conntrack-nat modules are Alpha quality, and may cause unexpected problems. Also, I'm not sure if compiled modules are available for Bering at this time. extra extra depends on: submitted pending base Patches which are working fine together + patches which might break each other Netfilter: h323-conntrack-nat http://www.netfilter.org/documentation/pomlist/pom-extra.html#h323-conntrack-nat -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
On Thu, 2003-01-23 at 08:26, Mike Noyes wrote: Yes. The limitations along with the ports used are listed at the link below. The h323-conntrack-nat modules are Alpha quality, and may cause unexpected problems. Also, I'm not sure if compiled modules are available for Bering at this time. extra extra depends on: submitted pending base Patches which are working fine together + patches which might break each other Netfilter: h323-conntrack-nat http://www.netfilter.org/documentation/pomlist/pom-extra.html#h323-conntrack-nat Bering does have compiled h323-conntrack-nat modules available. http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.18/kernel/net/ipv4/netfilter/ http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/net/ipv4/netfilter/ -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] H323/NetMeeting support in Bering
Well, I looked at the OpenH323 Gatekeeper site and docs. As a relatively unskilled Linux person, I would say it looks promising. However, it would likely take me a long time to put it into my current LEAF configuration even though I do have the space (80Meg DoC and 32Meg RAM for a 5Meg binary!). If anyone has or ends up being successful on implementing this on their LEAF NAT, please let me (and of course the rest of the list) know how you did it. Thanks. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Wednesday, January 22, 2003 1:54 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] H323/NetMeeting support in Bering Mike Noyes wrote: On Wed, 2003-01-22 at 09:47, Peter Nosko wrote: pn] I realize that these distributions are produced by dedicated volunteers and by no means do I want to come across as being unappreciative of their efforts. But LEAF and NetMeeting have been around for some time now, and it seems that coming up with a solution for this should get some lasting attention. Is M$'s design truly solution-proof on LEAF firewalls? This is not a M$ thing, it's an H323 thing. Apparently, the H323 protocol was designed in some sort of space-time warp where firewalls are not required, there are more IP's than anyone would ever use (so no masquerading), servers don't have to be secured, and no-one ever gets any SPAM. It sounds like the internet of the 70's (ARPA net), but I didn't think they were doing video conferencing back then... :) I don't personally use netmeeting, but I am somewhat familiar with the H323 protocol and have helped a few folks get it running. IIRC, simply loading the h323 masquerading module (on 2.2 kernels), or it's 2.4 iptables equivelent will get 90% of what most folks want...the ability to place outbound phone calls. Adding a couple of port-forwards (and tweaking the in-bound firewall rules as required) will allow a single computer on the internal masqueraded network to recieve calls, which covers the last 10% of most users needs. To go beyond this (ie multiple internal clients behind a masquerading firewall with the ability for any/all clients to both place and recieve calls), an H323 gateway (see OpenH323) needs to be installed. Mike's links below, are excellent sources of information on getting H323 working with linux in general. Peter, I'm not sure if this will help, but have you considered using a Gatekeeper? Linux NETMEETING HOWTO http://en.tldp.org/HOWTO/NetMeeting-HOWTO/ OpenH323 Project http://www.openh323.org/ Gateway Protocol Stack http://www.iec.org/online/tutorials/h323/topic06.html OpenH323 Gatekeeper http://www.gnugk.org/ OpenGatekeeper H.323 Proxy http://openh323proxy.sourceforge.net/ Last resort Google string: linux netmeeting firewall -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] H323/NetMeeting support in Bering
On Thu, 2003-01-23 at 16:39, John Mullan wrote: Well, I looked at the OpenH323 Gatekeeper site and docs. As a relatively unskilled Linux person, I would say it looks promising. However, it would likely take me a long time to put it into my current LEAF configuration even though I do have the space (80Meg DoC and 32Meg RAM for a 5Meg binary!). John, I believe the gatekeeper should be run from a machine behind your leaf box. Unfortunately, I don't think the current h323-conntrack-nat Alpha modules support gatekeepers. You may need to use the 2.2.x kernel module instead. This means using a leaf release/branch that is based on kernel 2.2.x. ref. http://www.gnugk.org/h323manual.html # The gatekeeper can sit behind an NAT box and registered by endpoints with public IPs. ref. http://www.netfilter.org/documentation/pomlist/pom-extra.html#h323-conntrack-nat The H.323 conntrack/NAT modules do not support - H.245 tunnelling - H.225 RAS (gatekeepers) If anyone has or ends up being successful on implementing this on their LEAF NAT, please let me (and of course the rest of the list) know how you did it. I second this suggestion. -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
On Thursday 23 January 2003 07:25 pm, Mike Noyes wrote: John, I believe the gatekeeper should be run from a machine behind your leaf box. Unfortunately, I don't think the current h323-conntrack-nat Alpha modules support gatekeepers. You may need to use the 2.2.x kernel module instead. This means using a leaf release/branch that is based on kernel 2.2.x. I was playing around with the idea of doing some testing with the Linux PBX known as Astrisk some time ago, but never got anything going since I didn't have a ~$200 to blow on an experiment. Personally, this is an intriguing question which should be much better answered on the Asterisk mailing-list since I'm sure a couple of their people have running H232 boxes behind a firewall. http://www.asteriskpbx.com Maybe I'll get around to trying it myself sometime soon since I deal with the telecom market quite frequently. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
David Pitts wrote: I would like to use NetMeeting from my Bering protected home network. My research indicates that requires the H323-conntrack module and maybe some other configuration. Please feel free to correct me if that's wrong. However, I get the impression NetMeeting will still not be fully functional. Is that correct? Can someone tell me what limitations are placed on the operation of Net Meeting by the available modules? Thanks for your time. David Pitts I do not run netmeeting - but this question comes up almost every week. M$ uses dynamically assigned ports anywhere in the range 1024:65535 for incoming stuff. They designed this without considering firewalls and NAT. See http://support.microsoft.com/default.aspx?scid=KB;en-us;q158623 1. H323 takes care of connections initiated by a host on your private network. 2. You can only port forward incoming calls to a port single host behind your firewall. 3. Port forwarding the entire range of ports to this host defeats the very purpose of a firewall. I did a google search and it did not look promising although there are references to proxies on some commercial firewalls. --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
pn] Sorry for the PM Victor. I meant to send it to the list. --- Victor McAllister [EMAIL PROTECTED] wrote: I do not run netmeeting - but this question comes up almost every week. pn] Doesn't that indicate that it is high on the list of priorities for LEAF users? M$ uses dynamically assigned ports anywhere in the range 1024:65535 for incoming stuff. They designed this without considering firewalls and NAT. pn] I realize that these distributions are produced by dedicated volunteers and by no means do I want to come across as being unappreciative of their efforts. But LEAF and NetMeeting have been around for some time now, and it seems that coming up with a solution for this should get some lasting attention. Is M$'s design truly solution-proof on LEAF firewalls? = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
On Wed, 2003-01-22 at 09:47, Peter Nosko wrote: pn] Sorry for the PM Victor. I meant to send it to the list. --- Victor McAllister [EMAIL PROTECTED] wrote: I do not run netmeeting - but this question comes up almost every week. pn] Doesn't that indicate that it is high on the list of priorities for LEAF users? M$ uses dynamically assigned ports anywhere in the range 1024:65535 for incoming stuff. They designed this without considering firewalls and NAT. pn] I realize that these distributions are produced by dedicated volunteers and by no means do I want to come across as being unappreciative of their efforts. But LEAF and NetMeeting have been around for some time now, and it seems that coming up with a solution for this should get some lasting attention. Is M$'s design truly solution-proof on LEAF firewalls? Peter, I'm not sure if this will help, but have you considered using a Gatekeeper? Linux NETMEETING HOWTO http://en.tldp.org/HOWTO/NetMeeting-HOWTO/ OpenH323 Project http://www.openh323.org/ Gateway Protocol Stack http://www.iec.org/online/tutorials/h323/topic06.html OpenH323 Gatekeeper http://www.gnugk.org/ OpenGatekeeper H.323 Proxy http://openh323proxy.sourceforge.net/ Last resort Google string: linux netmeeting firewall -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] H323/NetMeeting support in Bering
Mike Noyes wrote: On Wed, 2003-01-22 at 09:47, Peter Nosko wrote: pn] I realize that these distributions are produced by dedicated volunteers and by no means do I want to come across as being unappreciative of their efforts. But LEAF and NetMeeting have been around for some time now, and it seems that coming up with a solution for this should get some lasting attention. Is M$'s design truly solution-proof on LEAF firewalls? This is not a M$ thing, it's an H323 thing. Apparently, the H323 protocol was designed in some sort of space-time warp where firewalls are not required, there are more IP's than anyone would ever use (so no masquerading), servers don't have to be secured, and no-one ever gets any SPAM. It sounds like the internet of the 70's (ARPA net), but I didn't think they were doing video conferencing back then... :) I don't personally use netmeeting, but I am somewhat familiar with the H323 protocol and have helped a few folks get it running. IIRC, simply loading the h323 masquerading module (on 2.2 kernels), or it's 2.4 iptables equivelent will get 90% of what most folks want...the ability to place outbound phone calls. Adding a couple of port-forwards (and tweaking the in-bound firewall rules as required) will allow a single computer on the internal masqueraded network to recieve calls, which covers the last 10% of most users needs. To go beyond this (ie multiple internal clients behind a masquerading firewall with the ability for any/all clients to both place and recieve calls), an H323 gateway (see OpenH323) needs to be installed. Mike's links below, are excellent sources of information on getting H323 working with linux in general. Peter, I'm not sure if this will help, but have you considered using a Gatekeeper? Linux NETMEETING HOWTO http://en.tldp.org/HOWTO/NetMeeting-HOWTO/ OpenH323 Project http://www.openh323.org/ Gateway Protocol Stack http://www.iec.org/online/tutorials/h323/topic06.html OpenH323 Gatekeeper http://www.gnugk.org/ OpenGatekeeper H.323 Proxy http://openh323proxy.sourceforge.net/ Last resort Google string: linux netmeeting firewall -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
