Menu
▾
▴
Re: [mailinglists] [Shorewall-users] Solution: H323, Gnomemeeting, Netmeeting
|
From: Joshua B. <sy...@co...> - 2004-09-05 19:29:37
|
Ingo Lantschner wrote: > Hi all, > I have seen many posts on the Shorewalllists dealing with H323. > Although lots of them indicated that this is difficult process with > kernelrecompilation etc. I just tried what seemed to be logical for > me. Surprisingly it worked. > > Configuration: > > WS1 ----- FW ------ Internet ------- WS2/Shorewall > > WS1, FW and WS2 run Redhat9 with its standardkernel 2.4.20. FW and > WS2 run Shorewall and here are the rules: > > > rules on FW: > ------------------------------------------------------------- > # H323 > > DNAT net loc:192.168.3.11 tcp 1720 > DNAT net loc:192.168.3.11 tcp 30000:30010 > ------------------------------------------------------------- > > rules on WS2 > ------------------------------------------------------------- > # H323 > ACCEPT net fw tcp 1720 > ACCEPT net fw tcp 30000:30010 > ------------------------------------------------------------- > > WS1 and WS2 both run Gnomemeeting and we can talk with each other > fine. There is no patch and no gatekeeper involved. > > Hope this is usefull for someone else and pls. let me know, if you > have any concerns regarding security. Thanks for the howto. Please clarify the following: Is the WS1 machine being Natted by a firewall or does WS1 have the public ip statically assigned to it? Can WS2 initiate the GnomeMeeting session and still get Auido and Video to work? I've never tried GnomeMeeting but I would like to give it a shot soon. My problem is everyone wants to use MS Netmeeting which is hell through a firewall and doesn't like to be natted for reasons to long to explain. I've had to use Netmeeting servers statically natted or going through branch to branch vpn tunnels. And even then it seems to be a nightmare.. Thanks, Joshua Banks |
