[Shorewall-newbies] H323 and videoconferencing

Francesca C. Smith fsmith at ladylinux.com
Sun Dec 7 19:38:26 PST 2003


Hello,

It is quite a security risk .. But if you are smart and use a Windoze
FW  like Zone Alarm .. You can get away with it .. But file-sharing etc
to your local zone .. Is perhaps ... well kinda like opening the gates
to the castle with the invaders sitting outside .. I am not sure what
the point is .. 

Francesca
On Sun, 2003-12-07 at 18:18, Alex Martin wrote:
> Hello,
> 
> I searched at www.shorewall.net for netmeeting:
> Found FAQ #3:
> 
> 3. I want to use Netmeeting or MSN Instant Messenger with Shorewall. 
> What do I do?
> 
> Answer: There is an H.323 connection tracking/NAT module ( H.323 
> connection tracking/NAT module) that helps with Netmeeting. Look here 
> (http://linux-igd.sourceforge.net/) for a solution for MSN IM but be 
> aware that there are significant security risks involved with this 
> solution. Also check the Netfilter mailing list archives at 
> http://www.netfilter.org.
> 
> Does this help? I am not familiar with h323. But I am happy to help you 
> work through it. Apparently, there are many different applications that 
> use variants of the definition.
> 
> Alex Martin
> http://www.rettc.com
> 
> gregory wrote:
> 
> 
> > I know this topic has been tackled before. I've searched the 
> > mailinglist. But I can't figure it out.
> > 
> > Can someone give me the rule set to allow h323 connections from and to 
> > another computer? I don't really care, I know I'll be punching huge 
> > holes in my firewall.
> > Right now I have this in my rules file:
> > ACCEPT  loc     fw      tcp     7122
> > ACCEPT  net     loc     tcp     1720
> > ACCEPT  loc     net     tcp     1720
> > ACCEPT  loc     net     tcp     30000:30010
> > ACCEPT  loc     net     udp     5000:5003
> > ACCEPT  loc     net     udp     5010:5013
> > ACCEPT  net     loc     tcp     389
> > ACCEPT  net     loc     tcp     522
> > ACCEPT  net     loc     tcp     1503
> > ACCEPT  net     loc     tcp     1731
> > ACCEPT  net     loc     tcp     1024:65535
> > ACCEPT  loc     net     tcp     1024:65535
> > ACCEPT  net     loc     udp     1024:65535
> > ACCEPT  loc     net     udp     1024:65535
> > 
> > But it still doesn't work. I'm using Gnomemeeting or Netmeeting, 
> > depends, I dual boot. The other party is always using Netmeeting.
> > 
> > 
> > Gregory
> > 
> > _______________________________________________
> > Shorewall-newbies mailing list
> > Post: Shorewall-newbies at lists.shorewall.net
> > Subscribe/Unsubscribe: 
> > https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> > Support: http://www.shorewall.net/support.htm
> > FAQ: http://www.shorewall.net/FAQ.htm
> 
> _______________________________________________
> Shorewall-newbies mailing list
> Post: Shorewall-newbies at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-newbies
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 



More information about the Shorewall-newbies mailing list