[Shorewall-newbies] H323 and videoconferencing
teastep at shorewall.net
Tue Dec 9 15:08:44 PST 2003
On Tuesday 09 December 2003 01:35 pm, gregory wrote:
> Ok, suppose I somehow do it and manage to install the h323 patch :)
> What does it give me? I mean does it mean I have automatically h323
> support and have to do nothing to be able to enjoy videoconferencing? No
> rules to set up in my firewall etc?
Once you get the module installed, you must still port forward the following
TCP ports to the computer that is running your H323 client (Netmeeting or
389, 522, 1503, 1720, 1731, 8080 and 1469
WARNING: I got that information from the netfilter list and have not verified
it myself. Remember that there is no Shorewall support for Netfilter
> Forgive my questions .. after all this is the newbie mailing list :)
> Also on a side note, can you tell me what rules I have to add to allow
> h323 connection in Shorewall? I know it's a security risk, but I would
> like to try it. The firewall isn't running on a mission critical system.
> I know the ports h323 uses, 1720 1731 and dynamic 1024 to 65535. But I
> can't figure out the exact rules to apply in Shorewall.
> ACCEPT net loc tcp 1720
> ACCEPT loc net tcp 1731
> ACCEPT loc net tcp 1024:65535
> ACCEPT loc net udp 1024:65535
> Doesn't work. Anyone?
If a simple set of rules would work, why in %$#@ would someone go to all of
the work to build connection-tracking/NAT modules for the kernel?
If you want H323 then:
a) Don't run a packet filtering firewall; or
b) Run one that supports H323.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies