[Hudlug] Videoconferencing

Anne Wilson hudlug at mailman.lug.org.uk
Fri Mar 28 10:40:04 2003 

On Thursday 27 Mar 2003 10:45 pm, Tim Bray wrote:
> Anne Wilson wrote:
> > Has anyone tried video conferencing through a firewall?
>
> This is my job.
>
Hi, Tim

> Do you want to explain a bit more?
>
> I am presuming that when you say firewall, you actually mean NAT.
>
Yes - my router has NAT. =20

> But basically the problem goes like this.  H.323 conferencing (gnome
> meeting, netmeeting, ProVU IP videophone) uses UDP to send the audio an=
d
> video.  UDP is not connection oriented, and so the NAT has a hard time.
>
> But usually you can get it to work by using using port forwarding, and
> also telling the video conferencing software/hardware what it's externa=
l
> IP address.
>
OK - the first step I've made is opened 1024 forwarded to this box.  ICQ =
works=20
for both IM and chat.

> The H.323 standard says that all UDP ports from 1024 upwards must be
> open.  In reality most software uses specific ports, so you know which
> ones to open/forward.
>
That fits with all I have read.  Two problems:

a) I don't like the idea of opening a huge range of ports.  I understand =
that=20
only this box is at risk, but that's unacceptable.

b)  My router will open specific ports without problem, but I couldn't as=
k for=20
an open range if I wanted to.

I have read of software h323 gatekeepers, and wonder if this is a solutio=
n for=20
me.  Otherwise, is there a way of getting specific ports for the video us=
e -=20
if it could be narrowed to a small number I could open them separately.

My friend in USA uses a Linksys, which apparently is capable of linking=20
opening to specific apps, so that he is only exposed for the duration of =
the=20
call.  This does not appear to be available on my SMC Barricade (7410BRA)=
=2E =20
Would a gatekeeper do this?  I need to read more, as I'm still gaining=20
understanding of how it all works.

> Ideally, get an ISP who will give you some IP addresses.
>
I can ask my isp for additional addresses, that's no problem.  It would b=
e set=20
up within a day or so, but I need to understand much more about how they =
can=20
be used to help.

I would appreciate any help you can give me.

Thanks

Anne
--=20
Registered Linux User No.293302