Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Bret Watson (lists_at_ticm.com)
To: Bartek Krajnik <email@example.com>, firstname.lastname@example.org Date: Tue, 26 Aug 2003 10:47:13 +0800
At 11:30 23/08/03 +0200, Bartek Krajnik wrote:
>Here is everything what You need:
The trouble with micro$oft's advice is that it means opening huge holes in
the firewall, or trusting that Checkpoint's protocol handler works nicely..
A better solution is this..
in the DMZ place a H323 gatekeeper with routed proxying turned on, restrict
the port ranges to the number of simultaneous connections you expect to
In the LAN, place another gatekeeper with proxying turned on and ports as
above for external addresses.. point it at the DMZ proxy. Setup everyone's
Netmeeting to use the gatekeeper (you'll need to set some standard for
registering with the gatekeeper too.. in the past I've used their desk
phone number (the full international number, not just the extension)...
Open rules to allow external to point at the port ranges specified on the
DMZ proxy, open ports to allow the internal gatekeeper to point at the dmz
gatekeeper (same port range)
Make sure you've configured everything nicely - this part is not so easy..
once you have done that however - you will have an internal gatekeeper that
knows how to route calls to the outside, as well as an external gatekeeper
that knows how to route calls from the outside.. neither party will have a
Technical Incursion Countermeasures www.ticm.com
The Insider Community http://www.ticm.com/~insider/
firewall-wizards mailing list