[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: H323 Rules for IPF
Interesting articles. Too bad such a handy thing has to be such a pain in
the arse. Has any work gone into developing a H323 proxy that would
integrate into PF for future releases of OBSD?
----- Original Message -----
From: "Nick Holland" <nick@holland-consulting.net>
To: "Misc @OpenBSD" <misc@openbsd.org>
Sent: Saturday, March 09, 2002 12:50 PM
Subject: Re: H323 Rules for IPF
> Geoff Sweet wrote:
> >
> > Running an OpenBSD 29 firewall. Has anyone discovered a good rule set
for
> > H323 clients such as Netmeeting to allow bi-directional video and sound?
I
> > know a number of ports are used, but that requires RDR's and what not.
I
> > don't mind doing that but i'll be danged if I can get it ALL to work
right.
> > Any thoughts? Or if you have other options please let me know. At this
point
> > I am pondering using Microsoft's ISA Netmeeting Gateway... hopefully
not.
> >
> > Thanks
> > Geoff Sweet
>
> Best rule for H.323 is "Don't do it!"
>
> Unfortunately, it is seemingly impossible to NAT or firewall H.323 in
> such a way that it leaves your firewall anything more than a
> speedbump.
>
> My favorite discussion of the topic, from our own Kjell Wooding:
> http://www.pintday.org/whitepapers/h323insecurity.shtml
>
> Nick.
> --
> http://www.holland-consulting.net