Topic: netmeeting

[Max]

I am trying to get MS netmeeting working so that I can host meetings inside.
I can connect to a meeting hosted outside, but I would outsiders to connect to a meeting inside.

This would only be done on one machine so a solution that involves statically routing some ports to an inside machine is fine.

I have heard tell of an ipmasq module that is all set to do something like this but everywhere I look on the net, there are only bad links... did something happen to this file?

any help on the whereabout of the file or how to do this procedure would be appreciated.

Also: I think I read that 4.1 comes with the file I need, but I need another 2 weeks to upgrade and I would like to get this working before hand.

Thanks,
Max

[Des Dougan]

Go to http://www.coritel.it/coritel/index.html and follow the links for IP Networking and SOFIA. There is a download link for the H.323 module you need.

Des Dougan

[Max]

ok thanks for the link.
I have some more questions if anyone knows the answers:

1. e-smith doesn't come with a compiler or a "make"r, should I download one or does someone have a binary for me?

2. the directions on coritel's page reference the '/usr/src/linux/net/ipv4' directory. where does that correspond to on redhat? is it /lib/modules/2.2.12-20/ipv4?

3. once installed does this module let anyone on the internal network be able to host netmeeting calls?

thanks,

Max

[Des Dougan]

>> 1. e-smith doesn't come with a compiler or a "make"r, should I download one
or does someone have a binary for me? <<

I just checked - the H323 object module is included (in /lib/modules/2.2.16-22/ipv4/ip_masq_h323.o). This is on a 4.1 system - not sure about 4.0.

>> 2. the directions on coritel's page reference the '/usr/src/linux/net/ipv4'
directory. where does that correspond to on redhat? is it
/lib/modules/2.2.12-20/ipv4? <<

The /usr/src tree is the same on RedHat. /lib/modules is for the compiled files.

>> 3. once installed does this module let anyone on the internal network be
able to host netmeeting calls? <<

Yes.



Des Dougan

[Des Dougan]

Looks like I screwed up the reply last time...

See below, numbered per your questions:

1. I just checked - the H323 object module is included (in /lib/modules/2.2.16-22/ipv4/ip_masq_h323.o)

2. The /usr/src tree is the same on RedHat. /lib/modules is for the compiled files.

3. Yes.



Des Dougan

[max]

Oops!

I just realized that this is going in the wrong direction.
I have an e-smith box sharing our internet connection with a bunch of pc's inside with 192.168.0.x addresses. So if I want one of them to be able to host a meeting I need to have the ports be forwarded from my e-smith box to a machine on the inside, because people on the out side are going to need to connect to my e-smith machine, because its the only one with a real address.

does this mean I need to do some ipmasqdm portfw type stuff?
lets say I want to forward all UDP ports between 1024 and 65535.. how do I go about doing that (temporarily of course).

Thanks for all the help so far!

-Max

[Charlie Brady]

max wrote:

> So if I want
> one of them to be able to host a meeting I need to have the
> ports be forwarded from my e-smith box to a machine on the
> inside, because people on the out side are going to need to
> connect to my e-smith machine, because its the only one with
> a real address.
>
> does this mean I need to do some ipmasqdm portfw type stuff?
> lets say I want to forward all UDP ports between 1024 and
> 65535.. how do I go about doing that (temporarily of course).

The H323 protocol is nowhere near that simple, and you can't port forward into an internal box. See

http://www.e-smith.org/faq.php3#8q10

The bottom line is that you can't expect to do this any time soon.

Regards

Charlie

[Des Dougan]

Charlie Brady wrote:

> >
> > does this mean I need to do some ipmasqdm portfw type stuff?
> > lets say I want to forward all UDP ports between 1024 and
> > 65535.. how do I go about doing that (temporarily of course).
>
> The H323 protocol is nowhere near that simple, and you can't
> port forward into an internal box. See

Charlie,

But isn't this exactly what the h323.o module does? At home I have, currently, a Mandrake box acting as firewall/gateway with the h323 module loaded, and have conducted NetMeetings with my family in the UK from my NT desktop.

Or am I missing the point here?


Des

[max]

I think the original stuff I was asking kind threw you off what I really wanted to ask.
Currently I can connect from inside my company to any netmeeting outside and it all works just great. The problem is I want to do the exact opposite:

I want someone to be able to connect to a meeting that is being hosted INSIDE my company... since the e-smith box is the only box that has a real internet IP, people outside are going to need to connect to that to join a meeting being hosted inside. What I was hoping to do was forward the necessary ports to a machine inside the company so that people could connect.

-Max

[Charlie Brady]

Des Dougan wrote:
>
> Charlie Brady wrote:
...
> > The H323 protocol is nowhere near that simple, and you can't
> > port forward into an internal box. See
>
> Charlie,
>
> But isn't this exactly what the h323.o module does?

No, as I understand it, it does transparent masquerading of outbound connections.

> At home I
> have, currently, a Mandrake box acting as firewall/gateway
> with the h323 module loaded, and have conducted NetMeetings
> with my family in the UK from my NT desktop.

If you initiate "calls" to them, then this is the masquerading I mention above.

> Or am I missing the point here?

No, but it seems that I have missed some developments. Looking at the FAQ on the site you mentioned shows that inbound calls can be accepted if you set up some port forwarding. My e-smith-portfw contrib RPM might be useful for setting that up. If anyone gets it working, a HOWTO write-up would be appreciated, I'm sure.

Cheers

Charlie

[Des Dougan]

Ah, the penny drops - I've always called into the ILS server after my brother-in-law has connected, so what you said now makes sense, Charlie. Thanks for clarifying this for me.


Des

[Dennis]

I'm using the latest e-smith version and I have been able to get an incoming netmeeting request to work to a designated inside workstation.  I have tested chat, whiteboard and file transfer but not video or voice yet.  I added the following two lines to the /etc/rc.d/rc.local file just above the last line in the file -

ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 1720 -R yyy.yyy.yyy.yyy 1720
ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 1503 -R yyy.yyy.yyy.yyy 1503

For the xxx.xxx.xxx.xxx put your external ip of the e-smith server
For the yyy.yyy.yyy.yyy put the internal ip address of the workstation that you want to use netmeeting on - ie  192.168.1.65

[Darrell May]

Dennis wrote:
>
> I'm using the latest e-smith version and I have been able to
> get an incoming netmeeting request to work to a designated
> inside workstation.  I have tested chat, whiteboard and file
> transfer but not video or voice yet.  I added the following
> two lines to the /etc/rc.d/rc.local file just above the last
> line in the file -
>
> ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 1720 -R
> yyy.yyy.yyy.yyy 1720
> ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 1503 -R
> yyy.yyy.yyy.yyy 1503
>
> For the xxx.xxx.xxx.xxx put your external ip of the e-smith
> server
> For the yyy.yyy.yyy.yyy put the internal ip address of the
> workstation that you want to use netmeeting on - ie
> 192.168.1.65

IMHO, I really don't see the point in using port forwarding to provide a NetMeeting solution.  (BTW, for audio you would have to add port 1731)

Outbound NetMeeting connections work already.  Inbound NetMeeting connections work perfectly via a standard VPN connection.  Using a VPN connection you have access to all internal workstations running NetMeeting. Inside the VPN the entire session is secure.

With port forwarding you can connect only to one port forwarded computer. Also, I believe NetMeeting's default offers no security, you freely pass login name and password information.  Security is only forced if set via NetMeeting Tools > Options > Security.  Check Microsoft's site for articles on security patches detailing and then trying to patch NetMeeting's 'security holes'.

Using the VPN seems the much better choice doesn't it?

Darrell