From owner-freebsd-questions Thu Oct 21 7:31:28 1999 Delivered-To: freebsd-questions@freebsd.org Received: from web1704.mail.yahoo.com (web1704.mail.yahoo.com [128.11.23.215]) by hub.freebsd.org (Postfix) with SMTP id 0716614E23 for ; Thu, 21 Oct 1999 07:31:25 -0700 (PDT) (envelope-from tjarrow3@yahoo.com) Message-ID: <19991021143236.11128.rocketmail@web1704.mail.yahoo.com> Received: from [207.31.97.178] by web1704.mail.yahoo.com; Thu, 21 Oct 1999 07:32:36 PDT Date: Thu, 21 Oct 1999 07:32:36 -0700 (PDT) From: Godzilla Subject: RE: Freebsd + Netmeeting = Possible ? To: freebsd-questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've actually been able to get Netmeeting to work from behind our FreeBSD gateway. The FreeBSD box is running a socks5 proxy server, and we run Netmeeting "socksified" using the free sockscap app available here: http://www.socks.nec.com/sockscap.html Works like a charm. Feel free to email me off the list for further info. T.J. Arrowsmith tjarrow3@yahoo.com > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Chris Shenton > Sent: Thursday, October 21, 1999 10:21 AM > To: darryl@osborne-ind.com > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: Freebsd + Netmeeting = Possible ? > > > On Wed, 20 Oct 1999 11:48:23 -0500, "Darryl Hoar" > said: > > Darryl> Greetings, I am running Freebsd 3.2 on a gateway machine (ppp > Darryl> -auto -alias isp). I have a couple of Win9x boxes on my lan > Darryl> that use the freebsd box for internet access. The Win9x box > Darryl> needs to use Microsoft Net Meeting for some collabrative work. > Darryl> Unfortunately, I can't choose a different application, as that > Darryl> is out of my control. Anybody do this already ? > > Darryl> I'm stuck. How do I get this to work. > > NetMeeting implements H.323 protocols which bury client and server > information in the payload rather than just leaving them in the > header. This -- like any other application which does this -- makes > NAT or Proxy very hard. H.323 also has a very complex negotiation > phase: the client and server rendesvous on one well known port, then > agree to meet on another random port, then do this once more -- for no > sane reason I can understand. It was designed by committee, a > committee that never had to actually implement it or make it work on > modern networks that have any security concerns. > > I wrote a paper on its security implications a while back; you might > find it helpful to understanding how it works and it might point you > to other resources. > http://www.shenton.org/~chris/nasa-hq/netmeeting/ But sorry, I don't have a solution for you unless someone's written a proxy which tracks the complex port negotiation. I understand Raptor and Checkpoint now do this in their firewalls but it still presents an astounding security risk to the end user workstations: giving remote users with no decent authentication keyboard/mouse access to your machine and anything it has access to. Good luck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message ===== __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message