Date: 21 Oct 1999 10:20:34 -0400 From: Chris Shenton <cshenton@uucom.com> To: <darryl@osborne-ind.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Freebsd + Netmeeting = Possible ? Message-ID: <lfiu40re19.fsf@Samizdat.uucom.com> In-Reply-To: "Darryl Hoar"'s message of "Wed, 20 Oct 1999 11:48:23 -0500" References: <000501bf1b1a$ec7678b0$070101c0@ruraltel.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Oct 1999 11:48:23 -0500, "Darryl Hoar" <darryl@osborne-ind.com> said: Darryl> Greetings, I am running Freebsd 3.2 on a gateway machine (ppp Darryl> -auto -alias isp). I have a couple of Win9x boxes on my lan Darryl> that use the freebsd box for internet access. The Win9x box Darryl> needs to use Microsoft Net Meeting for some collabrative work. Darryl> Unfortunately, I can't choose a different application, as that Darryl> is out of my control. Anybody do this already ? Darryl> I'm stuck. How do I get this to work. NetMeeting implements H.323 protocols which bury client and server information in the payload rather than just leaving them in the header. This -- like any other application which does this -- makes NAT or Proxy very hard. H.323 also has a very complex negotiation phase: the client and server rendesvous on one well known port, then agree to meet on another random port, then do this once more -- for no sane reason I can understand. It was designed by committee, a committee that never had to actually implement it or make it work on modern networks that have any security concerns. I wrote a paper on its security implications a while back; you might find it helpful to understanding how it works and it might point you to other resources. http://www.shenton.org/~chris/nasa-hq/netmeeting/ But sorry, I don't have a solution for you unless someone's written a proxy which tracks the complex port negotiation. I understand Raptor and Checkpoint now do this in their firewalls but it still presents an astounding security risk to the end user workstations: giving remote users with no decent authentication keyboard/mouse access to your machine and anything it has access to. Good luck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfiu40re19.fsf>