[ previous ] [ next ] [ threads ]
 From:  Graham Allan <allan at physics dot umn dot edu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] H.323 woes...
 Date:  Thu, 18 Mar 2010 14:13:04 -0500
On Thu, Mar 18, 2010 at 01:05:42PM -0500, Lee Sharp wrote:
> Guy Boisvert wrote:
> >Hi!
> >
> >I have a hard time setting up mOnOwall to work with H.323.  We use a 
> >Polycom bridge in our DMZ and our users that have the Polycom client 
> >software can't use it.  They are on the LAN and mOnOwall does NAT.  I 
> >permit ports, i redirected the right one to one of our workstation, no 
> >luck.
> >
> >I read the H.323 is a "broken" protocol and that Cisco has a kind of 
> >proxy software that runs into their Pix to fix that.  Can mOnOwall be 
> >configured to work or is it impossible?
> I got this Tuesday.  I did not have anything to add then.  I still do 
> not.  Perhaps more information would be helpful.

I haven't done this with m0n0wall, but H.323 is hard to pass through
firewalls. We used to pass it through a pf-based firewall (without NAT)
using gnugk (GNU gatekeeper), running on a machine inside the firewall.
With this you can define a port range just to forward to the gatekeeper