Slashdot Mirror

← Back to Stories (view on slashdot.org)

Video Conferencing Behind a Firewall?

Posted by Cliff on from the seeking-an-option-that-use-less-ports dept.

JShadow21 asks: "I work at a research lab at a hospital. We want to collaborate with colleagues across the pond via video conferencing however the firewall here is very restrictive. There are way too many ports that needed to be opened for H.323 to work so the IT guys won't do that. What alternatives are there? I was considering using an SSH proxy in order to use Netmeeting, or else possibly a web based solution."

4 of 42 comments (clear)

  1. Your IT guys are lazy by grub · · Score: 4, Insightful

    The Netmeeting rules in our PIX configs need only 5 TCP ports: LDAP, 522, 1503, h323 1731. If you know the IPs of the remote side you can open up a very restrictive set of holes for incoming "calls" or you can initiate the connections and not worry about opening up incoming holes altogether (if you use NAT/PAT this is easiest.)

    Remember: your IT guys aren't running the show, they're there to help you do your job (and I'm an IT weenie at a research lab where Netmeetings are not uncommon...)

    --
    Trolling is a art,
    1. Re:Your IT guys are lazy by bill_mcgonigle · · Score: 3, Insightful

      I used to work in hospital IT. The network manager was affectionately known as Mordac the Preventor.

      Or it could be that your IT guys aren't lazy, they just don't know anything so they can't characterize the risk associated with H.323 or they don't know how to setup NAT for what you need.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:Your IT guys are lazy by SirLeNerd · · Score: 2, Insightful

      Depending on your firewall this problem can be overcome. For example on a PIX you can use the H323 fixup to re-write the IP addresses to the NAT.

  2. Keep it simple...go with NetMeeting. by TripMaster+Monkey · · Score: 3, Insightful


    I would have to recommend NetMeeting...it's easy to implement, and is already installed on your Windows machines. However, there are quite a few ports that need to be opened...to ensure smooth passage through the firewall, I recommend you take your IT guy to lunch at your local watering hole to discuss it. ^_^

    Seriously, though, the opening of these ports should prove to be a minimal security risk if done correctly. A firewall admin who won't open any ports is a firewall admin who doesn't know how to do his job (Ford Motor Company's firewall boys spring to mind here). Remember, this is a valid request you're making, and implementing that request in a safe and secure manner is their job.

    --
    ____

    ~ |rip/\/\aster /\/\onkey