Slashdot Mirror

← Back to Stories (view on slashdot.org)

Video Conferencing Behind a Firewall?

Posted by Cliff on from the seeking-an-option-that-use-less-ports dept.

JShadow21 asks: "I work at a research lab at a hospital. We want to collaborate with colleagues across the pond via video conferencing however the firewall here is very restrictive. There are way too many ports that needed to be opened for H.323 to work so the IT guys won't do that. What alternatives are there? I was considering using an SSH proxy in order to use Netmeeting, or else possibly a web based solution."

5 of 42 comments (clear)

  1. Your IT guys are lazy by grub · · Score: 4, Insightful

    The Netmeeting rules in our PIX configs need only 5 TCP ports: LDAP, 522, 1503, h323 1731. If you know the IPs of the remote side you can open up a very restrictive set of holes for incoming "calls" or you can initiate the connections and not worry about opening up incoming holes altogether (if you use NAT/PAT this is easiest.)

    Remember: your IT guys aren't running the show, they're there to help you do your job (and I'm an IT weenie at a research lab where Netmeetings are not uncommon...)

    --
    Trolling is a art,
    1. Re:Your IT guys are lazy by bill_mcgonigle · · Score: 3, Insightful

      I used to work in hospital IT. The network manager was affectionately known as Mordac the Preventor.

      Or it could be that your IT guys aren't lazy, they just don't know anything so they can't characterize the risk associated with H.323 or they don't know how to setup NAT for what you need.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Keep it simple...go with NetMeeting. by TripMaster+Monkey · · Score: 3, Insightful


    I would have to recommend NetMeeting...it's easy to implement, and is already installed on your Windows machines. However, there are quite a few ports that need to be opened...to ensure smooth passage through the firewall, I recommend you take your IT guy to lunch at your local watering hole to discuss it. ^_^

    Seriously, though, the opening of these ports should prove to be a minimal security risk if done correctly. A firewall admin who won't open any ports is a firewall admin who doesn't know how to do his job (Ford Motor Company's firewall boys spring to mind here). Remember, this is a valid request you're making, and implementing that request in a safe and secure manner is their job.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  3. Dedicated VPN/video server by n1ywb · · Score: 3, Interesting

    Select a machine somewhere to be a dedicated video conference server and have everybody VPN into that machine. Then all those crazy h.whatever ports should be fine.

    --
    -73, de n1ywb
    www.n1ywb.com
  4. web based solution by sycotic · · Score: 4, Informative

    we use http://www.webex.com/ at our work, works a treat behind a multitude of firewalls and maybe even proxies if I remember rightly.

    you should check it out :)

    --
    -- If I were a fish, I'd be wet