[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] MS Messanger voice thru SuSEfirewall



> Hi all,
>         Thanks for the answers to the previous question - my internal
> samba now works.
> My next problem is that I'd like to use MS Messenger voice thru my
firewall.
> I've seen projects such as upnp and Linux UPnP Internet Gateway Device
> project, do I need to use them ?
> As you can guess I'm a very inexperienced iptables/firewall user, so
I'd
> really appreciate any help you can give.

For a detailed portlist look on the microsoft homepage.
They give portlists for each of their service.
Search with keywords "firewall", "messanger", "open ports" and you will
find your portlist.

I think messanger works with the same technique like netmeeting and so
it will work with iptables (h323 works over tcp/ip).
I don't know, if it's the same ports like netmeeting, so better look on
the m$-pages.
Netmeeting works fine with masquerading and without on SuSEfirewall2 (I
tested it).

To make it work from external you have to allow these ports over the
firewall not on the firewall itself.
This can be done with the forwarding rules in the susefirewall at point
13 or 14 (depends, if you use masquerading or not).
For usage look in the config-file in /etc/sysconfig (SuSE >= v8.0) or
/etc/rc.config.d (SuSE < v8.0).

Because of the many open ports this app forces (I think >1024 and
several others) you should block all used Ports on the firewall and use
the rules e.g. with an mysql:

forward Ports 1024-3005 and 3007-65535 to external not 3306!

This keeps your mysql from beeing world accessible - for instance with
mysql.
This is only an example find your own solution for your lan.

I hope this will help, but you have to get some info for your own on the
web about the portlist.

Philippe




-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here