From owner-freebsd-questions@FreeBSD.ORG Mon Jun 21 21:36:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 57A6516A4D4 for ; Mon, 21 Jun 2004 21:36:06 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FF4243D1F for ; Mon, 21 Jun 2004 21:36:06 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum1c-102.pit.adelphia.net [24.53.179.102]) by internet.potentialtech.com (Postfix) with ESMTP id 486CB69A3F; Mon, 21 Jun 2004 17:36:05 -0400 (EDT) Date: Mon, 21 Jun 2004 17:36:04 -0400 From: Bill Moran To: Charles Swiger Message-Id: <20040621173604.25dd0161.wmoran@potentialtech.com> In-Reply-To: <716BFBC3-C3C9-11D8-BF1C-003065ABFD92@mac.com> References: <716BFBC3-C3C9-11D8-BF1C-003065ABFD92@mac.com> Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@FreeBSD.org cc: desol@telus.net Subject: Re: Msn Voice conversation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 21:36:06 -0000 Charles Swiger wrote: > On Jun 21, 2004, at 4:21 PM, Dj Uwins wrote: > > I'm trying to get msn voice conversation working through NATD. I've > > been > > reading alot of posts and there are others who can't seem to get this > > working by trying to forward ports in natd.conf. > > Yes, the H.323 protocol family is a nightmare in terms of complexity > and it simply doesn't play nice with NAT or reasonable firewall > configurations. My recommendation would be to block the H.323 protocol > entirely and use something else rather than compromise one's security. > > > Does anyone know how to make this happen? > > This is a hard problem which may not be solvable without paying license > fees for proprietary H.323 resources and documentation. Have you > looked into getting a commercial firewall which supports H.323 proxying > via NAT...? Another option would be to install Asterisk on your firewall and configure it to handle the proxying. (Asterisk is an open source VoIP server, amoung other things.) Last I checked, there were still a lot of security concerns about running VoIP over the Internet. I see a lot of people doing it anyway, and I expect there will be a big surge of viruses, worms or some other exploit in the near future as a result. -- Bill Moran Potential Technologies http://www.potentialtech.com