Video Conferencing Behind a Firewall? 42
JShadow21 asks: "I work at a research lab at a hospital. We want to collaborate with colleagues across the pond via video conferencing however the firewall here is very restrictive. There are way too many ports that needed to be opened for H.323 to work so the IT guys won't do that. What alternatives are there? I was considering using an SSH proxy in order to use Netmeeting, or else possibly a web based solution."
Your IT guys are lazy (Score:4, Insightful)
The Netmeeting rules in our PIX configs need only 5 TCP ports: LDAP, 522, 1503, h323 1731. If you know the IPs of the remote side you can open up a very restrictive set of holes for incoming "calls" or you can initiate the connections and not worry about opening up incoming holes altogether (if you use NAT/PAT this is easiest.)
Remember: your IT guys aren't running the show, they're there to help you do your job (and I'm an IT weenie at a research lab where Netmeetings are not uncommon...)
Re:Your IT guys are lazy (Score:1)
Re: (Score:2)
Re:Your IT guys are lazy (Score:4, Insightful)
Or it could be that your IT guys aren't lazy, they just don't know anything so they can't characterize the risk associated with H.323 or they don't know how to setup NAT for what you need.
Re:Your IT guys are lazy (Score:3, Interesting)
Re:Your IT guys are lazy (Score:2, Insightful)
Re:Your IT guys are lazy (Score:2)
Keep it simple...go with NetMeeting. (Score:4, Insightful)
I would have to recommend NetMeeting...it's easy to implement, and is already installed on your Windows machines. However, there are quite a few ports [microsoft.com] that need to be opened...to ensure smooth passage through the firewall, I recommend you take your IT guy to lunch at your local watering hole to discuss it. ^_^
Seriously, though, the opening of these ports should prove to be a minimal security risk if done correctly. A firewall admin who won't open any ports is a firewall admin who doesn't know how to do his job (Ford Motor Company's firewall boys spring to mind here). Remember, this is a valid request you're making, and implementing that request in a safe and secure manner is their job.
Re:Keep it simple...go with NetMeeting. (Score:1)
Hold your horses there, Master Monkey! Techies shouldn't take just any order from any employee.
In any sane chain-of-trust, the employee should contact his department-manager, who should either check higher up or check with the tech manager.
A research lab has potentially dangerous information on hand, and as such, access to any sort of data is most likely on a very restricted basis.
I
Re:Keep it simple...go with NetMeeting. (Score:3, Funny)
After that has been processed you will recieve form 4208XX which needs to be filled out within 12 hours (!!!) and refiled (in triplicate, of cour
Re:Keep it simple...go with NetMeeting. (Score:1)
I'd say that depends.. are we talking about the original poster, or the tech guy whose name is most likely to appear in a logfile stating that ports were unblocked?
Re:Keep it simple...go with NetMeeting. (Score:2)
After that has been processed you will recieve form 4208XX which needs to be filled out within 12 hours (!!!) and refiled (in triplicate, of cour
Re:Keep it simple...go with NetMeeting. (Score:2)
The valid request is not "open these ports for me, tech-monkey!". The valid request is "we want to teleconference with folks at these other places. Here are email addresses and phone numbers for their tech guys. Can you figure something out that isn't too expensive?"
You'd think a
Re:Keep it simple...go with NetMeeting. (Score:2)
The valid request is not "open these ports for me, tech-monkey!".
I don't believe that I was endorsing such a position (/me peruses original post)...no, that's not at all what I said...thanks for the misrepersentation, though. It just doesn't feel like Slashdot until someone pulls the old straw-man gag.
Can you figure something out that isn't too expensive?"
Um...as I said in my previous post, NetMeeting is included in Windows, making the cost pretty much zero.
You'd think a
Re:Keep it simple...go with NetMeeting. (Score:2, Interesting)
Re:Keep it simple...go with NetMeeting. (Score:1)
http://www.netfilter.org/patch-o-matic/pom-extra.
Of course, there are those who will (quite rightly) argue that Netfilter is just about as fancy a packet filter as you can get!
Dedicated VPN/video server (Score:4, Interesting)
it's not that hard (Score:2)
Access-list incoming tcp host blah eq h323 any
if you want to be more secure, change the any to the IP of the device calling you. I deal with this stuff all the time, it's really no big deal. Some devices, like tandberg, use extra ports (5555) for other purposes. You might also need LDAP for directory services. If you get an appliance based VC unit instead of a PC based one, you'll be slightly more secure.
Additionally, if you
Home router settings (Score:2)
Hey, it works for bit torrent....
Re:Home router settings (Score:2)
web based solution (Score:4, Informative)
you should check it out
Re:web based solution (Score:2)
One time I was having some problems with a vendor's computer and I called tech support. He set up a webex meeting for me to connect to and it worked beautifully. We were able to do desktop sharing in real time.
one way to get what you want, perhaps... (Score:2)
If your hospital provides network services to the outside world, it's likely that your IT group
OpenVPN (Score:3, Interesting)
try hamachi... (Score:2)
give it a try: http://www.hamachi.cc/ [hamachi.cc]
and use your prefered video conferencing software with it.
I am currently streaming my music from my office machine to my home computer. both behind firewalls and routers.
btw. it's windows only.
Who do the IT guys work for (Score:2)
I have worked in environments where the IT guys forgot they provide a network for the people to use in their jobs, not a network that they can use to build their own personal fiefdom! The best way to break this GOD complex is to hav
VPN (Score:2)
Re:VPN (Score:2)
concerning video conferencing (Score:1)
GNU Gatekeeper (works like a proxy also) (Score:1)
"1.2. Can I use the GNU Gatekeeper for NAT/masquerading H323 calls through a firewall ?
Use the proxy function that has been introduced in version 2.0."
from manual:
"When Gatekeeper Routed call signalling is used, the gatekeeper may choose whether to route the H.245 control channel and logical channels.
Case I.
The gatekeeper doesn't route them. The H.245 control channel and logical channe
Tandberg Border Controller (Score:2)
Disclaimer: I don't work for Tandberg
Its their job (Score:1)
netmeeting is old (Score:2)
Also assuming the other person isn't behind a firewall you could call out to them using netmeeting.