| Author |
Message |
Robert
Guest
|
 Posted:
Mon Mar 22, 2004 9:24 pm Post subject:
How to Establish NetMeeting Connections Through a Firewall |
|
|
Hi,
I´ve got Microsoft NetMeeting 3.01 for Windows 2000 and a
broadband router/firewall DLink-804.
I have tried to establish Netmeeting connections through a
firewall according to article "Q158623", that is:
"To establish outbound NetMeeting connections through a
firewall, the firewall must be configured to do the
following:
Pass through primary TCP connections on ports 522, 389,
1503, 1720 and 1731.
Pass through secondary UDP connections on dynamically
assigned ports (1024-65535)."
My broadband router/firewall is capable of passing through
secondary UDP connections on dynamically assigned ports.
Still this does not work. Netmeeting connects, that is I
can see my name and the one I call in the name list (no
video or audio, only the names appear), but then shuts
down immediately. Without the router/firewall and
suggested port settnings, everything works as it should.
Does the article Q158623 still apply, or are there other
settings that I should know about.
I appreciate all help,
Robert |
|
| Back to top |
|
 |
Brian Sullivan MVP
Guest
|
| Posted:
Tue Mar 23, 2004 1:26 am Post subject:
Re: How to Establish NetMeeting Connections Through a Firewa |
|
|
Robert wrote:
| Quote: | Hi,
I´ve got Microsoft NetMeeting 3.01 for Windows 2000 and a
broadband router/firewall DLink-804.
I have tried to establish Netmeeting connections through a
firewall according to article "Q158623", that is:
"To establish outbound NetMeeting connections through a
firewall, the firewall must be configured to do the
following:
Pass through primary TCP connections on ports 522, 389,
1503, 1720 and 1731.
Pass through secondary UDP connections on dynamically
assigned ports (1024-65535)."
My broadband router/firewall is capable of passing through
secondary UDP connections on dynamically assigned ports.
|
The instructions you followed are misleading ( if not completely wrong).
| Quote: |
Still this does not work. Netmeeting connects, that is I
can see my name and the one I call in the name list (no
video or audio, only the names appear), but then shuts
down immediately. Without the router/firewall and
suggested port settnings, everything works as it should
Does the article Q158623 still apply, or are there other
settings that I should know about.
|
Generally the only way to have full function outgoing calls is to use the
dmz feature of the router. With the dmz you can also receive incoming calls
placed directly to the wan IP of the router ( use of a software firewall -
properly configured for Netmeeting is strongly recommended if you use the
dmz)
I don't know your router though -- some have built in H.323 proxies that
will support outgoing calls with no configuration changes and incoming calls
by forwarding tcp 1503 and1720 only.
--
Brian Sullivan
Meeting by Wire ( http://www.meetingbywire.com)
------------
Is your PC protected? --
http://www.microsoft.com/security/protect/default.asp |
|
| Back to top |
|
|
Guest
|
| Posted:
Tue Mar 30, 2004 7:26 pm Post subject:
Re: How to Establish NetMeeting Connections Through a Firewa |
|
|
Hello Brian,
I have read your answer on my question, also the answer on
the question on "Port?".
The first answer you say the article I refer to is
misleading.
The second answer on "Port?" You refer to pretty the same
article, which puzzles me.
- So, does the article state how you should configure your
firewall or not, and what ports you should pass through
communication?
Further, I have spoken to DLink about enabling the dmz
feature. That means no firewall protection at all they
say. You said you strongly recommend a software firewall,
and configure it "properly". But, configuering the
firewall "properly" means that you pass through
communication on all the ports described in the article.
This means a false security, because of the wide range of
open ports (your computer is wide open for attacs). DLink
states allowing open ports on a router/firewall or with
the use of a software firewall does not change the
security issue.
- Please, describe the security issue on configurering
your software firewall "properly" in order to run
Netmeeting. Then, of course the question appears should
you use Neetmeting if it is such a sequrity risk?
Best regards,
Robert
| Quote: | -----Ursprungligt meddelande-----
Robert wrote:
Hi,
I´ve got Microsoft NetMeeting 3.01 for Windows 2000 and
a
broadband router/firewall DLink-804.
I have tried to establish Netmeeting connections
through a
firewall according to article "Q158623", that is:
"To establish outbound NetMeeting connections through a
firewall, the firewall must be configured to do the
following:
Pass through primary TCP connections on ports 522, 389,
1503, 1720 and 1731.
Pass through secondary UDP connections on dynamically
assigned ports (1024-65535)."
My broadband router/firewall is capable of passing
through
secondary UDP connections on dynamically assigned ports.
The instructions you followed are misleading ( if not
completely wrong).
Still this does not work. Netmeeting connects, that is I
can see my name and the one I call in the name list (no
video or audio, only the names appear), but then shuts
down immediately. Without the router/firewall and
suggested port settnings, everything works as it should
Does the article Q158623 still apply, or are there other
settings that I should know about.
Generally the only way to have full function outgoing
calls is to use the
dmz feature of the router. With the dmz you can also
receive incoming calls
placed directly to the wan IP of the router ( use of a
software firewall -
properly configured for Netmeeting is strongly
recommended if you use the
dmz)
I don't know your router though -- some have built in
H.323 proxies that
will support outgoing calls with no configuration changes
and incoming calls
by forwarding tcp 1503 and1720 only.
--
Brian Sullivan
Meeting by Wire ( http://www.meetingbywire.com)
------------
Is your PC protected? --
http://www.microsoft.com/security/protect/default.asp
.
|
|
|
| Back to top |
|
|
Brian Sullivan MVP
Guest
|
| Posted:
Tue Mar 30, 2004 8:25 pm Post subject:
Re: How to Establish NetMeeting Connections Through a Firewa |
|
|
anonymous@discussions.microsoft.com wrote:
| Quote: | Hello Brian,
I have read your answer on my question, also the answer on
the question on "Port?".
The first answer you say the article I refer to is
misleading.
The second answer on "Port?" You refer to pretty the same
article, which puzzles me.
- So, does the article state how you should configure your
firewall or not, and what ports you should pass through
communication?
|
It does provide information on port usage in NetMeeting but from I can tell
provides no practical instructions are configuring a NAT firewall for
NetMeeting usage. Some users have been successful in providing port
triggered NAT configured port management but the success tends to be spotty,
router dependent and difficult to set up.
| Quote: |
Further, I have spoken to DLink about enabling the dmz
feature. That means no firewall protection at all they
say. You said you strongly recommend a software firewall,
and configure it "properly". But, configuering the
firewall "properly" means that you pass through
communication on all the ports described in the article.
|
Most software firewalls have egress control so that proper configuring would
allow all port access as you say but only for the one NetMeeting program.
| Quote: | This means a false security, because of the wide range of
open ports (your computer is wide open for attacs). DLink
states allowing open ports on a router/firewall or with
the use of a software firewall does not change the
security issue.
|
As I said most software firewalls have controls allowing you to minimize the
exposure to one program, but you are correct there is a gap in security.
Router based firewalls have their own set of deficiencies though so the
Dlink statements may be a bit of the pot calling the kettle black.
| Quote: | - Please, describe the security issue on configurering
your software firewall "properly" in order to run
Netmeeting. Then, of course the question appears should
you use Neetmeting if it is such a sequrity risk?
|
The configuration of the firewall depends on what firewall you are using --
since you haven't provided any specifics the best I can do is talk in
general terms.
Most software firewalls allow egress control -- that is they allow
specification of a program that is allowed access and may allow you to
specify to the port/protocol level what access is allowed ( both incoming
and outgoing). Generally NetMeeting needs to listen on ports 1720 and 1503
and needs access to udp 1024-65535 incoming and outgoing. The usual strategy
is to configure the software firewall to allow NetMeeting full access on all
ports in and out. Trying to narrow the port usage for NetMeeting is probably
not useful from a security pov.
The current built in XP firewall has an h.323 proxy( but no program egress
control) so what can be specified there is to pass just tcp 1503 and tcp
1720 -- the proxy manages the rest of the ports needed.
--
Brian Sullivan
Meeting by Wire ( http://www.meetingbywire.com)
------------
Is your PC protected? --
http://www.microsoft.com/security/protect/default.asp |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in