LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-04-2002, 12:13 PM   #1
RefriedBean
Member
 
Registered: Jun 2002
Location: N 37 33.327 E 126 55.650
Distribution: Gentoo, Slackware, OpenZaurus
Posts: 186

Rep: Reputation: 30
Question Large number of open ports


Hi!

I want to use GnomeMeeting to talk with family, but it seems to me that I have to open a very large number of ports, namely:

TCP 1720
TCP 1024-65536 (since Gnome/Net meeting uses a random port)
UDP 1024-65536


The thing is, I don't feel entirely, erm, comfortable with such a large number of open ports. (The reason being that my firewall keeps getting hammered on in the port 33xxx range, and I have NO idea why)

Now my question is, What can I do to allow calls to my box, without opening all those ports?

I use IPTables on 2.4.18.

Thanks a lot!
RefriedBean

Last edited by RefriedBean; 07-04-2002 at 12:31 PM.
 
Old 07-05-2002, 03:41 PM   #2
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
did you see this

looks like the first option should work ok without opening a lot of ports



6. Getting it to work behind a firewall
6.1. What ports does GnomeMeeting use for H.323 if H.245 Tunneling is enabled?

*

1720 TCP for the H.225 and H.245 Channels.
*

Random UDP port for audio (it will take the first free port above 5000).
*

Random UDP port for video (it will take the first free port above 5000).

Those ports are used for incoming calls, i.e. if you receive an incoming call from a GnomeMeeting user using H.245 Tunneling, that remote GnomeMeeting will open those ports.

If the user doesn't use H.245 Tunneling for some reason, another random TCP port will be used for the H.245 Channel.

If the user uses H.245 Tunneling (the default in the preferences), it is enough to allow TCP port 1720 and UDP ports 5000-5004 on your firewall (for a single call).
6.2. What ports does Netmeeting use for H.323?

*

1720 TCP for the H.225 Channel.
*

Random TCP port for the H.245 Channel (Netmeeting doesn't support H.245 Tunneling).
*

Random UDP port for audio.
*

Random UDP port for video.

That is for incoming calls, i.e. if you receive an incoming call from a Netmeeting user, that remote Netmeeting will use those ports. Most of them are totally random, so if you want a secure firewall, you will have to forget about the idea to be able to be called by remote Netmeeting users.
 
Old 07-05-2002, 11:43 PM   #3
RefriedBean
Member
 
Registered: Jun 2002
Location: N 37 33.327 E 126 55.650
Distribution: Gentoo, Slackware, OpenZaurus
Posts: 186

Original Poster
Rep: Reputation: 30
Thanks!

RefriedBean
 
Old 07-06-2002, 12:34 AM   #4
DavidPhillips
Guru
 
Registered: Jun 2001
Location: South Alabama
Distribution: Fedora / RedHat / SuSE
Posts: 7,155

Rep: Reputation: 56
here are some other ideas

http://soti.org/~soggie/linux/gm/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 03:03 AM
assigning a large float number in E notation edM Programming 3 05-09-2005 01:51 PM
Deleting a large number of files msteudel Linux - General 4 01-26-2005 02:36 AM
Large Number of files? mikeshn Linux - Security 2 01-10-2004 07:11 AM
Java: Compile Large number of source files ? mikeshn Programming 7 10-07-2003 12:33 PM


All times are GMT -5. The time now is 01:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration