On Thursday 01 February 2007 16:31, Michael Wiktowy wrote: > On 2/1/07, Frank Pineau <frank@xxxxxxxxxxx> wrote: > > When I travel on business, I like to set up video chat to talk to my > > family at home. The problem is, home is behind a NAT firewall (a PIX to > > be exact). I have limited IP addresses and cannot spare one to > > statically assign to an endpoint inside my network for this purpose. > > Regardless, I'd like to be able to connect to any node in my network, > > depending on who I want to call. I never know what I'm going to be > > behind, but it's usually also some sort of NAT firewall that I do not > > control. I've tried ekiga (nee Gnome Meeting), and a few others with > > almost no luck. I thought something like skype (which doesn't support > > video under linux) or an instant messenger that uses an intermediary > > server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those > > support video either. I've tried VPN to my PIX, but as I can't control > > where I'm coming from, I haven't been able to configure a reliable VPN > > client for linux. > > > > In short, when trying to video conference under linux, I'm successful > > around 5% of the time. It's almost always easier to boot into Windows > > and do it from there. What do you use for mobile video chat and how > > have you set it up? > > I can't say that I have done anything with video yet but I was under > the impression that the STUN settings in Ekiga/Gizmo/etc. will help > you out here. Make sure those are enabled and it should allow you to > traverse NAT firewalls without any further intervention on your part. > It works for the audio stream so I am not sure why it wouldn't work > for the video stream also. > I believe I found this in the FAQ: 6.1. How can I easily use Ekiga behind a NAT/PAT gateway? Ekiga has extensive and improved NAT support thanks to STUN. In 99% of the cases, you do not have any configuration to do, and you can even be reachable from the outside without any port forwarding. SIP only: The following explanation is valid only for SIP. Please read below for H.323. The first thing to do is to run the configuration assistant NAT test: If it reports "Cone NAT" or "Port Restricted NAT" you just have to answer "yes" to the dialog asking you to activate STUN support. You do not have to do anything else. You will be reachable from the outside. If it reports "Symmetric NAT" and that you are using GNU/Linux, please use the script (or a variation of it) given below. You can run the NAT test again, you will notice that your NAT will behave as a "Cone NAT" or "Port Restricted NAT" as in case 1). That script is safe, it does not forward any port and the default POLICY is to DROP everything. If it reports "Symmetric NAT" and that you are not using GNU/Linux, then you are not part of the 99% of lucky users. You will have to forward UDP ports 5000 to 5100 to your internal machine. Run the test again, it should report "Cone NAT" or "Port Restricted NAT" and it will work. > Another trick I use something is to set up ssh tunnels for the ports I > need to get through a firewall. That way I only need to have port 22 > forwarded through the firewall and I can get any number of ports > through after that. It only works with protocols that have a fixed > number of non-dynamic ports though like VNC. > HTH Anne
Attachment:
pgpzT1N5yDkAi.pgp
Description: PGP signature