[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: h323 proxy of ipf
From: Flemming Laugaard <flemming.laugaard () uni-c ! dk>
Date: 2003-09-21 8:39:37
[Download RAW message or body]
Hi
You can't do a reverse proxy with the h323 ( at least I don't know how ;-)) if
that's your question.
If you are asking how the proxy works, you'll better have a look at the H.*
specs ( http://www.h323forum.org/standards/ ).
Kind regards
Flemming Laugaard
------------------------------------
In a mad world, only the mad are sane.
-- Akiro Kurosawa
> But I've another question:
> In a h.323 session, if the outer box wants to connect to the inner box,
> just like ftp port mode, how ipf processes it?
>
> I read ftp proxy code, it called fr_addstate() to create a new state
> to enable outer server to create a data connection to inner box.
>
> But it seems that h.323 proxy doesn't do this.
>
> Thanks.
>
>
> >Hello one :-)
> >
> >To make the proxy work, you must allow udp and tcp outbound.
> >Example:
> >
> >ipf:
> >pass in log first quick on INTIF proto tcp from INTIP to any flags S keep
> state
> >pass in log first quick on INTIF proto udp from INTIP to any keep
> state
> >
> >ipnat:
> >map EXTIF INTIP -> EXTNAT proxy port 1720 h323/tcp
> >
> >Then the proxy works fine
> >
> >INTIF Internal interface
> >EXTIF External interface
> >INTIP Internal IP range
> >EXTNAT The IP adress used for NAT
> >
> >--
> >Kind regards
> >Flemming Laugaard
> >------------------------------------
> >"The four building blocks of the universe are fire, water, gravel and
> >vinyl."
> > -- Dave Barry
> >
>
>
>
>
>
> --http://www.eyou.com
> --?????????????????????? ???????? ???????? ???????? ????????...????????
>
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic