But is this feature really useful, especially for AAA? Despite the fact, that you can have the same IP in another LAN, doing AAA for private IPs without checking also public IP does not make much sense. Besides, it's a security hole. To distinguish customers behind NAT, the only reliable way is to assign them username/passwords and use H.235 (either simple CAT or full Annex D) or use distinct port numbers on NAT. Besides, distinguishing by a private IP is as insecure, as distinguishing only by an h323id. So you can distinguish customers behind NAT through their h323id. Eventually, for accounting I may consider introducing some additional accounting variable to get the private IP for registered endpoints.
----- Original Message ----- From: "Andreas Sikkema" <andreas.sikkema@xxxxxxxxxxxx>
Sent: Wednesday, January 26, 2005 2:00 PM
openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx wrote:
I plan to replace all private IPs that appear in auth & acct records with their real IPs (NAT IPs). Has somebody some good reasons why I should not do so?
You might want to differentiate multiple clients behind one NAT by their IP address.
I can't think of a reason why, but I'm often proven wrong ;-)
-- Andreas Sikkema Rits tele.com Van Vollenhovenstraat 3 3016 BE Rotterdam t: +31 (0)10 2245544 f: +31 (0)10 2245540
------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
