Hi, Robert Kulagowski wrote: > From a security perspective, has anyone found reason to restrict the > ports that GnuGk uses? I'm assuming that opening UDP 1025-65535, > TCP/1719 and TCP/1720 to the internet is all that's required for full > functionality? Opening UDP 1025-65535 basically means to turn off the firewall for UDP, a lot of people won't feel comfortable with that. But you will also need open TCP ports for H.245 if thats not tunneled. 1719 is also UDP, not TCP. > Also, it appears that the status port (7000) binds to all interfaces. > Is there a configuration switch to only allow it to bind to a > particular interface or IP address? In a dual-nic proxy situation, it > would be better to not even listen to the external port, even with > appropriate firewall rules in place. I use multiple secondary > addresses on my external NIC and each of them are listening to 1720 > and 7000. Thats what Home= is for. > Jan, would you consider a doc patch that details the ports and the > traffic direction that needs to be configured for firewalls? > > Direction TCP/UDP port(s) Purpose > In TCP 1720 Control port > (etc) Sure, I'd be happy if someone takes the time to document that. That description should include how some config switches affect port usage: - Home= - xxxPortRange (Q931, H245, RTP, T120) - RTPMultiplexing (new in 3.0 CVS to use just 2 UDP ports for all devices supporting H.460.19 multiplexing) There is also a new feature [PortNotifications] where you can have GnuGk run a script whenever it opens a new listen port. This clould for example be used to dynamically open firewall ports. Also new is a status port command "PrintCurrentCallsPorts" to display which dynamic ports each call is using. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
