On Wed, Nov 2, 2011 at 11:47 AM, Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote: > Hi, > > Robert Kulagowski wrote: >> From a security perspective, has anyone found reason to restrict the >> ports that GnuGk uses? I'm assuming that opening UDP 1025-65535, >> TCP/1719 and TCP/1720 to the internet is all that's required for full >> functionality? > > Opening UDP 1025-65535 basically means to turn off the firewall for > UDP, a lot of people won't feel comfortable with that. Perhaps I'm being naive, but what's the practical difference? Wouldn't one port or 10 be just as big a compromise potential as 64000 ports? > But you will also need open TCP ports for H.245 if thats not tunneled. > 1719 is also UDP, not TCP. > >> Also, it appears that the status port (7000) binds to all interfaces. >> Is there a configuration switch to only allow it to bind to a >> particular interface or IP address? In a dual-nic proxy situation, it >> would be better to not even listen to the external port, even with >> appropriate firewall rules in place. I use multiple secondary >> addresses on my external NIC and each of them are listening to 1720 >> and 7000. > > Thats what Home= is for. In the documentation, it says: Home=192.168.1.1 Default: listen to all IPs The gatekeeper will listen for requests on this IP address. If not set, the gatekeeper will listen on all IPs of your host. Multiple Home addresses can be used and must be separated with a semicolon (;) or comma (,). does this mean "listen for status port requests", or all requests? If I have a dual-nic proxy, then I would still want it to listen for incoming call requests to port 1720 on the outside interface, but not port 7000? ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
