Video conferencing
Anne Wilson
cannewilson at tiscali.co.uk
Thu Feb 1 18:30:26 UTC 2007
On Thursday 01 February 2007 16:31, Michael Wiktowy wrote:
> On 2/1/07, Frank Pineau <frank at pineaus.com> wrote:
> > When I travel on business, I like to set up video chat to talk to my
> > family at home. The problem is, home is behind a NAT firewall (a PIX to
> > be exact). I have limited IP addresses and cannot spare one to
> > statically assign to an endpoint inside my network for this purpose.
> > Regardless, I'd like to be able to connect to any node in my network,
> > depending on who I want to call. I never know what I'm going to be
> > behind, but it's usually also some sort of NAT firewall that I do not
> > control. I've tried ekiga (nee Gnome Meeting), and a few others with
> > almost no luck. I thought something like skype (which doesn't support
> > video under linux) or an instant messenger that uses an intermediary
> > server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those
> > support video either. I've tried VPN to my PIX, but as I can't control
> > where I'm coming from, I haven't been able to configure a reliable VPN
> > client for linux.
> >
> > In short, when trying to video conference under linux, I'm successful
> > around 5% of the time. It's almost always easier to boot into Windows
> > and do it from there. What do you use for mobile video chat and how
> > have you set it up?
>
> I can't say that I have done anything with video yet but I was under
> the impression that the STUN settings in Ekiga/Gizmo/etc. will help
> you out here. Make sure those are enabled and it should allow you to
> traverse NAT firewalls without any further intervention on your part.
> It works for the audio stream so I am not sure why it wouldn't work
> for the video stream also.
>
I believe I found this in the FAQ:
6.1. How can I easily use Ekiga behind a NAT/PAT gateway?
Ekiga has extensive and improved NAT support thanks to STUN. In 99% of the
cases, you do not have any configuration to do, and you can even be reachable
from the outside without any port forwarding.
SIP only: The following explanation is valid only for SIP. Please read below
for H.323. The first thing to do is to run the configuration assistant NAT
test:
If it reports "Cone NAT" or "Port Restricted NAT" you just have to
answer "yes" to the dialog asking you to activate STUN support. You do not
have to do anything else. You will be reachable from the
outside.
If it reports "Symmetric NAT" and that you are using GNU/Linux, please use
the script (or a variation of it) given below. You can run the NAT test
again, you will notice that your NAT will behave as a
"Cone NAT" or "Port Restricted NAT" as in case 1). That script is safe, it
does not forward any port and the default POLICY is to DROP everything.
If it reports "Symmetric NAT" and that you are not using GNU/Linux, then you
are not part of the 99% of lucky users. You will have to forward UDP ports
5000 to 5100 to your internal machine. Run
the test again, it should report "Cone NAT" or "Port Restricted NAT" and it
will work.
> Another trick I use something is to set up ssh tunnels for the ports I
> need to get through a firewall. That way I only need to have port 22
> forwarded through the firewall and I can get any number of ports
> through after that. It only works with protocols that have a fixed
> number of non-dynamic ports though like VNC.
>
HTH
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070201/aa9793e6/attachment-0001.sig>
More information about the fedora-list
mailing list