From jimc@math.ucla.edu Wed Oct 02 10:46:55 2002 Received: with ECARTIS (v1.0.0; list lojban-list); Wed, 02 Oct 2002 10:46:55 -0700 (PDT) Received: from simba.math.ucla.edu ([128.97.4.125]) by digitalkingdom.org with esmtp (Exim 4.05) id 17wnaH-0005Kk-00 for lojban-list@lojban.org; Wed, 02 Oct 2002 10:46:53 -0700 Received: from localhost (jimc@localhost) by simba.math.ucla.edu (8.11.6/8.11.6/SuSE Linux 0.5) with ESMTP id g92HhUA01590 for ; Wed, 2 Oct 2002 10:43:30 -0700 X-Authentication-Warning: simba.math.ucla.edu: jimc owned process doing -bs Date: Wed, 2 Oct 2002 10:43:30 -0700 (PDT) From: Jim Carter To: Subject: [lojban] Re: Voice conversations over the net In-Reply-To: <20021001194650.J26784@miranda.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-archive-position: 1825 X-ecartis-version: Ecartis v1.0.0 Sender: lojban-list-bounce@lojban.org Errors-to: lojban-list-bounce@lojban.org X-original-sender: jimc@math.ucla.edu Precedence: bulk Reply-to: lojban-list@lojban.org X-list: lojban-list On Tue, 1 Oct 2002, Jay F Kominek wrote: > On Tue, Oct 01, 2002 at 09:35:00PM -0400, Invent Yourself wrote: > > Is there a way to get whatever internet voice protocol was selected past > > NAT? > > If you can run an H.323 gatekeeper on the NAT host, yes... Being interested, I did a little research, coming up with: http://www.gnugk.org/h323links.html OpenH323 Gatekeeper - The GNU Gatekeeper (links page) http://www.coritel.it/projects/nat/what_is.htm IP_MASQ_H323 is a Linux masquerading module (NAT) for the support of H.323 based applications. H.323 is an umbrella standard that references many other ITU-T protocols like H.225 and H.245. The H.323 describes the system, the call model and call signaling procedures. It is currently implemented by various Internet real time applications as Microsoft Internet Meeting (for windows95/98/2000/NT) and Voxilla (for Linux). Also see: Elizabeth D. Zwicky et al, "Building Internet Firewalls" 2nd ed, O'Reilly (http://www.oreilly.com/), ISBN 1-56592-871-7, about US$ 45. Juicy summaries (edited by jimc) from chapter 19, Real-Time Conferencing Services: Multimedia Protocols. T.120 and H.323: T.120 will work transparently with NAT. H.323 requires a proxy on the firewall. Because there is no builtin authentication, if you are concerned about the security of your clients, you would be better off using a proxy that provides authentication features. H.323 has almost every characteristic that makes a protocol hard to proxy... Microsoft NetMeeting is based on T.120 and H.323 but uses some extra (Microsoft) protocols... Do not allow NetMeeting across your firewall. Quoth dated 2001-10-04 (http://lists.insecure.org/firewall-wizards/2001/Oct/0012.html): Isn't it better to move to SIP? h.323 is brain-dead and ugly as hell. [just quoting, not endorsing, says jimc] http://www.sipcenter.com/ The best thing since sliced bread :-) Not much info discovered about what it actually is. http://www.packetizer.com/iptel/h323_vs_sip/ An extensive comparison between H.323 and SIP. SIP is much less well defined. A pox on both their houses, says jimc. Given the warnings about security provided by Zwicky, I am reluctant to put much effort into H.323. SIP appears to lack a lot of the good features of H.323 (I have no idea about security tradeoffs, though). I'll be interested to hear from the community about their experiences with either protocol suite. In particular, any security problems should be reported. James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc@math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)