Re: Firewalls

Mike Pelletier (mikep@comshare.com)
Mon, 2 Dec 1996 09:43:45 -0500 (EST)


On Tue, 26 Nov 1996, Todd Kent wrote:

> I'm a graduate student at the University of Virginia and we are piloting
> a project that is using the Internet to link teachers from various
> school sites around the state. We are trying to use CU-SeeMe but have
> run into problems with one school system being behind a firewall. I
> know very little about firewalls and would greatly appreciate any
> information you can provide on how to work through a firewall with
> CU-SeeMe, assuming it can be done. At this point, I don't know enough
> to even ask a good question. The school's administrators are open to
> suggestions, but say it can't be done without disabling the firewall.
> However, some of the postings I see on the CU-SeeMe archives lead me to
> believe you can direct the CU-SeeMe packets through a port in the
> firewall. Again, I know nothing about the technical side of firewalls,
> but any information/suggestions you could give me to take to the
> administrators would help tremendously.

I have the same problem here at my company, and from what I've found out
after an examination of the issue is that there's no real way for internal
systems to do CU-SeeMe with external reflectors. The issue lies in the
use of the UDP protocol, from what I understand. This protocol is
datagram-oriented, not connection-oriented, and thus is a problem for the
security model of a firewall.

One possibility would be setting up a reflector on the firewall itself, so
that both internal and external users could connect directly to it, but
then the bandwidth would be limited by the internet link you have, both on
the incoming and outgoing side. Not sure that'd make the firewall admins
terribly happy, though.

-Mike Pelletier.