Re: firewalls

Oliver Kubis (oliverk@ols-eds.de)
Fri, 23 Feb 1996 13:01:38 GMT


Jan-Joep,

quoting from 'http://www.v-one.com/pubs/fw-faq/faq.htm', the firewall faq, a
firewall is "a system or group of systems that enforces an access control
policy between two networks. The actual means by which this is accomplished
varies widely, but in principle, the firewall can be thought of as a pair of
mechanisms: one which exists to block traffic, and the other which exists to
permit traffic. Some firewalls place a greater emphasis on blocking traffic,
while others emphasize permitting traffic. Probably the most important thing
to recognize about a firewall is that it implements an access control policy.
(...)
Generally, firewalls are configured to protect against unauthenticated
interactive logins from the "outside" world. This, more than anything, helps
prevent vandals from logging into machines on your network. More elaborate
firewalls block traffic from the outside to the inside, but permit users on
the inside to communicate freely with the outside. The firewall can protect
you against any type of network-borne attack if you unplug it."

If the basic connection to the reflector site is not the problem (=routing
works), then in your case, the firewall screens out all traffic which it
doesn't know about, and that includes the CU-SeeMe audio and video streams.

If haven't tested it yet, but I was told that a firewall can be configured
to allow CU-SeeMe traffic through. Your firewall administrator can add
filtering rules that explain to a firewall what CU-SeeMe traffic "looks
like" by describing the ports it uses. The following filtering rules will
allow CU-SeeMe UDP traffic through your firewall. Your firewall may use a
slightly different syntax, but your firewall administrator will know what to do.

permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7648
permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7649
permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7650
permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7651
permit udp 0.0.0.0 255.255.255.255 xxx.xxx.xxx.xxx 0.0.0.0 eq 7652

Replacing the xxx.xxx.xxx.xxx with the address of your computer will allow
CU-SeeMe traffic only to and from your computer, everyone else on your
network will be unable to use CU-SeeMe. Replacing it with a broadcast
address will allow everyone on your network to use CU-SeeMe. The safest
arrangement allows CU-SeeMe traffic to a computer that's not connected to
your remaining network, or one protected by a router that's
properly-configured to provide very tight network security.

Hope this helps-
best of luck!
:-) Oliver

At 22:04 22.02.96 -0100, you wrote:
>Hello,
>When I work at home with CU-Seeme, everything is okay, but if I connect
>from my office (behind a firewall) to the same reflectorsites, there is
>no response.
>What happens if I am behind a firewall?
>Anyone knows?
>
>Greetings
>-------------------------------------------------------------------------
>Jan-Joep Ritzen
>jjritzen@pi.net

---------
Oliver Kubis (oliverk@ols-eds.de)
Earth address: EDS Germany, Online Services, Eisenstrasse 58, D-65428
Ruesselsheim, Fon +49(6142)80-2942, Fax +49(6142)80-1755