| |||||||||||||
Schaller: The long journey towards good free video conferencingSchaller: The long journey towards good free video conferencingPosted Oct 15, 2012 18:08 UTC (Mon) by raven667 (subscriber, #5198)In reply to: Schaller: The long journey towards good free video conferencing by pkern Parent article: Schaller: The long journey towards good free video conferencing
I would expect protocols like IPSec to be allowed by default and not require any configuration in an IPv6 firewall, it should work for all devices behind the firewall and should probably a stateless rule. Same for SIP or other VoIP or P2P protocols, once they are allowed on the firewall they should work for all devices behind the firewall because there is no more need for port forwarding.
(Log in to post comments)
Schaller: The long journey towards good free video conferencing Posted Oct 15, 2012 18:15 UTC (Mon) by pkern (subscriber, #32883) [Link]
As for SIP/P2P/etc. that's not how it works. Everything into the home network is blocked by default, everything going out is allowed. Hence once you need to allow further ports aside the control connection you need to tell the firewall to allow it in. As there's no such protocol, the firewall does inspection. If your protocol is encrypted (like e.g. BitTorrent nowadays) or not supported, then you can just call out but you can't be called. You cannot do a simple "allow P2P switch" on the firewall unless you allow all incoming traffic. Those applications do not use fixed ports. Of course you can whitelist single ports and then do a configuration dance like the port forwarding one on IPv4. But that won't fly with the plug'n'play applications that just work on IPv4 because we have STUN/ICE and the like.
(Funny enough the NAT traversal between Windows BitTorrent clients on IPv4 and unfirewalled IPv6 hosts happens through Teredo tunneling.)
|
|||||||||||||