Talk:H.323
From Wikipedia, the free encyclopedia
[edit] H.323 in Linux kernel
The Linux kernel doesn't "implement" H.323. The experimental feature which was added in version 2.6.17 is a module to allow H.323 connection tracking. This is different from implementing H.323. When you build what is known as a stateful firewall, you sometimes want to allow connections that are "related" to other connections. For example, in the File Transfer Protocol (FTP), the client connects to a server, establishing a control connection, and when data is to be transmited, the server connects to the client to send them. This connection may be rejected by the client firewall, because it sees someone from outside is apparently trying to connect to the client host without a reason. However, by allowing "related" connections, your goal is that the firewall sees that the new incoming connection is related to an already established connection with a server, and must be accepted.
This capability is very useful to build simple firewalls, and several protocols benefit from the kernel being able to identify related connections. The Linux kernel has several modules to allow related connection tracking from several different protocols, such as:
- SCTP (marked EXPERIMENTAL)
- FTP
- IRC
- Netbios name service (marked EXPERIMENTAL)
- TFTP
- Amanda
- PPTP
- H.323 (marked EXPERIMENTAL)
However, this does not mean that the kernel implements somehow those protocols. It does not. It only includes the required logic to identify those connections, establish relation between connections and allow simpler firewalling rules. The new option is available in this section of the kernel menuconfig:
-> Networking
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering (replaces ipchains) (NETFILTER [=y])
-> IP: Netfilter Configuration
-> Connection tracking (required for masq/NAT) (IP_NF_CONNTRACK [=m])
--212.59.212.39 00:59, 21 June 2006 (UTC)
