My recent experience with Sametime tunneling, firewalls and ports
Tags :Sametime
With Sametime being the tricky beast that
it can be for networks, it is no surprise that I should be posting some
thoughts on tunneling setups. I did bounce some quick ideas off of
Carl,
to verify my days of work were for naught. Basically we have a customer
that wanted a tunneled Sametime server behind our firewalls, that also
accepted direct connections if the client could do so.
First we ran into the Sametime server
binding to the wrong NIC card. This was causing the MUX to act like
a person in the mall that forgot where they parked the car. They
knew it was in the garage somewhere, but were busy looking on level 2 instead
of level 1. This lead to it thinking the port was stolen. Much
like a person would think their car was also. The solution
for now was to disable that second NIC card. The sametime.log file
then showed that the MUX was binding to the right IP address and NIC card.
Then that card is NAT to the Internet .
This is where the firewall comes into
play. So what we are looking for as the final result is that the
MRC (meeting room client) of Sametime will download to the meeting attendee
and try the standard ports to access the Sametime server for the meeting.
If those ports are not available through their network, or we are
preventing them from getting in via the firewall, then the MRC should try
port 80 for a tunneled connection. However this is where you can
have awesome success or some failure. So here is where it stands
on how to do it.
Install your 6.5.1 server as tunneled,
if you did not you can always make the changes manually. Quite simply
too. Then open the firewall for ports 80, 8081, 554 and 1533. This
will allow tunneling and also attempts at direct connect for screen sharing,
whiteboarding, chat and broadcast meetings. This has nothing to
do with audio/video tunneling. That is a whole other topic.
Make sense?
blog comments powered by Disqus
On Thursday, March 17th, 2005 by Chris Miller
