firewalld and Ekiga

[Basil Mohamed Gohar]

On 12/27/2012 11:40 AM, Antonio wrote:
> Il 27/12/2012 16:27, Basil Mohamed Gohar ha scritto:
> > On 12/27/2012 10:09 AM, Antonio wrote:
> >> Hello everyone.
> >>
> >> Currently I use the latest version of Ekiga on Fedora 18
> >> Spherical Cow. My internet connection implicates an outdoor
> >> antenna equipped with a management software that includes a
> >> firewall (as well as other services like NAT, UPnP, DDNS, ...);
> >> this firewall has been configured to allow the SIP calls from and
> >> to Ekiga according to these information
> >> http://wiki.ekiga.org/index.php/Internet_ports_used_by_Ekiga.
> >>
> >> Even the firewall of Fedora is actived but it doesn't seem
> >> affect Ekiga work although its ports are not open nor any SIP
> >> services are permitted.
> >>
> >> The current enabled zone is 'home':
> >>
> >> home interfaces: wlan0 services: ipp-client mdns dhcpv6-client
> >> ssh samba-client ports: forward-ports: icmp-blocks:
> >>
> >> In your opinion, is it a correct behavior when Ekiga works
> >> although firewalld closes all ports ?
> >>
> >> Thanks.
> >>
> > Antonio,
>
> > If your SIP connection is using a STUN server, then it is
> > possible.
>
>
> Precisely (sorry I had not mentioned this).
> But should not be all connections blocked between application (ekiga)
> and antenna's NAT ?
>
Someone with more networking experience than me should probably reply,
but I believe incoming connections (relative to your system, that is)
are what is blocked.  And I think the usage of a STUN server allows your
system to effectively initiate only "outgoing" connections as far as
your firewall is concerned, much as how so-called passive FTP works in
the same way.  Connections initiated from your end are much lower risk,
if you intended them, and as such are usually allowed by firewalls.