On Thu, 24 Aug 2006, Kevin wrote:

> Is anybody permitting Skype through a HTTP or SOCKS proxy?
>
> I've been instructed to "make Skype work", and short of opening up the


Whenever you have a "this application must work," you should look at what
the actual requirement is...

> outbound policy to permit TCP and UDP to every possible destination IP
> on every possible port, the next best thing seems to be to use the
> HTTPS and SOCKS5 proxy settings included in most platforms/versions of
> Skype.
>
> I'm running into some odd issues while trying to write a reasonable
> proxy policy for Skype and still have reliable calling and reasonable
> audio quality.
>
> Any hints?


1. Terminal Service to a TS in the DMZ with the client loaded.
2. Asterisk PBX in the DMZ as a gateway (much more fun) with IAX2 or SIP
client access from the LAN. Do all the conference bridge stuff on
Asterisk and gateway a single Skype call at a time if you need to using
psgw_linux ($20.)
3. Deny the request as unreasonablely out of kilter with the security
policy in place and make them do the requirement over.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards