On Thu, 24 Aug 2006, Kevin wrote:

> Is anybody permitting Skype through a HTTP or SOCKS proxy?
> I've been instructed to "make Skype work", and short of opening up the

Whenever you have a "this application must work," you should look at what
the actual requirement is...

> outbound policy to permit TCP and UDP to every possible destination IP
> on every possible port, the next best thing seems to be to use the
> HTTPS and SOCKS5 proxy settings included in most platforms/versions of
> Skype.
> I'm running into some odd issues while trying to write a reasonable
> proxy policy for Skype and still have reliable calling and reasonable
> audio quality.
> Any hints?

1. Terminal Service to a TS in the DMZ with the client loaded.
2. Asterisk PBX in the DMZ as a gateway (much more fun) with IAX2 or SIP
client access from the LAN. Do all the conference bridge stuff on
Asterisk and gateway a single Skype call at a time if you need to using
psgw_linux ($20.)
3. Deny the request as unreasonablely out of kilter with the security
policy in place and make them do the requirement over.

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

firewall-wizards mailing list