Re: Skype through a firewall?

["Paul D. Robertson" <paul () compuwar net>]

On Thu, 24 Aug 2006, Kevin wrote:

> Is anybody permitting Skype through a HTTP or SOCKS proxy?
>
> I've been instructed to "make Skype work", and short of opening up the

Whenever you have a "this application must work," you should look at what 
the actual requirement is...  

> outbound policy to permit TCP and UDP to every possible destination IP
> on every possible port, the next best thing seems to be to use the
> HTTPS and SOCKS5 proxy settings included in most platforms/versions of
> Skype.
>
> I'm running into some odd issues while trying to write a reasonable
> proxy policy for Skype and still have reliable calling and reasonable
> audio quality.
>
> Any hints?

1.  Terminal Service to a TS in the DMZ with the client loaded.
2.  Asterisk PBX in the DMZ as a gateway (much more fun) with IAX2 or SIP 
client access from the LAN.  Do all the conference bridge stuff on 
Asterisk and gateway a single Skype call at a time if you need to using 
psgw_linux ($20.)
3.  Deny the request as unreasonablely out of kilter with the security 
policy in place and make them do the requirement over.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards