Make a Video Connection � But Be Careful

By Ronald Pacchiano | Posted January 07, 2005

I run a small business out of my home, and I thought videoconferencing would help me provide my clients, two of whom live out of state, with more personal service. We all have high-speed cable modems and access to videoconferencing software from Microsoft's NetMeeting.

I did some research and came across an article that said I'd need to open up a series of ports on my firewall in order to get NetMeeting to work over the Internet. My clients and I made the adjustments to our systems, but for some reason NetMeeting can't establish a connection.

We've double-checked all of our settings and everything looks okay, but we just can't get this application to work. Is there anything you can think of that might help us to resolve this issue? We all use D-Link DI-704 routers and NetMeeting version 3.01. Thanks for your help.

I don't know exactly what article you read, but I can all but guarantee you that the reason you're still having problems with Microsoft NetMeeting is simply because you didn't open all of the ports the application needs in order to establish a connection. Don't feel bad, though. I have yet to meet anyone who has been able to get NetMeeting to function reliably and consistently outside of a LAN. People who insist on using NetMeeting have resolved themselves to the fact that they need to make certain compromises if they want to use that particular software. And like most compromises, this one has its drawbacks. Before we delve into that, let's take a closer look at the cause of your affliction.

In order to establish a connection over the Internet, NetMeeting requires access to several IP ports to communicate with other meeting participants. If you use a firewall to connect to the Internet, the firewall must be configured so that the ports used by NetMeeting are not blocked. However, NetMeeting requires access to more ports then you could realistically or safely open. According to Microsoft, in order for NetMeeting to establish outbound connections through a firewall, the firewall must be configured to pass packets through primary Transmission Control Protocol (TCP) connections on the following ports:

  • Port 389 — Internet Locator Server (TCP)
  • Port 522 — User Location Server (TCP)
  • Port 1503 — T.120 (TCP)
  • Port 1720 — H.323 call setup (TCP)
  • Port 1731 — Audio call control (TCP)

OK, that's easy enough. However, we're not done yet. NetMeeting also requires you to open up pass-through secondary User Datagram Protocol (UDP) connections on dynamically assigned ports 1024-65535. These are used specifically for H.323 call control (TCP) and H.323 streaming.

That's practically the ENTIRE port range! If you were to do that, there would be no reason for you to even own a firewall. This is the primary reason why NetMeeting is used typically used only in large LAN environments — because there is no firewall to contend with.

This is how it works: the H.323 call setup protocol (over port 1720) dynamically negotiates a TCP port for use by the H.323 call control protocol. Also, both the audio call control protocol (over port 1731) and the H.323 call setup protocol (over port 1720) dynamically negotiate UDP ports for use by the H.323 streaming protocol, called the real time protocol (RTP). In NetMeeting, two ports are determined on each side of the firewall for audio and video streaming. These dynamically negotiated ports are selected arbitrarily from all ports that can be assigned dynamically.

Since you're trying to establish a connection based on an IP address, this next section doesn't really apply to you. However, if you were trying to establish a connection using NetMeeting's directory services then you'd need access to either port 389 or port 522, depending on the type of server you are using. Internet Locator Servers (ILSs), which support the lightweight directory access protocol (LDAP) for NetMeeting 2.0 or later, require port 389. User Location Servers (ULSs), developed for NetMeeting 1.0, require port 522.

Now let's discuss those compromises. Since it's not possible to open the continuous range of ports from 1024-65535 within the D-Link router you have (nor would you want to if you could), the only available option for you would be to assign your PC to the router's DMZ. By placing your PC in the DMZ, ALL of the ports to your computer will be exposed to potential threats and attacks. This would be the same exposure you would face as if you connected your Internet connection directly to your PC. Needless to say, this is not a very good option and if you decided to do it, be sure to remove your PC from the DMZ immediately after you've finished your NetMeeting session.

For detailed instructions on how to go about enabling your DMZ option on your D-Link DI-704 router visit D-Link.

However, if you plan on having these video conferences on a consistent basis, then you might consider looking into safer, alterative applications with less stringent port requirements. On the software side, I know that AOL has built-in video conference capabilities now (even though I've never used them) and I've heard that A.V.M. Software's PalTalk 7.0 application is good. There are dozens of other video conferencing applications currently available and almost all of them should be easier to get working than NetMeeting.

To be honest, I was never very impressed with the quality of the software-based video conferencing packages I've seen. So if it were me, I would look into a hardware based solution; something like the D-Link DVC-1000 i2eye VideoPhone. Since then they've gotten a lot cheaper and have even introduced a wireless version, the DVC-1100. The DVC-1000 connects to your TV and has a built-in speakerphone for hands-free conversations, but you can even plug in a regular telephone handset for better audio quality. It functions independent from your PC and is far easier to install and configure then most software-based solutions. Not to mention it is significantly less risky to place the DVC-1000 into your router's DMZ then your PC. However, the DVC-1000 actually has clear port usage requirements, so getting it to operate correctly with your firewall should be easy enough. While not cheap, the DVC-1000 is a fantastic product that does exactly what it's suppose to do simply and with a minimum of hassle.

I hope you find this helpful. Good Luck!

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date