h323-proxy
Prev Kernun UTM Reference (5) Next

Name

h323-proxy — format of h323-proxy component configuration

DESCRIPTION

General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the h323-proxy component configuration.

Repeatable sections/items are marked by the '*' before section/item name.

TYPES

Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).

Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.

The following enumerations are used in h323-proxy configuration directives:

yes-no (see common(5))

direction (see common(5))

ip-version (see common(5))

osi4-proto (see common(5))

time-cond (see common(5))

zip-mode (see common(5))

obligation (see common(5))

dbglev (see log(5))

logfail-mode (see log(5))

week-day (see time(5))

month (see time(5))

lock-type (see ipc(5))

auth-method (see auth(5))

source-address-mode (see source-address(5))

transparency (see acl(5))

user-auth-spec (see acl(5))

doctype-ident-method (see acl(5))

listen-on-sock (see listen-on(5))

ITEMS AND SECTIONS

Configuration of h323-proxy library component consists of following prototypes:


* h323-proxy name { ... }
    

Description:

h323-proxy name {


  phase ... ;
* tag ... ;
  log-debug { ... }
  log-stats { ... }
  use-resolver ... ;
  cfg-resolution ... ;
  monitoring { ... }
  stats-daily { ... }
  stats-weekly { ... }
  stats-monthly { ... }
  nodaemon ... ;
  singleproc ... ;
  app-user ... ;
  idle-timeout ... ;
  run-block-sigalrm ... ;
  listen-on { ... }
  tcpserver { ... }
  doctype-identification { ... }
  client-ctrl { ... }
  server-ctrl { ... }
  data-channel { ... }
  map-file ... ;
* session-acl name { ... }
  max-channel-ports ... ;
}

        

This section defines H.323-proxy attributes.

The h323-proxy section is derived from proxy section prototype. For detail description of it, see application(5).

Changes to the h323-proxy section:

Section udpserver is not valid.

Item source-address is not valid.

At least one SESSION-ACL must be specified (proxy must be named in some SYSTEM.ACL.SERVICES).

Section monitoring (see monitoring(5))

Monitoring is not functional in H.323 proxies in this version.

Item listen-on.non-transparent (see listen-on(5))

Element port is optional, default: 1720.

Element proto is optional, default: tcp.

Item listen-on.transparent (see listen-on(5))

Element port is optional, default: 1720.

Element proto is optional, default: tcp.

Added items & subsections:

client-ctrl {


  conn-timeout ... ;
  recv-timeout ... ;
  recv-bufsize ... ;
  send-timeout ... ;
  close-timeout ... ;
  send-bufsize ... ;
  log-limit ... ;
}

            

Client H.225/H.245 connection options.

The client-ctrl section is derived from sock-opt section prototype. For detail description of it, see netio(5).

server-ctrl {


  conn-timeout ... ;
  recv-timeout ... ;
  recv-bufsize ... ;
  send-timeout ... ;
  close-timeout ... ;
  send-bufsize ... ;
  log-limit ... ;
}

            

Server H.225/H.245 connection options.

The server-ctrl section is derived from sock-opt section prototype. For detail description of it, see netio(5).

data-channel {


  conn-timeout ... ;
  recv-timeout ... ;
  recv-bufsize ... ;
  send-timeout ... ;
  close-timeout ... ;
  send-bufsize ... ;
  log-limit ... ;
}

            

Multimedia data channel options.

The data-channel section is derived from sock-opt section prototype. For detail description of it, see netio(5).

map-file name;

RAS Yellow Pages File.

This file name must be identical with one defined in Gatekeeper Proxy.

name (type: str)

session-acl name {


* from ... ;
* to ... ;
* time ... ;
  time-period-set { ... }
  deny ... ;
  accept ... ;
* doctype-ident-order ... ;
  rule ... ;
  idle-timeout ... ;
  source-address ... ;
  plug-to ... ;
  client-altq ... ;
  server-altq ... ;
  ras ... ;
  allow-peer ... ;
}

            

The session-acl section is derived from acl-1 section prototype. For detail description of it, see acl(5).

Changes to the session-acl section:

Item user is not valid.

Item auth is not valid.

Item idle-timeout-peer is not valid.

Added items & subsections:

client-altq altq [paltq paltq];

ALTQ queues for data sent to client.

altq (type: name of pf-queue, see pf-queue(5))

queue name

paltq paltq (type: name of pf-queue, see pf-queue(5), optional, default: NULL)

priority queue name (if set, used for TCP ACK without data)

server-altq altq [paltq paltq];

ALTQ queues for data sent to server.

altq (type: name of pf-queue, see pf-queue(5))

queue name

paltq paltq (type: name of pf-queue, see pf-queue(5), optional, default: NULL)

priority queue name (if set, used for TCP ACK without data)

ras;

Use this ACL for RAS-driven connections.

allow-peer peers;

Allow additional peers for data channels.

Without this item, just client/server addresses can be used as data channel targets. Any other address offered by peers will be refused.

peers (type: host-set)

[End of section h323-proxy.session-acl description.]

max-channel-ports [limit];

Maximum of per-session logical channel ports.

limit (type: uint16, optional, default: 16)

[End of section h323-proxy description.]

SEE ALSO

configuration(7), acl(5), application(5), auth(5), common(5), ipc(5), listen-on(5), log(5), monitoring(5), netio(5), pf-queue(5), source-address(5), time(5), gk-proxy(8)

Prev Up Next
gk-proxy.cfg Home h323-proxy.cfg