When I'm Calling You...on Video
Do you remember 2001: A Space Odyssey, François? As we welcome 2003, I can't help but think about all the promises that vision of the future held, and it makes me a little sad, mon ami. Ah, merci. The 1998 Rhone Hermitage is exactly what I need. I realize that our guests will be here shortly, François, but consider this. We have a space station, but it's not quite the majestic wheel in space we see in the movie. There's certainly no lunar base nor orbital hotel, but at least we have this.
Quoi? Why it's a video phone, François, and today, I will demonstrate it to our guests. What did you say? Ah, but they are already here! Welcome once again, mes amis, to Chez Marcel, where fine Linux cooking meets fine wine, non? François has your tables ready and has already opened the wine.
From time to time, in this restaurant, we have offered up recipes that make use of your webcam, from capture utilities to home security. Today, we visit the webcam once again to bring you something that was promised so many years ago. When I was but a small child, it seemed that every television science-fiction program was promising a video phone. Years passed, and while I have seen such things demonstrated on television, my video phone remained as distant as the faraway studios themselves.
Since opening this restaurant, I have had the pleasure of discovering that many of my childhood dreams have become possible when cooking with Linux. So it is for the video phone, or at least, a passable incarnation of it: Damien Sandras' GnomeMeeting. GnomeMeeting even will work with Microsoft Netmeeting so you can talk to your friends running that company's OS. Finally, don't let the name fool you. GnomeMeeting works extremely well with KDE and docks nicely into the panel.
A number of distributions come with GnomeMeeting and the required libraries (pwlib and openh323) on the CD, though not necessarily installed. The www.gnomemeeting.org site does have packages for the major distributions (RPMs and DEBs) as well as source. You should certainly look there first. OpenH323 depends on PwLib, so you will need to install that. On both my Mandrake and Red Hat systems, I installed it using the RPMs. I should point out that while you can build GnomeMeeting from source, the OpenH323 libraries in particular can be difficult (not to mention lengthy). If you can use the binaries for this one, I would recommend it.
When starting GnomeMeeting for the first time, you'll be presented with the First Time Configuration Druid. Part of this process involves registering with the directory of GnomeMeeting users—think of it as a large on-line telephone directory. You can opt not to be listed by clicking the check box at the bottom of the Druid's registration box. When you are happy with the information you are presenting, click the Forward button to continue, and you will be asked to specify the connection type you are using.
Click Apply on the final screen and GnomeMeeting fires up. You can configure several options with the package by clicking Edit on the menubar and selecting Preferences. You also can rerun the Druid at any time. The first preference I set was under the Video Devices section. When GnomeMeeting started up, I wanted the video preview to be on and the video size set to large.
To place a call to another PC on my local LAN, I type callto://192.168.22.2 on the GnomeMeeting location field (right below the menubar). A little pop-up window appears on the second PC warning the user of an incoming connection. If you accept the connection, the two clients will be able to communicate.
Notice the button bar to the left in Figure 2. You can turn your video or audio on and off, and you can bring up a chat window for text message exchange. If you have a microphone, GnomeMeeting will make use of that as well. In fact, GnomeMeeting will work under a number of different configurations. You can run video only, audio only, text only or any combination of the three modes. Of course, it can be a little disconcerting to know that somebody out there can see you, but you can't see them. Mon Dieu! Now I definitely need a refill. François, bring the wine. Vite!
When you run GnomeMeeting, make sure you turn on the control panel. It opens up to a tabbed window in the application providing support for audio and video controls as well as a history window. This shows the status of calls, your registration with on-line directories and other information and can be turned on or off at any time without affecting the transmission. Figure 3 handily displays a desktop with two sessions running (it would appear that I managed to reach a cat).
On the space station, the call was a long-distance one: from space to a little girl on Earth. While chatting inside our offices is fine, what about the outside world? Who are you going to call? The official telephone directory for GnomeMeeting is available at ils.seconix.com. In order to browse the directory and find other users, you also must be registered. Start GnomeMeeting, click on the directory icon to the left, and search for another party—simple...almost.
You see, if you are running GnomeMeeting on your corporate or home LAN, you should have no problems. The same holds true if you are running it from a single machine connected to the Internet—odds are this will work without a hitch. The catch, mes amis, comes when you try to work from behind a masqueraded (or NATed) firewall. The ports you need to allow through are as follows:
TCP ports 1720 and 30000 thru 30010 UDP ports 5000:5003
At this stage of the game, you can get into some reasonably complex firewall issues. I'll get to that shortly, but there is a simple approach called RSIP for Linux, a simple alternative to NAT. RSIP is a relatively new protocol that, like NAT, allows you to share a single connection between multiple clients. You can surf, send e-mail and whatever else happens to fall into the range of client services. You can also use it to redirect ports easily on a single server behind the firewall without modifying the packets in any way. The only way you can do that with NAT or masquerading is with the use of loadable modules. These modules are, at best, experimental when it comes to H323 and our old friend GnomeMeeting. RSIP solves that problem, which doesn't mean you can throw away your iptables—RSIP still makes use of them.
Start by heading over to openresources.info.ucl.ac.be/rsip/index.php and picking up the latest source. Prebuilt binaries are available for some releases—if yours isn't there, never fear; this is an easy build:
tar -xzvf rsipd-0.9.3.src.tar.gz cd rsipd-0.9.3 make su -c "make install"
That's the server side. You need a client as well, and at this time, there are two versions: one in Python and a kernel module called krsip. At the time I prepared this menu, the module was considered safe for testing, and the Python client was considered stable. Building the module is simply a matter of extracting the source and doing a make install. The catch is that only kernels 2.4.18 and 2.4.19 are supported. As for the Python client, there's no building required.
To use RSIP for GnomeMeeting, start by editing the /etc/rsip/rsipd.conf file and modifying a few relevant parameters. These are the eternal and internal interfaces of your firewall, as well as a network pool to be served by the server. I've allocated the first ten addresses on my internal 192.168.22.0 network:
EXT_IF eth1 INT_IF eth0 POOL 192.168.22.1-10
Now, start the server using the script created by the install:
/etc/init.d/rsipd startTo use the Python client, execute the following (note that this is one long, unbroken line. The IP address specified by the -s parameter is that of the server):
python /path_to/rsipclient-0.19.py \ -d -v -s 192.168.22.10 \ -l 1720,5000,5001,5002,5003,30000,30001,30002,30003, 30004,30005,30006,30007,30008,30009,30010I should probably note that the client runs on the client PC, non? You also must run it as root. The beauty is that you can continue to use your existing firewall (iptables) rules. Using the kernel module is even easier. It requires only that you load it while specifying the address of your server:
insmos krsip ip=192.168.22.10As a test, I brought up the ILS search window by clicking on the icon to the left. This brings up the XDAP Server Browser where I clicked Refresh, chose someone more or less at random and double-clicked on the entry. Seconds later, I was chatting with someone in Paris, France from my home in Canada.
See, it is easy. You are now ready to share in the excitement of video phone communication, and it is only two years late.
Once again, mes amis, closing time approaches. At least this time, we will be able to chat via our futuristic video phones (even if 2001 was two years ago now). The future isn't what it used to be, wouldn't you agree? We'll talk about this again in 2010. Before I bid you all Bonsoir, François will refill your wineglasses a final time. While you sip that last glass, let's see who is awake in Finland, shall we? Until next month. A votre santé! Bon appétit!
Marcel Gagné lives in Mississauga, Ontario. He is the author of Linux System Administration: A User's Guide (ISBN 0-201-71934-7), published by Addison-Wesley (and is currently at work on his next book). He can be reached via e-mail at firstname.lastname@example.org.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide