h.323 NetMeeting and a NAT router

When Microsoft developed NetMeeting 3.0 they chose to use the existing h.323 video conferencing protocol. This protocol happens to be completely incompatible with standard NAT(network address translation) - the technology used for most internet sharing devices.

Unlike most TCP/IP applications, NetMeeting uses DYNAMIC PORTS instead of STATIC PORTS. That means that each NetMeeting connection is somewhat different than the last. For instance, the HTTP web site application uses port 80. NetMeeting can use any of over 60,000 different ports. Putting a web server behind a firewall means opening a single small hole. Putting a NetMeeting computer behind a firewall means opening over 60,000 ports - a security nightmare. (see Microsoft's NetMeeting / Firewall notes here  

All broadband routers using (only) standard NAT and all internet sharing programs like Microsoft ICS that use (only) standard NAT will NOT work with NetMeeting or other h.323 software packages.

If you have a broadband router or broadband gateway that supports a DMZ you can get NetMeeting working on ONE computer. First, assign that computer a STATIC IP address in your network. Then set that new IP address in the router's DMZ. All routers will handle this differently so I can't be much help with your particular config.

Note: A DMZ forwards ALL ports to the DMZ computer. This makes that computer susceptible to attacks from the outside world. This also means that a DMZ overrides all other port forwarding commands set up in your router. Lastly, running a software based firewall on your NetMeeting computer will not work because the firewall will usually block incoming NetMeeting traffic!

A few hardware manufacturers have taken it on themselves to actually provide H.323 compatibility. This is not an easy task since the router must search each incoming packet for signs that it might be a netmeeting packet. This is a whole lot more work than a router normally does and may actually be a weak point in the firewall.

NetMeeting support seems to come in two flavors. Outgoing pass-through and Outgoing/Incoming support. When incoming support is provided, it is only for a SINGLE netmeeting computer on your LAN. Outgoing support varies but for the most part it is limited to a SINGLE outgoing session.

Since I do not have all of these routers, I was unable to actually test them all for full functionality. Where appropriate, I have listed and linked to where I found documentation on-line stating h.323 / Netmeeting support.

To be listed here, a router must al LEAST support NetMeeting outbound passthrough.  Almost all routers support NetMeeting in a DMZ but that is a sad excuse for 'support'.  Please write me with any updates you find!!

Other Router companies I checked for support:  D-Link, SMC, Siemens, Actiontec, NetGear, ZyXEL, trendware, Gigafast

Router Companies I need more info on: 2Wire

h.323 NetMeeting and a NAT router