:: Re: [DNG] Jitsi-meet server in DMZ
Top Page
Delete this message
Reply to this message
Author: Florian Zieboll
Date:  
To: dng
Subject: Re: [DNG] Jitsi-meet server in DMZ
On Tue, 09 Mar 2021 23:02:11 +0000
g4sra via Dng <dng@???> wrote:

> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, March 9, 2021 4:00 PM, Florian Zieboll via Dng
> <dng@???> wrote:
>
> > On Tue, 09 Mar 2021 14:18:34 +0000
> > g4sra via Dng dng@??? wrote:
> >
>
> > > The meeting being hosted on the server needs to be simultaneously
> > > accessible as two different domains, internal.com and
> > > external.com. Anyone achieved this yet or know a better way ?
> >
>
> > Not sure if "better", but works for me: I connect to the DMZ'ed
> > server from the LAN using its external FQDN.
> >
>
> > libre Grüße,
> > Florian
>
> Thanks for the reply Florian.
>
> Decided to use the external FQDN and implement BIND's
> response-policy' lying to the internal domain. If anyone can think of
> a good reason why this is a bad idea please shout.



My external router does NAT, only required ports (443, 5349, 10000) are
forwarded. No DNS magic necessary here, I just commented the
'org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES' line in the
videobridge's 'sip-communicator.properties' and instead added the
following two:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<lan_ip>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<public_ip>