On Tue, 30 Apr 2002, Sundaram Ramasamy wrote:
> Thank for you immediate reply. Do you have sample IP table script for this?
>
> my internal address eth1 -> 192.168.1.49
> public address eth0 -> 205.133.76.140
> > Netmeeting use H.323 and works fine.
This should make it work:
# This tracks H.323 connections and allows and NAT them correctly
modprobe ip_conntrack_h323
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 1720 --syn -j ACCEPT
# This allows calls to go from outside to the internal address
# It is not needed, if you only want to make calls; not receive them
iptables -t nat -A PREROUTING -i eth0 -d 205.133.76.140 -p tcp --dport 1720 --syn -j
DNAT --to 192.168.1.49
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 1720 --syn -j ACCEPT
Of course the above will require a recent kernel patched with newnat and
H.323 connection tracking - but IIRC, you had done that part.
/Rasmus
--
-- [ Rasmus "M�ffe" B�g Hansen ] ---------------------------------------
Is there anything else I can contribute?
The latitude and longtitude of the bios writers current position, and
a ballistic missile.
-- Alan Cox
----------------------------------[ moffe at amagerkollegiet dot dk ] --
