On Tue, Jul 15, 2003 at 09:15:22PM +0200, Kilian Krause wrote: > > What about port 1720 tcp? > > as i've not yet had such a router, i don't know if there's a separate > menu for such. But if the incoming call doesn't get through, adding it > should be ok. The problem with UDP/RTP is the dynamic ports which is > taken care of by the router itself. (so no ports 500x and 3000x needed > to be forwarded manually) Ok, thats what I thought. I'm using the Netfilter H.323 conntrack/nat modules, and they are working for me. I don't think they would allow me to receive calls without 1720 tcp being forwarded to the internal machine. Unfortunately, this means that only one machine on my lan can receive calls. Can someone confirm that this is corrent? I'm not familiar with the protocol, so this is guesswork. FYI, in case anyone is wondering what my rules look like, these are the two rules I needed to forward the port to the internal machine. The rest of the rules in the FAQ arn't needed if you use the netfilter modules. # iptables -t nat -I PREROUTING -i ethext -p tcp --dport 1720 -j DNAT \ --to-dest 192.168.0.2 # iptables -I FORWARD -p tcp -i ethext --dport 1720 -d 192.168.0.2 -j ACCEPT (ethext is the external interface, 192.168.0.2 is the internal machine) -Chris
Attachment:
pgpaIE0oot2a7.pgp
Description: PGP signature