Hi Chris, the netfilter modules were not working for neither Damien nor me. So i can't recommend using them and neither can i provide a working env. what you might want to try is though: - use GM without netfilter module, but with port-forwarding - use NM with http://www.cryogenic.net/nmproxy.html the nmproxy is not yet tested by me, but it sounds like a good workaround for the random ports of NM.. Am Die, 2003-07-15 um 21.30 schrieb Chris Ruvolo: > On Tue, Jul 15, 2003 at 09:15:22PM +0200, Kilian Krause wrote: > > > What about port 1720 tcp? > > > > as i've not yet had such a router, i don't know if there's a separate > > menu for such. But if the incoming call doesn't get through, adding it > > should be ok. The problem with UDP/RTP is the dynamic ports which is > > taken care of by the router itself. (so no ports 500x and 3000x needed > > to be forwarded manually) > > Ok, thats what I thought. I'm using the Netfilter H.323 conntrack/nat > modules, and they are working for me. I don't think they would allow me to > receive calls without 1720 tcp being forwarded to the internal machine. > Unfortunately, this means that only one machine on my lan can receive calls. > Can someone confirm that this is corrent? I'm not familiar with the > protocol, so this is guesswork. > > FYI, in case anyone is wondering what my rules look like, these are the two > rules I needed to forward the port to the internal machine. The rest of the > rules in the FAQ arn't needed if you use the netfilter modules. > > # iptables -t nat -I PREROUTING -i ethext -p tcp --dport 1720 -j DNAT \ > --to-dest 192.168.0.2 > # iptables -I FORWARD -p tcp -i ethext --dport 1720 -d 192.168.0.2 -j ACCEPT > > (ethext is the external interface, 192.168.0.2 is the internal machine) > > -Chris -- Best regards, Kilian
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil