|
Home > Archive > alt.os.linux > July 2002 > netmeeting and iptables
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
netmeeting and iptables
|
|
| Rui Alves 2002-07-27, 9:25 am |
| Hello,
I have a small 2 computer network at home (ok, maybe tiny). The gateway
is a mandrake linux machine (8.2) that then serves one win98 machine.
Everything is fine but I cannot use netmeeting in the win98 machine.
People on the other end see my beautiful face and hear my wonderful
voice but on my end I can't get anything.
I did some research and I found other users with the same problem but no
true answers (at least that I could recognize as a solution - I'm a
relative newbie). I thought that opening the netmeeting ports with
iptables would be enough but I heard somewhere that you need to add a
module to allow h323 protocol to be screened by iptables.
BTW, if I look in /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter,
there's no *h323* module and I believe I should have one. hum, right?
Any comments on this?
Thanks!
Rui Alves
php-db.com
| |
| Joachim Feise 2002-07-27, 10:25 am |
| Rui Alves wrote:
> Hello,
>
> I have a small 2 computer network at home (ok, maybe tiny). The gateway
> is a mandrake linux machine (8.2) that then serves one win98 machine.
>
> Everything is fine but I cannot use netmeeting in the win98 machine.
> People on the other end see my beautiful face and hear my wonderful
> voice but on my end I can't get anything.
>
> I did some research and I found other users with the same problem but no
> true answers (at least that I could recognize as a solution - I'm a
> relative newbie). I thought that opening the netmeeting ports with
> iptables would be enough but I heard somewhere that you need to add a
> module to allow h323 protocol to be screened by iptables.
Yup. Netmeeting has the problem that they specify the local IP address
in the body of the packets. Therefore, a module is needed to find and
replace the IP address in the body. Opening the firewall for the
ports only results in replacing the IP address in the headers.
>
> BTW, if I look in /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter,
> there's no *h323* module and I believe I should have one. hum, right?
Why do you believe that???
At present, there is no release-quality H323 module for iptables.
All you could get is an alpha version, see
http://www.netfilter.org/documentat...3-conntrack-nat
Be aware that this is not for the faint of heart, since it requires the latest
iptables code, adding a couple of possibly incompatible patches, and this
all modifies the kernel sources.
It is the best to wait for this to show up in your distribution.
If you absolutely need NM now, you should stay with kernel 2.2.
-Joe
| |
| Rui Alves 2002-07-27, 12:25 pm |
| Thanks! best "to the point" answer I got in a long time ;-)
Rui Alves
[php-db.com]
Joachim Feise wrote:
> Rui Alves wrote:
>
>> Hello,
>>
>> I have a small 2 computer network at home (ok, maybe tiny). The
>> gateway is a mandrake linux machine (8.2) that then serves one win98
>> machine.
>>
>> Everything is fine but I cannot use netmeeting in the win98 machine.
>> People on the other end see my beautiful face and hear my wonderful
>> voice but on my end I can't get anything.
>>
>> I did some research and I found other users with the same problem but
>> no true answers (at least that I could recognize as a solution - I'm a
>> relative newbie). I thought that opening the netmeeting ports with
>> iptables would be enough but I heard somewhere that you need to add a
>> module to allow h323 protocol to be screened by iptables.
>
>
> Yup. Netmeeting has the problem that they specify the local IP address
> in the body of the packets. Therefore, a module is needed to find and
> replace the IP address in the body. Opening the firewall for the
> ports only results in replacing the IP address in the headers.
>
>>
>> BTW, if I look in /lib/modules/2.4.18-6mdk/kernel/net/ipv4/netfilter,
>> there's no *h323* module and I believe I should have one. hum, right?
>
>
> Why do you believe that???
> At present, there is no release-quality H323 module for iptables.
> All you could get is an alpha version, see
> http://www.netfilter.org/documentat...3-conntrack-nat
>
> Be aware that this is not for the faint of heart, since it requires the
> latest
> iptables code, adding a couple of possibly incompatible patches, and this
> all modifies the kernel sources.
> It is the best to wait for this to show up in your distribution.
> If you absolutely need NM now, you should stay with kernel 2.2.
>
> -Joe
>
|
|
|
|
|