Reply to my own msg, with more info There are H.323 NAT Helper Modules for Linux Kernels at http://sourceforge.net/projects/nath323/files/ but the latest is from 2006 for kernel 2.6.18, which is a very old kernel. It does Enable Linux firewall to support connection tracking and NAT of H.323 protocol. It supports RAS, Fast Start, H.245 Tunnelling, Call Forwarding, Signal Proxy/Softswitch, RTP/RTCP and T.120 based audio, video, fax, chat, whiteboard, file transfer, etc. My suspicion is that the h.323 NAT helper modules are now incorporated into the kernel itself. If so, how to use IPtables in a modern kernel to make the FW natively h.323-aware with connection tracking and only opening ports as needed by listening to the handshaking ? Earl Earl wrote: > Hi Simon, hi Jan, > > I have the following needs: > > * run GnuGK on a Linux box behind a NAT router > - if necessary in a DMZ and with port forwarding > I have read that GnuGK *must* be connected directly to the Internet and > can not > provide NAT traversal if GnuGK is behind a NAT router. My understanding is > that there are no exceptions to this rule, not even DMZ and port > forwarding can help. > > * all participants will be using a computer behind a NAT router. > Some of the NATs will be symmetrical. > > * secure voice and secure file transfer are needed. > > Questions: > > - Is it possible to use PacPhone in the above situation? > > - In what time frame might PacPhone be compatible with the newest ITU > standards? > > - Do H.460.18/.19/.23/.24/.24A still have the requirement that GnuGK > absolutely > and with no exceptions be connected directly to the Internet ? > > - I have read that in the past it was possible to use a Linux box as > router and FW > by compiling especially written modules into the kernel. These modules made > IPtables natively aware of h.323. I have also read that the latest > Linux kernels since > 2.26.13 ???? are h.323 aware, but can find no further information about > this. > > It seems to me that if one could tell the present SOHO NAT router not to > NAT and > follow this with a Linux box doing NAT with native h.323-aware > traversal, then this > could be a good solution working with any hard- or softphone. Since I > am not a > programmer, I am a bit lost here. > > Regards, Earl ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
