Hello, Thanks your help first! I found there is a OpenGatekeeper H323 proxy, it seem to solve that limitation. Am I right? Or any other suggestions? Thanks! Patrick > On Mon, 2003-04-28 at 01:35, Patrick Kwan wrote: >> Hello, >> >> I'm using iptables NAT to allow lan client to access internet. >> if i patch my kernel with netfilter's POM and load the required >> H323 modules. >> >> I want to confirm if h323 modules also allow "Incoming connection" >> to Netmeeting in internal lan client? > > If you're talking about a new connection being initiated, then it's the > same as with any other NAT situation - you have to explicitly DNAT new > incoming connections to a local IP if you want them to reach a > particular target. Otherwise they will end up in the INPUT chain, > destined for the firewall/nat box itself. As long as you only need > incoming NEW state connections to reach a single client, just add a DNAT > rule to nat PREROUTING to handle them. If you need multiple internal > clients to be able to receive NEW connections from outside the network, > you have a problem. (however, you would anyway, regardless of > firewall/NAT solution - this is a limit imposed by the nature of NAT > itself, not netfilter) > >> Please clarify me. (already search the past thread) >> Many thanks your advices. >> >> Patrick > > j > > >