Re: More H.323 questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Mark,

Mark Goldberg wrote:

I've built kernel 2.4.22 with the h.323 extensions from pom. Iptables is 1.2.8. I installed teh new kernel and included the following rules:

Basically, I want to only establish h.323 with a specific ip after I initiate it from an internal machine on the network normally using NAT.

/usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j LOG --log-level 6 --log-prefix "1503 in "  >>/var/log/netfiltersetup.log 2>&1
/usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j LOG --log-level 6 --log-prefix "1720 in "  >>/var/log/netfiltersetup.log 2>&1
/usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -i eth0 -j LOG --log-level 6 --log-prefix "Anything else in "  >>/var/log/netfiltersetup.log 2>&1

/usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j DNAT --to $DEST  >>/var/log/netfiltersetup.log 2>&1
/usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j DNAT --to $DEST  >>/var/log/netfiltersetup.log 2>&1


Check if your h.323 module is loaded, do lsmod (if its a module) if not modprobe it.

I don't realy know but, shouldn't the state be ESTABLISHD and RELATED?

There are no errors in netfiltersetup.log.

There ar no errors :)


Iptables -L -v -n does not show the rules, but iptables-save does show them.

The default table is filter you have just appended in the nat table

try
iptables -L PREROUTING -t nat -v -n


Nothing is logged and it does not seem to work. Before the rules were added, incoming to 1503 and 1720 triggered another rule that logged them.
Ethereal does not show any packets coming in that match the above. It did before the rules were added.

If anyone has a suggestion or can explain why listing the rules does not show any PREROUTING or POSTROUTING rules, please let me know.

I'm basically at a loss as to what to do next. Troubleshooting tips are welcome. Thanks.



Mark Goldberg
goldber@xxxxxxxxxxxxxxxxxx



Take care,
::Beppe


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux