RE: Voice IP

"George Vieira" <georgev@xxxxxxxxxxxxxxxxxxxxxx> · Tue, 28 Oct 2003 08:51:10 +1100

I have this working at home using these rules...

        if [ $H323 ]; then
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 389    -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 522    -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 1503   -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 1720   -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 1731   -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 8080   -j DNAT --to 192.168.1.1        # H323
                $IPTABLES -t nat -A PREROUTING -i $EXTDEV -p tcp --dport 1469   -j DNAT --to 192.168.1.1        # H323aud
        fi

What I did notice is that I couldn't get people to call me unless I was in a meeting call or something (soz, it's been months since I've used netmeeting ;) )...

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@xxxxxxxxxxxxxxxxxxxxxx

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

Phone   : +61 2 9955 2644
HelpDesk: +61 2 9955 2698

> -----Original Message-----
> From: Manuel Tato [mailto:madness@xxxxxxxxxxxxx]
> Sent: Tuesday, 28 October 2003 8:35 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Voice IP
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> Hi, i'm configuring a firewall/router with a static ip ADSL 
> and a voice
> IP gateway.
> The voiceip gw es in configured at 192.168.1.40.
> With this script i can make calls, but i cant recive any.
> 
> - ---------------------------------------------------
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> modprobe ip_conntrack_h323
> modprobe ip_nat_h323
> 
> iptables -A INPUT -j ACCEPT
> iptables -A FORWARD -j ACCEPT
> iptables -A OUTPUT -j ACCEPT
> 
> iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> 
> iptables -t nat -A PREROUTING -p tcp --dport 1726:1789 -i eth1 -j DNAT
> - --to 192.168.1.40:1726:1789
> iptables -A FORWARD -i eth1 -p tcp -d 192.168.1.40 --dport 
> 1726:1789 -j
> ACCEPT
> iptables -t nat -A PREROUTING -p udp --dport 1726:1789 -i eth1 -j DNAT
> - --to 192.168.1.40:1726:1789
> iptables -A FORWARD -i eth1 -p udp -d 192.168.1.40 --dport  
> 1726:1789 -j
> ACCEPT
> - -----------------------------------------------------
> 
> Any idea?
> i'm blocking ports?
> i need any other module??
> thanks in advance
> thanks a lot...
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/nY98W/G6GKzQKp4RAndEAJ4pYh04AZuTc/f8MQ8Ae6RB/GpRFgCgkaCg
> SwAh5HHLSdd0rj68FzTPdXY=
> =RcOK
> -----END PGP SIGNATURE-----
> 
> 
> 
> 