On April 12, 2004 02:27 am, Norman Zhang wrote: > >>Is iptables still needed for kernel 2.6.x? I see a lot of iptables > >>patches go into the kernel, but not much updates on the > >>www.netfilter.org. The logo on netfilter says firewalling, NAT and > >>packet mangling for Linux 2.4. So I guess much of the code goes directly > >>into the kernel? Also does kernel 2.6.3 support Netmeeting and MSN > >>Instant Messengener, or I need the following plug-in, > >>http://www.kfki.hu/%7Ekadlec/sw/netfilter/newnat-suite/? > > > > 1) iptables is the userspace component. Yes it is still needed in 2.6.x > > -- you still have to use it to setup and manage individual rules. > > > > 2) 2.6.x indeed supports many components of netfilter out of the box, > > however there is still patch-o-matic-ng which can still add functionality > > not yet in the kernel or in userspace. > > > > 3) No, you do not need patches from newnat-suite by default, you need > > ip_conntrack_h323 and ip_nat_h323, although you might need newnat if your > > iptables is really old. > > I'm using iptables-1.2.9-5mdk.i586.rpm on LM10.0. The latest on > www.netfilter.org is 1.2.9. I guess those 2 modules is included in 1.2.9? > > > Keep in mind that *support* of netmeeting in this case is a loose > > terminology -- I believe that several functionalities are not covered by > > the h323 patches. > > All I wanted is the ability to see video & audio for both incoming and > outgoing calls. Is that supported in iptables-1.2.9? Do I need to apply > pom-ng on top of iptables? Looking at my kernel tarball, the bare 2.6.3 kernel does NOT include the h323 modules. I would say you need patches in p-o-m -- I'm not sure if mandrake has a package for p-o-m or not, but yes you need to add h323 modules. IIRC, netmeeting should provide video/audio with conntrack and nat of h323 and relevant ESTABLISHED,RELATED rules. -- be aware that you may not be able to recieve calls inside the firewall unless you forward the inbound connection requests -- the gnomemeeting website has some good rules on their faq pages that can help with netmeeting requests as well. Check out openh323.org for gatekeeper applications that can act as proxy for connection requests, thus mitigating functionality problems. MS netmeeting also uses UPNP -- this protocol has been discussed on this list previously, and you might want to read up on that as well. Alistair Tonner since my sig is on vacation, anyone care to fill this space? > > Regards, > Norman