HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

[Robert La Ferla]

[-- Attachment #1: Type: text/plain, Size: 801 bytes --]

I am trying to get NetMeeting to work using 2.4.19pre9, newnat13 and
H323.  I can get a chat and whiteboard connection.  I can occasionally
hear the other person but not 2-way audio or video.  This seems to be
worse than my older 2.4.17 configuration with newnat8.

One thing I noticed is that when I do a lsmod | grep h323, I see:

ip_nat_h323             2576   0  (autoclean) (unused)
iptable_nat            14672   3  (autoclean) [ipt_MASQUERADE
ip_nat_h323 ip_nat_ftp]
ip_conntrack_h323       2352   1  (autoclean)
ip_conntrack           16176   4  (autoclean) [ipt_MASQUERADE
ip_nat_h323 ip_nat_ftp ipt_state iptable_nat ip_conntrack_h323
ip_conntrack_ftp]

Notice that the ip_nat_h323 is unused.  Even if I dial using NetMeeting,
it remains unused.

How do I get this working?

Thanks,
Robert


[-- Attachment #2: Type: text/html, Size: 1234 bytes --]

ip_conntrack: table full, dropping packet. - Anyone????? Frustrating!

[Shazad Malik]

Hello everyone -

I have thoroughly searched the internet for this error message which keeps
getting prompted in my logs and drops packets.  I just cant figure out why
this problem is occuring.  Initially, I thought it was my IPSEC connections
which were the culprit but that is not true.

I have seen other explanations such as incresing your tcp max number as
your physical mem. increase.  Check you /proc/net/ip_conntrack file for the
current connections.  But none of these factors have anything to do with
this error.  I have only 2 connections, doing regular HTTP gets and its
filling my log file:


Jun  2 09:50:39 new kernel: ip_conntrack: table full, dropping packet.
Jun  2 09:53:29 new kernel: ip_conntrack: table full, dropping packet.
Jun  2 09:57:14 new kernel: ip_conntrack: table full, dropping packet.

Re: HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

[Jozsef Kadlecsik]

On Sat, 1 Jun 2002, Robert La Ferla wrote:

> I am trying to get NetMeeting to work using 2.4.19pre9, newnat13 and
> H323.  I can get a chat and whiteboard connection.  I can occasionally
> hear the other person but not 2-way audio or video.  This seems to be
> worse than my older 2.4.17 configuration with newnat8.

Some bugs have been fixed since then :-).

But seriously, the H.323 (conntrack/nat) helper is based on a crude hack.
It works only in the most simplest cases, when nothing as complicated as
"faststart/H.245 tunnelling", gatekeeper, RAS, etc are involved.

> One thing I noticed is that when I do a lsmod | grep h323, I see:
>
> ip_nat_h323             2576   0  (autoclean) (unused)
> iptable_nat            14672   3  (autoclean) [ipt_MASQUERADE
> ip_nat_h323 ip_nat_ftp]
> ip_conntrack_h323       2352   1  (autoclean)
> ip_conntrack           16176   4  (autoclean) [ipt_MASQUERADE
> ip_nat_h323 ip_nat_ftp ipt_state iptable_nat ip_conntrack_h323
> ip_conntrack_ftp]
>
> Notice that the ip_nat_h323 is unused.  Even if I dial using NetMeeting,
> it remains unused.

The module usage has no relation with the number of the ongoing netmeeting
sessions. "unused" means: "no other module depends on me"

Regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: ip_conntrack: table full, dropping packet. - Anyone????? Frustrating!

[Jozsef Kadlecsik]

Hello,

On Sun, 2 Jun 2002, Shazad Malik wrote:

> I have seen other explanations such as incresing your tcp max number as
> your physical mem. increase.  Check you /proc/net/ip_conntrack file for the
> current connections.  But none of these factors have anything to do with
> this error.  I have only 2 connections, doing regular HTTP gets and its
> filling my log file:

You mean, that the command

# wc -l /proc/net/ip_conntrack

results something like "2 /proc/net/ip_conntrack" and you still got
the messages:

> Jun  2 09:50:39 new kernel: ip_conntrack: table full, dropping packet.

Simply unbelievable...

Regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

[Robert La Ferla]

Are you saying that H.323 connection tracking just doesn't work?  It 
certainly isn't working for me.  I keep seeing posts from people having 
trouble setting it up so I know I'm not alone.

All I would like to do is have one designated Windows host on my LAN, be 
able to use NetMeeting audio/video through a Netfilter NAT.  Being able 
to use multiple hosts would be a plus.

Sincerely,
Robert

Re: HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

[Joffer]

It works fine for me. 2.4.19-pre9 and iptables-CVS-2002-05-28

did you load
modprobe ip_conntrack_h323
modprobe ip_nat_h323

I'm allowing all traffic originating from my Lan out on the internet, and I
can connect with video/audio to other netmeeting users, at least those with
an ordinary ip adress; this means I haven't tried to connect to anyone who
has been NAT'ed, and I probably can't get somebody to connect to me, not
without setting up additional rules..

/Christopher

----- Original Message -----
From: "Robert La Ferla" <robertlaferla@attbi.com>
To: "Jozsef Kadlecsik" <kadlec@blackhole.kfki.hu>
Cc: <netfilter@lists.samba.org>
Sent: Monday, June 03, 2002 6:11 PM
Subject: Re: HELP - NetMeeting, H323, 2.4.19pre9 and newnat13


> Are you saying that H.323 connection tracking just doesn't work?  It
> certainly isn't working for me.  I keep seeing posts from people having
> trouble setting it up so I know I'm not alone.
>
> All I would like to do is have one designated Windows host on my LAN, be
> able to use NetMeeting audio/video through a Netfilter NAT.  Being able
> to use multiple hosts would be a plus.
>
> Sincerely,
> Robert
>
>
>
>

Re: HELP - NetMeeting, H323, 2.4.19pre9 and newnat13

[Jozsef Kadlecsik]

On Mon, 3 Jun 2002, Robert La Ferla wrote:

> Are you saying that H.323 connection tracking just doesn't work?  It
> certainly isn't working for me.  I keep seeing posts from people having
> trouble setting it up so I know I'm not alone.

We are facing two separated problems:

- applying the patch. People tend to forget applying the newnat patch or
  all the pending patches.

- using the functionality. I can repeat only myself. It works, but only in
  the (most) simple cases. [Sometimes I think the patch should have never
  been written. :-(]

> All I would like to do is have one designated Windows host on my LAN, be
> able to use NetMeeting audio/video through a Netfilter NAT.  Being able

If you want to call out only, this is simple and doable by
SNAT/MASQUERADE. I you want that the host could be called from outside,
then it is doable by DNAT.

> to use multiple hosts would be a plus.

Multiple hosts can call out, no problem. However, because they're NATed,
the hosts cannot be called.

All the above will fail if netmeeting use the faststart option (H.245
tunnelling) or there is a gatekeeper involved at any side.

Regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
WWW-Home: http://www.kfki.hu/~kadlec
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary