H323 compile question again!

H323 compile question again!

[Shazad Malik]

Hello everyone......

I might be killing everyone with this question but I know what I'm
implementing is not wrong but i just cant get this DAMN h323 working! It's
getting very frustrating!

I have recompiled everything from scratch with the kernel and new iptables
but no luck!  This is what I have done: So can someone please tell me.

Approach ONE:
=============
iptables 1.2.6a and 2.4.18 kernel
1) make pending-patches KERNEL_DIR=/usr/src/linux
2) recompiled the kernel
3) make KERNEL_DIR=/usr/src/linux
4) make install KERNEL_DIR=/usr/src/linux


Approach TWO:
=============
iptables from snapshot iptables--20020605 and 2.4.18 kernel
1) cd iptables--20020605/patch-o-matic
2) ./runme base
3) ./runme extra
4) recompile the kernel
5) make KERNEL_DIR=/usr/src/linux
6) make install KERNEL_DIR=/usr/src/linux

I keep gettinf errors on newnat, h323 and talk patches like shown below:

=====================================================================
Testing... 0-newnat8.patch NOT APPLIED (93 rejects out of 96 hunks)
The newnat/0-newnat8 patch:
   Author: Harald Welte <laforge@gnumonks.org>,
   modified by Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   Status: Pending for kernel inclusion

   Implementation of the new nat API for kernel 2.4.17 and above.

   The whole newnat suite is dependent of it.
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] y
Testing patch newnat/0-newnat8.patch...
Failed to patch copy of /usr/src/linux
TEST FAILED: patch NOT applied.

====================================================================
Testing... h323-conntrack-nat.patch NOT APPLIED ( 3 missing files)
The newnat/h323-conntrack-nat patch:
   Author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   Status: Alpha

   This adds CONFIG_IP_NF_H323: H.323/netmeeting support module for
netfilter
   connection tracking and NAT. H.323 uses/relies on the following data
streams:

   Port         Description
   389          Internet Locator Server (TCP)
   522          User Location Server (TCP)
   1503                 T.120 Protocol (TCP)
   1720         H.323 (H.225 call setup, TCP)
   1731         Audio call control (TCP)
   Dynamic              H.245 call control (TCP)
   Dynamic              RTCP/RTP streaming (UDP)

   The H.323 conntrack/NAT modules support the connection tracking/NATing of
   the data streams requested on the dynamic ports. The helpers use the
   search/replace hack from the ip_masq_h323.c module for the 2.2 kernel
   series.

   At the very minimum, H.323/netmeeting (video/audio) is functional by
letting
   trough the 1720 port and loading these H.323 module(s).

   The H.323 conntrack/NAT modules do not support

   - H.245 tunnelling
   - H.225 RAS (gatekeepers)
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] y
Testing patch newnat/h323-conntrack-nat.patch...
   Placed new Config.in line
   Placed new Config.in line
   Placed new Configure.help entry
   Placed new Makefile line
Could not find place to slot in ip_conntrack.h line
Could not find place to slot in ip_conntrack.h line
Could not find place to slot in ip_conntrack.h line
TEST FAILED: patch NOT applied.

Can someone help me out here............... I am just going crazy here and
have spend endless hours on this problem!

Cheers,
shazad

-- 
Shazad Malik
work: (845)623-2161
fax: (845) 623-1154

Re: H323 compile question again!

[Robert La Ferla]

I think we need a FAQ for the Netfilter with H323.  Here are two web 
pages that can help.  However, I think we may need something that is (1) 
updated and (2) describes what you can and cannot do with various 
versions of the software and (3) answers other questions.  Anyone want 
to help put together a FAQ?

http://www.aboutbillbell.com/ContentPage.jsp?content_page_id=44
http://www.kfki.hu/~kadlec/sw/netfilter

Re: H323 compile question again!

[Shazad Malik]

Still getting the same error!!!! as mentioned in my original mail.

It just does not go away!  There has to be something else..... I have done
pretty much everything that has been recommeded!  So, anyone... out there
have any clues? ideas?

Cheers
Shazad

> I think we need a FAQ for the Netfilter with H323.  Here are two web
> pages that can help.  However, I think we may need something that is
> (1)  updated and (2) describes what you can and cannot do with various
> versions of the software and (3) answers other questions.  Anyone want
> to help put together a FAQ?
>
> http://www.aboutbillbell.com/ContentPage.jsp?content_page_id=44
> http://www.kfki.hu/~kadlec/sw/netfilter


-- 
Shazad Malik
work: (845)623-2161
fax: (845) 623-1154

vpn+nat+routing

[Nick Bashev]

Hello,
I have strange problem. I have VPN channel on my server for my internet
connection, I have peering network with other providers. I use iproute2 to
to get to my peering. everything looks nice. But since i want to implement
transparen proxy to my server i can make outgoing connections with only one
ip address the one from my VPN. So using proxy I'm loosing my iproute2
settings. All I need to know is can I use netfilter to masq my outgoing
proxy IP with the one from my peering interface so the iproute2 setting does
not forward the request trough my VPN. Does any body know what comes first
routing or netfilter and when i'm going to masq my outging packet from local
interface. Where i have to do the masq. Is there any chanse that i can mask
before entering the iproute2 rules.

I tried to find information on that but i got lost in docs,
Any help will be appreciated

BTW, on my rh7.1 kernel 2.4.18
mppe patched
iptables 1.2.7 from the cvs
including h323
compiles like a charm.10x guys for the awesome job.

Regards,
Nick
P.S. Sorry for my english.

Re: H323 compile question again!

[Alexey Talikov]

Apply this patches before newnat:
(iptables-20020527)
arptables
congig-cleanup
conntrack+nat-helper-unregister (even if kernel-2.4.18)
ip_conntrack_protocol_destroy
ip_conntrack_protocol_unregister
macro-trailing-semicolon-fix
nat-export_symbols
netfilter-arp
REJECT-dont_fragment


07.06.2002 22:16:14, "Shazad Malik" <smalik@vistawiz.com> wrote:

>Hello everyone......
>
>I might be killing everyone with this question but I know what I'm
>implementing is not wrong but i just cant get this DAMN h323 working! It's
>getting very frustrating!
>
>I have recompiled everything from scratch with the kernel and new iptables
>but no luck!  This is what I have done: So can someone please tell me.
>
>Approach ONE:
>=============
>iptables 1.2.6a and 2.4.18 kernel
>1) make pending-patches KERNEL_DIR=/usr/src/linux
>2) recompiled the kernel
>3) make KERNEL_DIR=/usr/src/linux
>4) make install KERNEL_DIR=/usr/src/linux
>
>
>Approach TWO:
>=============
>iptables from snapshot iptables--20020605 and 2.4.18 kernel
>1) cd iptables--20020605/patch-o-matic
>2) ./runme base
>3) ./runme extra
>4) recompile the kernel
>5) make KERNEL_DIR=/usr/src/linux
>6) make install KERNEL_DIR=/usr/src/linux
>
>I keep gettinf errors on newnat, h323 and talk patches like shown below:
>
>=====================================================================
>Testing... 0-newnat8.patch NOT APPLIED (93 rejects out of 96 hunks)
>The newnat/0-newnat8 patch:
>   Author: Harald Welte <laforge@gnumonks.org>,
>   modified by Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
>   Status: Pending for kernel inclusion
>
>   Implementation of the new nat API for kernel 2.4.17 and above.
>
>   The whole newnat suite is dependent of it.
>-----------------------------------------------------------------
>Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] y
>Testing patch newnat/0-newnat8.patch...
>Failed to patch copy of /usr/src/linux
>TEST FAILED: patch NOT applied.
>
>====================================================================
>Testing... h323-conntrack-nat.patch NOT APPLIED ( 3 missing files)
>The newnat/h323-conntrack-nat patch:
>   Author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
>   Status: Alpha
>
>   This adds CONFIG_IP_NF_H323: H.323/netmeeting support module for
>netfilter
>   connection tracking and NAT. H.323 uses/relies on the following data
>streams:
>
>   Port         Description
>   389          Internet Locator Server (TCP)
>   522          User Location Server (TCP)
>   1503                 T.120 Protocol (TCP)
>   1720         H.323 (H.225 call setup, TCP)
>   1731         Audio call control (TCP)
>   Dynamic              H.245 call control (TCP)
>   Dynamic              RTCP/RTP streaming (UDP)
>
>   The H.323 conntrack/NAT modules support the connection tracking/NATing of
>   the data streams requested on the dynamic ports. The helpers use the
>   search/replace hack from the ip_masq_h323.c module for the 2.2 kernel
>   series.
>
>   At the very minimum, H.323/netmeeting (video/audio) is functional by
>letting
>   trough the 1720 port and loading these H.323 module(s).
>
>   The H.323 conntrack/NAT modules do not support
>
>   - H.245 tunnelling
>   - H.225 RAS (gatekeepers)
>-----------------------------------------------------------------
>Do you want to apply this patch [N/y/t/f/a/r/b/w/v/q/?] y
>Testing patch newnat/h323-conntrack-nat.patch...
>   Placed new Config.in line
>   Placed new Config.in line
>   Placed new Configure.help entry
>   Placed new Makefile line
>Could not find place to slot in ip_conntrack.h line
>Could not find place to slot in ip_conntrack.h line
>Could not find place to slot in ip_conntrack.h line
>TEST FAILED: patch NOT applied.
>
>Can someone help me out here............... I am just going crazy here and
>have spend endless hours on this problem!
>
>Cheers,
>shazad
>
>-- 
>Shazad Malik
>work: (845)623-2161
>fax: (845) 623-1154
>
>
>

-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------