From: Beppe <ipt@beep.mine.nu>
To: "netfilter@lists.netfilter.org" <netfilter@lists.netfilter.org>
Subject: Re: More H.323 questions
Date: Wed, 03 Sep 2003 12:02:24 +0200 [thread overview]
Message-ID: <3F55BC30.1040801@beep.mine.nu> (raw)
In-Reply-To: <200309020523.WAA28180@smtp08.phx.gblx.net>
Hi Mark,
Mark Goldberg wrote:
> I've built kernel 2.4.22 with the h.323 extensions from pom. Iptables is 1.2.8. I installed teh new kernel and included the following rules:
>
> Basically, I want to only establish h.323 with a specific ip after I initiate it from an internal machine on the network normally using NAT.
>
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j LOG --log-level 6 --log-prefix "1503 in " >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j LOG --log-level 6 --log-prefix "1720 in " >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -i eth0 -j LOG --log-level 6 --log-prefix "Anything else in " >>/var/log/netfiltersetup.log 2>&1
>
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j DNAT --to $DEST >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j DNAT --to $DEST >>/var/log/netfiltersetup.log 2>&1
>
Check if your h.323 module is loaded, do lsmod (if its a module) if not
modprobe it.
I don't realy know but, shouldn't the state be ESTABLISHD and RELATED?
> There are no errors in netfiltersetup.log.
There ar no errors :)
>
> Iptables -L -v -n does not show the rules, but iptables-save does show them.
The default table is filter you have just appended in the nat table
try
iptables -L PREROUTING -t nat -v -n
>
> Nothing is logged and it does not seem to work. Before the rules were added, incoming to 1503 and 1720 triggered another rule that logged them.
> Ethereal does not show any packets coming in that match the above. It did before the rules were added.
>
> If anyone has a suggestion or can explain why listing the rules does not show any PREROUTING or POSTROUTING rules, please let me know.
>
> I'm basically at a loss as to what to do next. Troubleshooting tips are welcome. Thanks.
>
>
>
> Mark Goldberg
> goldber@globalcrossing.net
>
>
Take care,
::Beppe
next prev parent reply other threads:[~2003-09-03 10:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-02 5:36 More H.323 questions Mark Goldberg
2003-09-03 10:02 ` Beppe [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-09-03 22:44 George Vieira
2003-09-04 1:12 ` Ramin Dousti
2003-09-04 1:39 ` DALive Editor
2003-09-04 1:50 George Vieira
2003-09-04 16:26 ` Ramin Dousti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F55BC30.1040801@beep.mine.nu \
--to=ipt@beep.mine.nu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.