From: Beppe <ipt@beep.mine.nu>
To: "netfilter@lists.netfilter.org" <netfilter@lists.netfilter.org>
Subject: Re: More H.323 questions
Date: Wed, 03 Sep 2003 12:02:24 +0200 [thread overview]
Message-ID: <3F55BC30.1040801@beep.mine.nu> (raw)
In-Reply-To: <200309020523.WAA28180@smtp08.phx.gblx.net>
Hi Mark,
Mark Goldberg wrote:
> I've built kernel 2.4.22 with the h.323 extensions from pom. Iptables is 1.2.8. I installed teh new kernel and included the following rules:
>
> Basically, I want to only establish h.323 with a specific ip after I initiate it from an internal machine on the network normally using NAT.
>
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j LOG --log-level 6 --log-prefix "1503 in " >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j LOG --log-level 6 --log-prefix "1720 in " >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -i eth0 -j LOG --log-level 6 --log-prefix "Anything else in " >>/var/log/netfiltersetup.log 2>&1
>
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1503 -i eth0 -j DNAT --to $DEST >>/var/log/netfiltersetup.log 2>&1
> /usr/local/sbin/iptables -t nat -A PREROUTING -s $SRC -p tcp -m state --state RELATED --dport 1720 -i eth0 -j DNAT --to $DEST >>/var/log/netfiltersetup.log 2>&1
>
Check if your h.323 module is loaded, do lsmod (if its a module) if not
modprobe it.
I don't realy know but, shouldn't the state be ESTABLISHD and RELATED?
> There are no errors in netfiltersetup.log.
There ar no errors :)
>
> Iptables -L -v -n does not show the rules, but iptables-save does show them.
The default table is filter you have just appended in the nat table
try
iptables -L PREROUTING -t nat -v -n
>
> Nothing is logged and it does not seem to work. Before the rules were added, incoming to 1503 and 1720 triggered another rule that logged them.
> Ethereal does not show any packets coming in that match the above. It did before the rules were added.
>
> If anyone has a suggestion or can explain why listing the rules does not show any PREROUTING or POSTROUTING rules, please let me know.
>
> I'm basically at a loss as to what to do next. Troubleshooting tips are welcome. Thanks.
>
>
>
> Mark Goldberg
> goldber@globalcrossing.net
>
>
Take care,
::Beppe
next prev parent reply other threads:[~2003-09-03 10:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-02 5:36 More H.323 questions Mark Goldberg
2003-09-03 10:02 ` Beppe [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-09-03 22:44 George Vieira
2003-09-04 1:12 ` Ramin Dousti
2003-09-04 1:39 ` DALive Editor
2003-09-04 1:50 George Vieira
2003-09-04 16:26 ` Ramin Dousti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F55BC30.1040801@beep.mine.nu \
--to=ipt@beep.mine.nu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox