[Shorewall-newbies] H323 and videoconferencing

gregory aeon at pandora.be
Tue Dec 9 22:35:24 PST 2003


Francesca C. Smith wrote:

>On Mon, 2003-12-08 at 17:06, gregory wrote:
>  
>
>>Francesca C Smith wrote:
>>
>>    
>>
>>>Hello,
>>>
>>>Something like .. 
>>>
>>>ip_conntrack_h323
>>>
>>>ip_nat_h323
>>>
>>> 
>>>
>>>      
>>>
>>Ok, it's not there and I've checked the kernelconfig. It's not there 
>>either. I suppose it's a separate module that has to be patched with the 
>>kernel source first? Am I right?
>>I suppose I have to get the module at 
>>http://www.kfki.hu/%7Ekadlec/sw/netfilter/newnat-suite/
>>Am I right? I'm a bit worried, the page seems outdated, I'm using kernel 
>>2.4.18 on my router.
>>Also is there some tutorial on how to patch?
>>
>>Gregory
>>
>>
>>    
>>
>
>Look here
>
>http://www.netfilter.org/documentation/index.html#HOWTO
>
>Hacking Net filter And Net Filter Extensions are rather well written and
>you will get through this :-)
>
>And it looks like that module is updated as of 2002 .. You can of course
>post or search the net filter archives .. 
>
>Francesca
>  
>

Ok, suppose I somehow do it and manage to install the h323 patch :)
What does it give me? I mean does it mean I have automatically h323
support and have to do nothing to be able to enjoy videoconferencing? No
rules to set up in my firewall etc?
Forgive my questions .. after all this is the newbie mailing list :)

Also on a side note, can you tell me what rules I have to add to allow
h323 connection in Shorewall? I know it's a security risk, but I would
like to try it. The firewall isn't running on a mission critical system.
I know the ports h323 uses, 1720 1731 and dynamic 1024 to 65535. But I
can't figure out the exact rules to apply in Shorewall.
ACCEPT  net     loc     tcp     1720
ACCEPT  loc     net     tcp     1731
ACCEPT  loc     net     tcp     1024:65535
ACCEPT  loc     net      udp     1024:65535

Doesn't work. Anyone?


Gregory




More information about the Shorewall-newbies mailing list