Thread: M$ Netmeeting through Linux NAT?
View Single Post

  #3 (permalink)  
Old 01-19-2004
Steffen Engmann
 
Posts: n/a
Default Re: M$ Netmeeting through Linux NAT?
Rich Piotrowski wrote:
> On Thu, 15 Jan 2004 22:11:21 +0100, Steffen Engmann <steffen@engmann.de>
> wrote:
>
>
>>Hi,
>>
>>I'd like to use Microsoft's Netmeeting on a Windows box in my private
>>LAN for communicating with Netmeeting users in the Internet through my
>>Linux NAT box.
>>
>>I have patched kernel 2.4.20 for the H.323 modules using netfilter's
>>patch-o-matic, finally rebooted, loaded the compiled modules
>>(ip_conntrack_h323 and ip_nat_h323) and configured the DNAT and
>>forwarding entries in the firewall.
>>
>>Now I can set up Netmeeting connections with hosts in the Internet, but
>>only data applications go through (chat, application sharing), no voice,
>>no video. Both hosts even don't send a single UDP packet for
>>voice/video, thus I assume that something's wrong with the H.323
>>negotiation. (How can I check whether the h323 modules are really
>>performing some action at all?)
>>Voice/video works fine inside the private LAN.
>>
>>Any ideas?
>>
>>Thanks for your assistance,
>> Steffen
>
>
> How about your firewall? You will need to open TCP ports 1503, 1718-1721
> and 1731. Also all UDP ports above 1024. Using the modules, as the
> machine behind the firewall, you must be the one to initiate the
> connection.
>
> If you are feeling ambitious, you may want to use a gatekeeper instead.
> I am using this one.
>
> http://www.gnugk.org/h323download.html
>

Yes, it's working perfectly with gnugk! And even easier to install than
the netfilter-mods ...
Only drawback: All my friends have to register at my Gatekeeper first.
Thanks,
Steffen

Here's my /etc/gnugk.ini
# /etc/gnugk.ini
[Gatekeeper::Main]
Fourtytwo=42

[RoutedMode]
GKRouted=1
H245Routed=1
AcceptUnregisteredCalls=1
SupportNATedEndpoints=1
H245PortRange=30000-30020
Q931PortRange=40000-40020

[RasSrv::ARQFeatures]
CallUnregisteredEndpoints=1

[Proxy]
Enable=1
RTPPortRange=50000-50020
InternalNetwork=192.168.1.0/24
ProxyForNAT=1

[GkStatus::Auth]
rule=allow

[Gatekeeper::Auth]
default=allow
# End of /etc/gnugk.ini

And the iptable filter rules:
$IPTABLES -A INPUT -i $EXT -p UDP -d $MY_IP_EXT --dport 1718:1719 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP -d $MY_IP_EXT --dport 1721 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP -d $MY_IP_EXT --dport 30000:30020 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p TCP -d $MY_IP_EXT --dport 40000:40020 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i $EXT -p UDP -d $MY_IP_EXT --dport 50000:50020 \
-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


Reply With Quote