Hi, First, great job on the H323 stuff, makes my life so much easier.
This is my first post to this group so please bear with me. I have installed a 2.4.18 kernel with the latest (as of 24/5/02) iptables (1.2.7). NetMeeting from an internal W2K NATed machine to another internal NATed machine across the internet appears to work ok (audio and video). Both networks are running Linux 2.4.18 as the firewall. But the whiteboard and other features only work if we open all ports on at least one machine. I also note that ethereal shows this: No Time Source Destination Protocol Info 29 7.4564 choco 192.168.0.2 TCP 2313->1503 [SYN] .... Where choco is my machine, and 192.168.0.2 is the other machines internal ip address. This SYN packet will presumably never arrive, indeed there is no ACK packet following. My relevant rules are: $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED, RELATED -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 1720 -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 1503 -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 389 -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 522 -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 1720 -j DNAT --to 192.168.2.7 $IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 1503 -j DNAT --to 192.168.2.7 $IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 389 -j DNAT --to 192.168.2.7 $IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 522 -j DNAT --to 192.168.2.7 where 192.168.2.7 is my internal ip. 2 questions What other ports need to be open to enable whiteboard, or is it so dynamic they all need to be open? How has my machine got hold of the internal ip address of the remote machine?
