Home > English, OSS Solutions, Tech Crunch > H.323 through a Netfilter (Linux 2.4) firewall

H.323 through a Netfilter (Linux 2.4) firewall

To communicate using a tool like Microsoft NetMeeting or GnomeMeeting through a Linux (kernel 2.4.x-based) firewall, you have to redirect some ports to one IP address in the inside network, otherwise, it won’t work.

Here is a little script meant to achieve exactly that:

#!/bin/sh
# Script to redirect H.323 trafic to one specific IP behind the firewall

IPTABLES=/sbin/iptables
OUT_DEV=ppp0
IN_HOST=192.168.11.33
TCP_PORT_RANGE=30000:30010
UDP_PORT_RANGE=5000:5003
TCP_LISTENING_PORT=1720

#$IPTABLES -t nat -A POSTROUTING -o $OUT_DEV -j MASQUERADE
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p tcp --dport $TCP_PORT_RANGE -j DNAT --to-dest $IN_HOST
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p udp --dport $UDP_PORT_RANGE -j DNAT --to-dest $IN_HOST
$IPTABLES -A FORWARD -p tcp -i $OUT_DEV --dport $TCP_PORT_RANGE -d $IN_HOST -j ACCEPT
$IPTABLES -A FORWARD -p udp -i $OUT_DEV --dport $UDP_PORT_RANGE -d $IN_HOST -j ACCEPT
$IPTABLES -t nat -A PREROUTING -i $OUT_DEV -p tcp --dport $TCP_LISTENING_PORT -j DNAT --to-dest $IN_HOST
$IPTABLES -A FORWARD -p tcp -i $OUT_DEV --dport $TCP_LISTENING_PORT -d $IN_HOST -j ACCEPT

You have of course to modify the variables at the beginning to suit your particuliar setup. This one works for a bunch of Debian-based installs with ADSL connection.

This article was first written in October 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/75)
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: