H323, Netmeeting and Videoconference

Stefan_Walther@gehag-dsk.de Stefan_Walther@gehag-dsk.de
Fri, 29 Mar 2002 16:44:39 +0100 

This is a multipart message in MIME format.
--=_alternative 0056925DC1256B8B_=
Content-Type: text/plain; charset="us-ascii"

Hi folks,

at first thanks for the fast fix for NEWNAT in the last weeks.

Now I had installed it with kernel 2.4.18, but there is one problem left. 
Maybe there is someone who can tell me how I can fix it.

Netmeeting now works fine except the videoconference. I can access the 
whiteboard and the chat, but I cannot see the video or can hear the audio 
from my partner on the other side. The same way is the other way around.

I had configured everthing directly to the kernel no modules. I have and 
T-DSL con and I'm using masquerading.

Here is my config:



Best Regards,
MfG.

Stefan Walther
stefan_walther@gehag-dsk.de
dienst.: +4930/89786448
Funk: +49172/3943961#!/bin/bash

<--snip-->
# set -x

EXT="ppp0"
INT="eth0"
LO="lo"

INTIP="192.168.0.1"
ANY="Any/0"
PRIVP="0:1023"
UNPRI="1024:65535"

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo 1 > f
done
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -X
iptables -F
iptables -t nat -F
iptables -t nat -X

iptables -A INPUT   -i $INT -j ACCEPT
iptables -A OUTPUT  -o $INT -j ACCEPT
iptables -A FORWARD -i $INT -j ACCEPT
iptables -A FORWARD -o $INT -j ACCEPT

iptables -A INPUT  -i $LO -j ACCEPT
iptables -A OUTPUT -o $LO -j ACCEPT

iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE
iptables -A FORWARD -i $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $EXT -m state --state NEW -j ACCEPT

iptables -A OUTPUT -o $EXT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT  -i $EXT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o $EXT -p tcp --sport $UNPRI --dport 53 -j ACCEPT
iptables -A INPUT  -i $EXT -p tcp --sport 53 --dport $UNPRI -j ACCEPT

iptables -A FORWARD -i $EXT -p tcp --dport 113 --syn -j REJECT

iptables -A INPUT -j LOG --log-prefix "input "
iptables -A OUTPUT -j LOG --log-prefix "output "
iptables -A FORWARD -j LOG --log-prefix "forward "
<--snip-->
--=_alternative 0056925DC1256B8B_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="sans-serif">Hi folks,</font>
<br>
<br><font size=2 face="sans-serif">at first thanks for the fast fix for NEWNAT in the last weeks.</font>
<br>
<br><font size=2 face="sans-serif">Now I had installed it with kernel 2.4.18, but there is one problem left. Maybe there is someone who can tell me how I can fix it.</font>
<br>
<br><font size=2 face="sans-serif">Netmeeting now works fine except the videoconference. I can access the whiteboard and the chat, but I cannot see the video or can hear the audio from my partner on the other side. The same way is the other way around.</font>
<br>
<br><font size=2 face="sans-serif">I had configured everthing directly to the kernel no modules. I have and T-DSL con and I'm using masquerading.</font>
<br>
<br><font size=2 face="sans-serif">Here is my config:</font>
<br>
<br>
<br>
<br><font size=2 face="sans-serif">Best Regards,<br>
MfG.<br>
<br>
Stefan Walther<br>
stefan_walther@gehag-dsk.de<br>
dienst.: +4930/89786448<br>
Funk: +49172/3943961#!/bin/bash</font>
<br>
<br><font size=2 face="sans-serif">&lt;--snip--&gt;</font>
<br><font size=2 face="sans-serif"># set -x</font>
<br>
<br><font size=2 face="sans-serif">EXT=&quot;ppp0&quot;</font>
<br><font size=2 face="sans-serif">INT=&quot;eth0&quot;</font>
<br><font size=2 face="sans-serif">LO=&quot;lo&quot;</font>
<br>
<br><font size=2 face="sans-serif">INTIP=&quot;192.168.0.1&quot;</font>
<br><font size=2 face="sans-serif">ANY=&quot;Any/0&quot;</font>
<br><font size=2 face="sans-serif">PRIVP=&quot;0:1023&quot;</font>
<br><font size=2 face="sans-serif">UNPRI=&quot;1024:65535&quot;</font>
<br>
<br><font size=2 face="sans-serif">echo 1 &gt; /proc/sys/net/ipv4/tcp_syncookies</font>
<br><font size=2 face="sans-serif">for f in /proc/sys/net/ipv4/conf/*/rp_filter; do</font>
<br><font size=2 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; echo 1 &gt; f</font>
<br><font size=2 face="sans-serif">done</font>
<br><font size=2 face="sans-serif">echo 1 &gt; /proc/sys/net/ipv4/ip_forward</font>
<br>
<br><font size=2 face="sans-serif">iptables -P INPUT DROP</font>
<br><font size=2 face="sans-serif">iptables -P OUTPUT DROP</font>
<br><font size=2 face="sans-serif">iptables -P FORWARD DROP</font>
<br><font size=2 face="sans-serif">iptables -X</font>
<br><font size=2 face="sans-serif">iptables -F</font>
<br><font size=2 face="sans-serif">iptables -t nat -F</font>
<br><font size=2 face="sans-serif">iptables -t nat -X</font>
<br>
<br><font size=2 face="sans-serif">iptables -A INPUT &nbsp; -i $INT -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A OUTPUT &nbsp;-o $INT -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A FORWARD -i $INT -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A FORWARD -o $INT -j ACCEPT</font>
<br>
<br><font size=2 face="sans-serif">iptables -A INPUT &nbsp;-i $LO -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A OUTPUT -o $LO -j ACCEPT</font>
<br>
<br><font size=2 face="sans-serif">iptables -t nat -A POSTROUTING -o $EXT -j MASQUERADE</font>
<br><font size=2 face="sans-serif">iptables -A FORWARD -i $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A FORWARD -i $EXT -m state --state NEW -j ACCEPT</font>
<br>
<br><font size=2 face="sans-serif">iptables -A OUTPUT -o $EXT -p udp --sport 1024:65535 --dport 53 -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A INPUT &nbsp;-i $EXT -p udp --sport 53 --dport 1024:65535 -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A OUTPUT -o $EXT -p tcp --sport $UNPRI --dport 53 -j ACCEPT</font>
<br><font size=2 face="sans-serif">iptables -A INPUT &nbsp;-i $EXT -p tcp --sport 53 --dport $UNPRI -j ACCEPT</font>
<br>
<br><font size=2 face="sans-serif">iptables -A FORWARD -i $EXT -p tcp --dport 113 --syn -j REJECT</font>
<br>
<br><font size=2 face="sans-serif">iptables -A INPUT -j LOG --log-prefix &quot;input &quot;</font>
<br><font size=2 face="sans-serif">iptables -A OUTPUT -j LOG --log-prefix &quot;output &quot;</font>
<br><font size=2 face="sans-serif">iptables -A FORWARD -j LOG --log-prefix &quot;forward &quot;</font>
<br><font size=2 face="sans-serif">&lt;--snip--&gt;</font>
--=_alternative 0056925DC1256B8B_=--