h323 over nat firewall - queries

Ming-Ching Tiew mingching.tiew at redtone.com
Thu Jul 14 09:47:57 CEST 2005

From: "Ming-Ching Tiew" <mingching.tiew at redtone.com>

> I have a case where I have H323 VoIP equipments located behind
> Linux nat-box running ip_h323_nat and ip_conntrack_h323.
> We have various combination of traffic and some of them deemed
> successful and some of them I experience some weird problems 
> such as not able to hear to voice and/or chopping voice.
> Upon troubleshooting and narrowing down the problem, I suspect 
> that the modules might have some limitation and so I am posting 
> here to see if anyone enlighten me on this subject.
> I remember certain conntrack modules only allow one client to be
> behind nat, so I am asking :-
> If I have one H323 VoIP equipment going to multiple H323 counter 
> parts on the internet at the same time, via the Linux nat conntrack 
> module, if it is going to work correctly ? ie I have one source private 
> IP, but going to multiple destination public IPs via the H323 conntrack 
> module, is this a supported configuration ?

I did not get any comments on this ?

Upon further checking I found the 2.6 kernel has a difference source
from the 2.4 kernel and my problem was seen on 2.4 kernel. By any
chance, this "suspected limitation" has been fixed in 2.6 kernel ?

Is it worthwhile testing it on 2.6 kernel ?

More information about the netfilter mailing list