Mailinglist Archive: opensuse (2271 mails)
| < Previous | Next > |
Re: [SLE] Netmeeting or H.323 with NAT (SuSEfirewall2)
- From: Damon Register <damon.w.register@xxxxxxxx>
- Date: Tue, 20 Apr 2004 07:40:13 -0700
- Message-id: <4085364D.7060200@xxxxxxxx>
Togan Muftuoglu wrote:
missed the syntax. according to the SuSEfirewall2 comments for this it
should be source,dest,protocol,sourceport,destport so I wrote
FW_REDIRECT="192.168.0.0/24,0/0,tcp,1720,1720"
are you sure it is this and not
FW_REDIRECT="0/0,192.168.0.0/24,tcp,1720,1720"
I got that far but it still doesn't work. I did the tests in the nmproxy
help section "The proxy does not seem to work properly, or at all"
and telnet localhost 1720 works but telnet firewall 1720 didn't work
at first. I added 1720 to FW_ALLOW_INCOMING_HIGHPORTS_TCP and then
it worked. Telnet some external address 1720 gets "connection refused".
The help says
If you get a "Connection refused" error, or it just times out, then the
REDIRECT rule for port 1720 is either wrong, or is being interfered with
by some other rule that precedes it.
I tried both
FW_REDIRECT="192.168.0.0/24,0/0,tcp,1720,1720"
and
FW_REDIRECT="0/0,192.168.0.0/24,tcp,1720,1720"
but neither worked. Any suggestions?
Damon Register
You should be able to use it via SuSEfirewall2cool
[1] iptables -I PREROUTING -t nat -p tcp --dport 1720 -j REDIRECTI am assuming that you were just doing this from memory and slightly
[2] iptables -I INPUT -p tcp --dport 10200:10209 -j ACCEPT
[3] iptables -I INPUT -p udp --dport 10200:10259 -j ACCEPT
Will translate into
[1] FW_REDIRECT=192.168.0.0/24,0/0.1720.1720
missed the syntax. according to the SuSEfirewall2 comments for this it
should be source,dest,protocol,sourceport,destport so I wrote
FW_REDIRECT="192.168.0.0/24,0/0,tcp,1720,1720"
are you sure it is this and not
FW_REDIRECT="0/0,192.168.0.0/24,tcp,1720,1720"
I got that far but it still doesn't work. I did the tests in the nmproxy
help section "The proxy does not seem to work properly, or at all"
and telnet localhost 1720 works but telnet firewall 1720 didn't work
at first. I added 1720 to FW_ALLOW_INCOMING_HIGHPORTS_TCP and then
it worked. Telnet some external address 1720 gets "connection refused".
The help says
If you get a "Connection refused" error, or it just times out, then the
REDIRECT rule for port 1720 is either wrong, or is being interfered with
by some other rule that precedes it.
I tried both
FW_REDIRECT="192.168.0.0/24,0/0,tcp,1720,1720"
and
FW_REDIRECT="0/0,192.168.0.0/24,tcp,1720,1720"
but neither worked. Any suggestions?
Damon Register
| < Previous | Next > |