-
January 17th, 2006, 02:24 PM
#21
Iknownot: just trying to add something to your post, the REDIRECT target is correct.
Redirect is commonly used on transparent proxy. It redirects routed frames to the firewall machine. If i understand correctly, that proxy is running under same linux as iptables and there is no proxy configuration on netmeeting (if there is, i think that is not a "transparent proxy"). If you dont specify any subkeyword on REDIRECT, the port wont be changed (that is the desired behavior).
I still think that a proxy inst necessary on that configuration and just make the thing worst. However im too lazzy to write an entire iptables configuration here
Meu sÃtio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
January 17th, 2006, 03:06 PM
#22
This is how i did it. I installed nmproxy on fedora without any problems. Then enabled IP forwarding.
Only had one error cp: cannot stat 'nmproxy.Linux' : No such file or directory
but that was easly fixed by doing this:
cp Makefile.Linux Makefile
make
After that just installed it as usual.
I then opened port 1720 on my firewall.
Net Meeting opens random ports for video and audio so it wont work over a firewall without
some help from nmproxy.
I ran this next:
iptables -A PREROUTING -t nat -p TCP -d $ip_of_your_firewall
--dport 1720 -j DNAT --to $ip_of netmeeting_box:1720
These open needed ports for nmproxy. You need these and you'll find it in nmproxy.conf file:
iptables -I INPUT -p tcp --dport 1720 -j ACCEPT
iptables -I INPUT -p tcp --dport 10200:10209 -j ACCEPT
iptables -I INPUT -p udp --dport 10200:10259 -j ACCEPT
My proxy and my firewall are on different machines. So i copied these specific rules of the web from http://www.cryogenic.net/nmproxy.html#Firewall:
iptables -I PREROUTING -t nat -p tcp --dport 10200:10209 -d $FIREWALL -j DNAT --to-destination $PROXY
iptables -I PREROUTING -t nat -p udp --dport 10200:10259 -d $FIREWALL -j DNAT --to-destination $PROXY
iptables -I PREROUTING -t nat -p tcp --dport 1720 ! -s $PROXY -j DNAT --to-destination $PROXY
In nmproxy.conf i only changed the follwoing line
# default_forward=4.5.6.7
to default_forward=192.168.0.37
Its working fine and it was easy to setup. I think its excellent and easy to use. The only bad thing about nmproxy is that it's not free for commerical use.
-
January 18th, 2006, 12:25 PM
#23
Iknownot: just trying to add something to your post, the REDIRECT target is correct.
Yes, I believe you are correct. Apparently it is used to intercept all requests to the outside, from inside. I was thinking the other way, since I am used to seeing this with changing the ports from within.
I still think that a proxy inst necessary on that configuration and just make the thing worst. However im too lazzy to write an entire iptables configuration here
Remember, one has to consider the firewall used. If default policies are set to deny ( as they should, and not necessarily the default ) it may be more difficult to get this thing working. And the helpers ( sound, etc. ) won't be forwarded with just a NAT of port 1720. ( Again, haven't tried this in years ... but when I did it wouldn't work, thus the necessity of the h323-conntrack-nat - h323 connection tracking and NAT helper .)
As bAgZ confirmed, this is a much simpler way to set something like this up instead of patching Netfilter and the kernel, but I am still concerned with those rules.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|