Yes, I believe you are correct. Apparently it is used to intercept all requests to the outside, from inside. I was thinking the other way, since I am used to seeing this with changing the ports from within.Iknownot: just trying to add something to your post, the REDIRECT target is correct.
Remember, one has to consider the firewall used. If default policies are set to deny ( as they should, and not necessarily the default ) it may be more difficult to get this thing working. And the helpers ( sound, etc. ) won't be forwarded with just a NAT of port 1720. ( Again, haven't tried this in years ... but when I did it wouldn't work, thus the necessity of the h323-conntrack-nat - h323 connection tracking and NAT helper .)I still think that a proxy inst necessary on that configuration and just make the thing worst. However im too lazzy to write an entire iptables configuration here
As bAgZ confirmed, this is a much simpler way to set something like this up instead of patching Netfilter and the kernel, but I am still concerned with those rules.
Reply With Quote