Ok berkeley_147 , two posts were made while I was writing my last post, another while writing this


A better post to describe your firewall rules ( maybe as a .txt attachment ) would be
iptables --list -n --line-numbers > firewall_rules.txt
Then read the file created ( firewall_rules.txt )
Do this after a restart. This should list all the current rules.

As far as NATing of the ports tcp 10200:10209, udp 10200:10259 as bAgZ suggested, it will depend on where the proxy was installed. If it was installed on the firewall box itself, they may not have to be NATed at all ( including tcp 1720: I don't understand why they included a REDIRECT target in the suggested rule set, this may be due to a lack of understanding by the author's part, or mine ). The proxy should do that for you.

Let me explain this a little. If you are using the nmproxy on your firewall box itself, the rules for it will be INPUT rules for all devices. The proxy should manage all forwarding of packets ( should . )
But you have to remember, the firewall box will need rules ( OUTPUT ) to allow it to connect to the internal box that the proxy is trying to connect to ( your internal XP box ) as well as rules for the internal XP box to communicate with the proxy ( the INPUT rules listed should do this as well ), then allow the proxy to let the connection out to the box attempting to connect to the Netmeeting session ( OUTPUT rules again. )

Perhaps, if the proxy is set up on the firewall box, ( and this is not based on nmproxy but my understanding of Netfilter,) you should:


delete the rule
iptables -I INPUT -p tcp ! --syn -j ACCEPT
and replace it with
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Then, set up output rules, such as:
iptables -A OUTPUT -tcp --dport 1720 -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Again, make sure the proxy is running! I can not verify the security of the nmproxy software, but if it is running port 1720 should be bound to it. If not, you opened a hole at that port.

Please read my previous post as well. If you have further problems, perhaps you should enable logging of all packets then review your logs to see where it is failing. I will try to help as time allows.

Anyone, feel free to join in here!

cacosapo , in response to your last post, if no one else answers, and you still have these questions ( probably best addressed on the Netfilter mailing lists ) I will attempt to answer them at a later time: remind me. I am too drunk and too tired now, and am getting ragged on by my wife to go to bed!