Date: Sun, 13 Oct 2002 00:05:20 -0700 From: "Calvin Smith" <calvins@csts.org> To: <FreeBSD-questions@FreeBSD.org> Subject: ipnat and Netmeeting Message-ID: <000d01c27286$e4e82b40$9701a8c0@home>
next in thread | raw e-mail | index | archive | help
I realize that this question has been hashed over in the past, but in checking the archives and all the information I could find on the h323 proxy, I get the impression that it should now work. 1st, has anyone been able to make this work with FreeBSD 4.6. and 2nd if that is the case can anyone tell me what I am doing wrong. I am able to establish a netmeeting session, but as in most of the past messages in the archives, I can not hear the other party even though they can hear me. I also tried the "openh323proxy" with the same results. Following is my setup. FreeBSD 4.6-RELEASE ipf: IP Filter: v3.4.27 (336) Kernel: IP Filter: v3.4.27 Running: yes Log Flags: 0 = none set Default: block all, Logging: available Active list: 0 Network setup= LAN with 8 PC's 1 FreeBSD running dansguardian, squid and qmail. 1 FreeBSD gateway/firewall. gateway/firewall internal ip 192.168.1.1 proxy/dansguardian ip 192.168.1.10 IP Nat rules: (external ip have been changed to x.x.x.x) rdr xl0 x.x.x.x/32 port 25 -> 192.168.1.10 port 25 rdr xl0 x.x.x.x/32 port 22 -> 192.168.1.10 port 22 map xl0 192.168.1.0/24 -> 0/32 proxy port 1720 h323/tcp map xl0 192.168.1.0/24 -> 0/32 proxy port 21 ftp/tcp map xl0 192.168.1.0/24 -> 0/32 portmap tcp/udp 20000:40000 map xl0 192.168.1.0/24 -> 0/32 IP filter rules # # xl0 = WAN # de0 = LAN # # ############################ # Generic to all interfaces ############################# # block in log quick all with opt lsrr block in log quick all with opt ssrr block in log quick all with ipopts block in log quick proto tcp all with short block in log quick proto icmp all with frag ######################## # Outside Interface ######################## #---------------------- # Allow out all TCP, UDP, and ICMP traffic and keep state on it # so that it's allowed back in. #---------------------- pass out quick on xl0 proto tcp from any to any flags S keep state pass out quick on xl0 proto udp from any to any keep state pass out quick on xl0 proto icmp from any to any keep state block out log quick on xl0 all #----------------------- # Allow bootp traffic in from my ISP's DHCP server only. # and any other needed traffic #----------------------- pass in quick on xl0 proto udp from x.x.x.x/32 to any port = 68 keep state pass in quick on xl0 proto tcp from any to 192.168.1.10 port = 25 flags S keep state keep frags pass in quick on xl0 proto tcp from any to 192.168.1.10 port = 22 flags S keep state keep frags #----------------------- # Block and log all remaining traffic coming into the firewall # - Block TCP with a RST # (to make it appear as if the service isn't listening) # - Block UDP with an ICMP Port Unreachable # (to make it appear as if the service ins't listening) # - Block all remaining traffic #------------------------ block return-rst in log quick on xl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on xl0 proto udp from any to any block in log quick on xl0 all ############################# # Inside Interface ############################# #--------------------------- # Allow out all TCP, UDP, and ICMP traffic & keep state #--------------------------- pass out quick on de0 proto tcp from any to any keep state pass out quick on de0 proto udp from any to any keep state pass out quick on de0 proto icmp from any to any keep state pass out quick on de0 proto gre from any to any keep state block out log quick on de0 all #-------------------------- # Block in on LAN misc. #-------------------------- block in quick on de0 proto tcp from any to any port = 137 block in quick on de0 proto tcp from any to any port = 138 block in quick on de0 proto tcp from any to any port = 139 block in quick on de0 proto udp from any to any port = 137 block in quick on de0 proto udp from any to any port = 138 block in quick on de0 proto udp from any to any port = 139 block in quick on de0 proto tcp from any port = 137 to any block in quick on de0 proto tcp from any port = 138 to any block in quick on de0 proto tcp from any port = 139 to any block in quick on de0 proto udp from any port = 137 to any block in quick on de0 proto udp from any port = 138 to any block in quick on de0 proto udp from any port = 139 to any #-------------------------- # Allow in TCP, UDP, and ICMP traffic & keep state #-------------------------- pass in quick on de0 proto tcp from any to any port = 22 keep state pass in quick on de0 proto tcp from any to any port = 25 keep state pass in quick on de0 proto tcp from any to any port = 110 keep state pass in quick on de0 proto tcp from any to any port = 1863 flags S keep state keep frags pass in quick on de0 proto tcp from 192.168.1.10 to any keep state pass in quick on de0 proto tcp from 192.168.1.151 to any keep state #this is the pc I do netmeeting from pass in quick on de0 proto udp from any to any keep state pass in quick on de0 proto icmp from any to any keep state pass in quick on de0 proto gre from any to any keep state block in log quick on de0 all ############################## # Loopback Interface ############################## pass in quick on lo0 all pass out quick on lo0 all Thanks for any information Calvin Smith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c27286$e4e82b40$9701a8c0>