well you're already aware that it's a "pain in the ass", so that's a good start i guess...
=)
personally, i struggled with h323 for a while, and eventually i gave up on it... not only because of the "pain in the ass" factor, but because it sorta defied the purpose of my firewall... i don't like the whole dynamic port idea, but of course if you it's what you want and/or what you need, then you have to find a way to make it work...
i've read plenty of success stories around the net but never really came across that "sweet how-to" i was looking for... i'm a newbie myself, and the info i found didn't help me get it working... of course when i read about the security implications involved in routing h323 through linux i dropped the whole idea...
if one of my clients needs h323 i recommend they use one of those "off-the-shelf" routers (netgear, linksys, etc)... i don't want them putting the blame on linux when that worm crawls through the firewall and eats the NT server for breakfast...
=)
anyways, did you try searching this site? it's a VERY HOT topic here at linuxquestions.org... i'm sure there's plenty more info now than when i was looking...
of course there's always the almighty google linux search, but i'm sure you've already searched your heart out on that...
http://www.google.com/linux
ps: here's the h323 part in shorewall's faq:
http://www.shorewall.net/FAQ.htm#faq3
sorry i can't be of more help... perhaps someone will contribute something really helpful for you soon... hang in there... good luck!