I have a VOIP software on one of the client machines on my network. And i just can't understand what rules i need to put into my IPTABLES to get it to work. Here's a link to the software support page:

http://www.quicknet.net/support/trou..._isb_index.htm

All other IP MASQUERADING seems to be workign fine.

Please help A.S.A.P
Thank you

I believe you wiill need to open the H323 related ports.

Yes but how do I do that? What rules do I need to put in?

I haven't played with H.323 but I found this page that lists the ports (it's in french but there is no real translation needed).

it seems as though there are a few command type ports that is ones that you need to open up to get it working at all, and it uses a random high port number (that is above 1024) for the actual data stream.

For the ones you need to simply open something like

iptables -A INET_IN -i $INET_IF -p tcp --dport 1720 -j ACCEPT

should do the trick (where $INET_IF is the interface you connect to the net with)

for the dynamic ports then some sort of state based rule is best, basically only allow access to these ports if the connection has been established or maybe related (you may need to do a bit of research on the H323 protocol to work this out, or may trial an error it you prefer) so a rule like

$IPTABLES -A FORWARD -o $INET_IF -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT

will probably work (this is the same sort of rule you would use for an ftp connection).

Rich

Thanks for your advice now. But everything seems to eb working now.