<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
h323-conntrack-nat is a Linux kernel module which provides connection tracking and NAT support for the H.323, H.225, H.245 protocol family (Voice over IP).
The module was originally written for Linux 2.4 by Jozsef Kadlecsik. I have ported it to Linux 2.6.11, and I am currently working on replacing the "brute force" algorithm with real H.323 protocol parsers.
The module is maintained in the Netfilter patch-o-matic-ng subversion repository.
To make patch-o-matic work, you need the sources of iptables and Linux 2.6.11.x kernel.
If that finishes successfully, you can select the H.323 module in the kernel configuration menu. You do not need to recompile iptables, the sources are only required for the patch-o-matic installer.
After you have recompiled the kernel with the H.323 modules, the only thing left to do is to allow connections on port 1720 (H.225):
in ferm syntax:
NAT is no problem:
I have started writing a test suite for h323-conntrack-nat:
To run the test suite, you have to patch Nfsim with my backticks patches. The tarball contains a README file with detailed instructions.