Shorewall users - Aug 2004 - NetMeeting in the VPN

Hi,

We have 2 offices interconnected with a  VPN. 

This is the policy file in both of the Firewalls:
fw              loc             ACCEPT
loc             fw              ACCEPT
#fw             net             DROP            info
fw              net             ACCEPT
loc             net             DROP            info
loc             vpn             ACCEPT
vpn             loc             ACCEPT
fw              vpn             ACCEPT
vpn             fw              ACCEPT
net             all             DROP            info
all             all             REJECT          info

This is the modules file:
    loadmodule ip_tables
    loadmodule iptable_filter
    loadmodule ip_conntrack
    loadmodule ip_conntrack_ftp
    loadmodule ip_conntrack_tftp
    loadmodule ip_conntrack_irc
    loadmodule ip_conntrack_h323
    loadmodule iptable_nat
    loadmodule ip_nat_ftp
    loadmodule ip_nat_tftp
    loadmodule ip_nat_irc
    loadmodule ip_nat_h323

We are running the kernel-2.6.3-15mdk with shorewall-2.0.3a-1mdk. 

And lsmod | grep ip shows this:

ip_nat_h323             4128  0
ip_conntrack_h323       4132  0
ipv6                  232416  16
ipt_TOS                 2240  12
ipt_MASQUERADE          3424  1
ipt_REJECT              6464  4
ipt_pkttype             1536  4
ipt_LOG                 5312  10
ipt_state               1728  25
ipt_multiport           1856  0
ipt_conntrack           2304  0
iptable_mangle          2624  1
ip_nat_irc              4112  0
ip_nat_tftp             3376  0
ip_nat_ftp              4720  0
iptable_nat            23596  6
ip_nat_h323,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack_irc       71316  1 ip_nat_irc
ip_conntrack_tftp       3508  0
ip_conntrack_ftp       71860  1 ip_nat_ftp
ip_conntrack           32208  12
ip_nat_h323,ip_conntrack_h323,ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_
irc,ip_nat_tftp,ip_nat_ftp,iptable_nat,ip_conntrack_irc,ip_conntrack_tftp,ip
_conntrack_ftp
iptable_filter          2624  1
ip_tables              16704  11
ipt_TOS,ipt_MASQUERADE,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_state,ipt_multipor
t,ipt_conntrack,iptable_mangle,iptable_nat,iptable_filter
ip_vs                  97760  0

According to the policy file, all the traffic in the VPN should be allowed
in both ends (so I wouldn''t need to open any TCP/UDP ports for
Netmeeting to
function).

Still, NetMeeting doesn''t work (there is no answer from the remote
site).

Suggestions???

Thank you !


SBG

On Thu, 2004-08-05 at 11:00, expanbog wrote:
> 
> According to the policy file, all the traffic in the VPN should be allowed
> in both ends (so I wouldn''t need to open any TCP/UDP ports for
Netmeeting to
> function).
> 
> Still, NetMeeting doesn''t work (there is no answer from the remote
site).
> 
> Suggestions???
> 
> Thank you !
> 
The last time I played with netmeeting was a long time ago.  At that
time I found that the H.323 protocol embeded the payload of the
packets.  As such it could not be routed through a NAT device.  

With a VPN that should not be a problem if the end points of the VPN are
the final destination.  The intervening LAN segments should be
transparent.

Check your log files and setup a packet capture to verify the addressing
in the packets to see if they are correct and can be routed through the
VPN correctly.


-- 
Scot L. Harris <webid@cfl.rr.com>