Yes.  1.2.115.157 will eventually be an H.323 codec and will need to accept incoming calls.  For right now, it's just a test Windows system I had handy.  

I should have copied you on some of the other emails this morning.  They should be in the netdev list but I'll forward them privately too.

- Greg



-----Original Message-----
From: Michal Soltys [mailto:soltys@ziu.info] 
Sent: Thursday, December 01, 2011 11:44 AM
To: Greg Scott
Cc: David Lamparter; netdev@vger.kernel.org
Subject: Re: ebtables on a stick

On 11-12-01 06:46, Greg Scott wrote:

Well this is frustrating.  Now my public host can communicate anywhere
it wants internally but nothing outside. Maddening - the exact
opposite problem I had before.


$IPTABLES -A FORWARD -s 1.2.115.157 -j ACCEPT
$IPTABLES -A FORWARD -s 192.168.10.0/24 -d 1.2.115.157 -j ACCEPT
$IPTABLES -A FORWARD -p TCP --dport 1720 -d $ADR -j allowed
$IPTABLES -A FORWARD -p TCP -s $MGMT_IP -d $ADR -j allowed

And accepting traffic to 1.2.115.157 from the outside ? Are there any -m
state / -m conntrack --ctstate entries in your rules ?