Hello Ian, Do you mean you forward all traffics from outbound source to that ONLY endpoint behind the firewall? Foong ----- Original Message ----- From: Ian Thomas Dale <itdale@com10.com.au> Date: Monday, August 11, 2003 2:54 pm Subject: RE: [Openh323gk-users] nat tunnelling question > Your setup is pretty identical to what I'm trying except I don't > have a > linux firewall I have a sonicwall pro. I tried putting the gnugk > proxy in a > public arena and found that so long as only one of the clients > sits behind a > natted firewall it does work. However if two of the clients sit > behind a > natted firewall it won't. > > Have you considered for security reasons putting you proxy on the > DMZ side > of the firewall? > > -----Original Message----- > From: Rob Fowler [mailto:security@mianos.com] > Sent: Monday, 11 August 2003 3:48 PM > To: openh323gk-users@lists.sourceforge.net > Subject: [Openh323gk-users] nat tunnelling question > > > I would like to use some VOIP apps. > I have/want the following setup: > http://www.sarcanthinae.com/misc/aao (if > this does not work refresh once). Basically I have a linux > firewall and a > machine that's on the internet, relatively open. On the inside of > the linux > firewall (192.168.1.X) address range I have a few VOIP clients > (netmeeting,openphone, can be changed). What I would like to do is > allow outside people > to contact inside people by registering with the gateway running > on the > outside machine. I have used the following ini files shown at the > end of the > mail here and running the gatekeeper with ./gnugk -rr -r -t 4 on > both ends. > On the firewall I have opened up the following ports to allow the > controland rtp: .. iptables -A specificallow -m multiport -p tcp - > i ppp0 --dport > 1721 -j ACCEPT iptables -A specificallow -m multiport -p udp -i ppp0 > --dport 1718,1719 -j ACCEPT iptables -A specificallow -p tcp -i > ppp0 --dport > 1720 -j ACCEPT .. > > I was thinking that in this mode the gatekeepers should tunnel the > voicechannel. The control channel seems to work a bit. A couple > of simple > questions: > > Is this correct? > Will this work? > Is this possible? > > (If I get this working I will document it and submit the document > as there > seems to be lots of bits of documentation but it's hard to work > out all > this). > -- > Rob Fowler > > > ini file on the firewall: > [Gatekeeper::Main] > Fourtytwo=42 > TimeToLive=300 > name=GK1 > [GkStatus::Auth] > rule=allow > [RoutedMode] > GKRouted=1 > H245Routed=1 > AcceptUnregisteredCalls=1 > SupportNATedEndpoints=1 > H245PortRange=30000-30020 > Q931PortRange=40000-40020 > AcceptNeighborsCalls=1 > [Proxy] > Enable=1 > RTPPortRange=50000-50020 > T120PortRange=60000-60020 > InternalNetwork=192.168.1.1/8 > [GkStatus::Auth] > rule=allow > [Gatekeeper::Auth] > default=allow > [RasSrv::Neighbors] > GK2=XXX.31.37.25;* > > and the following ini on the outside machine: > > [Gatekeeper::Main] > Fourtytwo=42 > TimeToLive=300 > name=GK2 > > [RoutedMode] > GKRouted=1 > H245Routed=1 > AcceptUnregisteredCalls=1 > SupportNATedEndpoints=1 > H245PortRange=30000-30020 > Q931PortRange=40000-40020 > AcceptNeighborsCalls=1 > [Proxy] > Enable=1 > RTPPortRange=50000-50020 > T120PortRange=60000-60020 > [GkStatus::Auth] > rule=allow > [Gatekeeper::Auth] > default=allow > [RasSrv::Neighbors] > GK1=XXX.51.20.226;* > > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites > including Data > Reports, E-commerce, Portals, and Forums are available now. > Download today > and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click- > url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01_________________ ______________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > Homepage: http://www.gnugk.org/ > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click- > url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01_________________ ______________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > Homepage: http://www.gnugk.org/ > ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
