Re: inbound calls with gnugk proxy & nat?

kompnet <kompnet@aaanet.ru> · Wed, 7 Jan 2004 18:12:58 +0300

There are some errors in your iptables rules:
1) Only 1 interface was configured
2) You fogot about OUTPUT chain
Check your rules carefully.
Try to ACCEPT all and then place call.
Look at Iptables Tutorial, there are some scripts which you can 
use as base scripts to your case.
Igor.

В письме от 7 Январь 2004 14:31 Samuel KABAK написал:
> I configured opengk 2.0.5 on a debian linux box as proxy.
>
> pc1@Internet <-> [Nat box, gnugk proxy] <-> pc2@192.168.0.0/24
>
> Both pc1 & pc2 can register,
> Both pc1 & pc2 can call each other
>
> When pc2 calls pc1, every thing is ok
> When pc1 calls pc2, voice is bad (openphone log shows many lost packets)
>
> Control signals (ring/start/stop) seem to be transmitted correctly in both
> directions
>
> The Nat box is an iptables forwading that accepts udp & tcp above 1024.
>
> iptables -F;
> iptables -t nat -F;
> iptables -t mangle -F;
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE;
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT;
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT;
> iptables -P INPUT DROP;
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT;
> iptables -A INPUT --protocol tcp --dport 1024:65536 -j ACCEPT
> iptables -A INPUT --protocol udp --dport 1024:65536 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> The gnugk .ini is
>
> [Gatekeeper::Main]
> Fourtytwo=42
> Name=h323gk
> TimeToLive=600
> EndpointIDSuffix=_ep
>
> [RoutedMode]
> GKRouted=1
> H245Routed=1
> CallSignalPort=1720
> CallSignalHandlerNumber=2
> AcceptUnregisteredCalls=0
> RemoveH245AddressOnTunneling=0
> DropCallsByReleaseComplete=1
> SendReleaseCompleteOnDRQ=1
> SupportNATedEndpoints=1
> H245PortRange=30000-30019
> Q931PortRange=30020-30039
>
> [RasSrv::ARQFeatures]
> CallUnregisteredEndpoints=1
>
> [Proxy]
> Enable=1
> InternalNetwork=192.168.0.0/24,127.0.0.1/8
> ProxyForNAT=1
> ProxyForSameNAT=0
> T120PortRange=50000-50019
> RTPPortRange=50000-50019
>
> #Plus other radauth stuffs
> ....
>
> In the manual of gnugk, I read:
> Since 2.0.2, the GnuGK supports NAT outbound calls (from an endpoint behind
> NAT to public networks) directly without any necessary modification of
> endpoints or NAT box. Just register the endpoint with the GnuGK and you can
> make call now.
>
> This is true because I tested it successfully.
>
> What about inbound call?
>
> Notice that I didn't apply the iptables h323 kernel patch and i don't want
> to.
>
> Thanks for your help
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> List: Openh323gk-users@lists.sourceforge.net
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&opлk
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49
Homepage: http://www.gnugk.org/