RE: inbound calls with gnugk proxy & nat?

"Samuel KABAK" <s.kabak@wanadoo.fr> · Wed, 7 Jan 2004 19:35:21 +0100

I tried with ACCEPT all, same result.

http://www.ibiblio.org/pub/Linux/docs/HOWTO/Masquerading-Simple-HOWTO tells
that my iptables rules are good.

May be I need a special rule for gnugk?

I use openphone for both sides.

-----Message d'origine-----
De : openh323gk-users-admin@lists.sourceforge.net
[mailto:openh323gk-users-admin@lists.sourceforge.net]De la part de kompnet
Envoye : mercredi 7 janvier 2004 16:13
A : openh323gk-users@lists.sourceforge.net
Objet : Re:  inbound calls with gnugk proxy & nat?

There are some errors in your iptables rules:
1) Only 1 interface was configured
2) You fogot about OUTPUT chain
Check your rules carefully.
Try to ACCEPT all and then place call.
Look at Iptables Tutorial, there are some scripts which you can
use as base scripts to your case.
Igor.

В письме от 7 Январь 2004 14:31 Samuel KABAK написал:
> I configured opengk 2.0.5 on a debian linux box as proxy.
>
> pc1@Internet <-> [Nat box, gnugk proxy] <-> pc2@192.168.0.0/24
>
> Both pc1 & pc2 can register,
> Both pc1 & pc2 can call each other
>
> When pc2 calls pc1, every thing is ok
> When pc1 calls pc2, voice is bad (openphone log shows many lost packets)
>
> Control signals (ring/start/stop) seem to be transmitted correctly in both
> directions
>
> The Nat box is an iptables forwading that accepts udp & tcp above 1024.
>
> iptables -F;
> iptables -t nat -F;
> iptables -t mangle -F;
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE;
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT;
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT;
> iptables -P INPUT DROP;
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT;
> iptables -A INPUT --protocol tcp --dport 1024:65536 -j ACCEPT
> iptables -A INPUT --protocol udp --dport 1024:65536 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> The gnugk .ini is
>
> [Gatekeeper::Main]
> Fourtytwo=42
> Name=h323gk
> TimeToLive=600
> EndpointIDSuffix=_ep
>
> [RoutedMode]
> GKRouted=1
> H245Routed=1
> CallSignalPort=1720
> CallSignalHandlerNumber=2
> AcceptUnregisteredCalls=0
> RemoveH245AddressOnTunneling=0
> DropCallsByReleaseComplete=1
> SendReleaseCompleteOnDRQ=1
> SupportNATedEndpoints=1
> H245PortRange=30000-30019
> Q931PortRange=30020-30039
>
> [RasSrv::ARQFeatures]
> CallUnregisteredEndpoints=1
>
> [Proxy]
> Enable=1
> InternalNetwork=192.168.0.0/24,127.0.0.1/8
> ProxyForNAT=1
> ProxyForSameNAT=0
> T120PortRange=50000-50019
> RTPPortRange=50000-50019
>
> #Plus other radauth stuffs
> ....
>
> In the manual of gnugk, I read:
> Since 2.0.2, the GnuGK supports NAT outbound calls (from an endpoint
behind
> NAT to public networks) directly without any necessary modification of
> endpoints or NAT box. Just register the endpoint with the GnuGK and you
can
> make call now.
>
> This is true because I tested it successfully.
>
> What about inbound call?
>
> Notice that I didn't apply the iptables h323 kernel patch and i don't want
> to.
>
> Thanks for your help
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> List: Openh323gk-users@lists.sourceforge.net
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> Homepage: http://www.gnugk.org/

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id-49
Homepage: http://www.gnugk.org/

-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49
Homepage: http://www.gnugk.org/