I tried with ACCEPT all, same result. http://www.ibiblio.org/pub/Linux/docs/HOWTO/Masquerading-Simple-HOWTO tells that my iptables rules are good. May be I need a special rule for gnugk? I use openphone for both sides. -----Message d'origine----- De : openh323gk-users-admin@lists.sourceforge.net [mailto:openh323gk-users-admin@lists.sourceforge.net]De la part de kompnet Envoye : mercredi 7 janvier 2004 16:13 A : openh323gk-users@lists.sourceforge.net Objet : Re: inbound calls with gnugk proxy & nat? There are some errors in your iptables rules: 1) Only 1 interface was configured 2) You fogot about OUTPUT chain Check your rules carefully. Try to ACCEPT all and then place call. Look at Iptables Tutorial, there are some scripts which you can use as base scripts to your case. Igor. В письме от 7 Январь 2004 14:31 Samuel KABAK написал: > I configured opengk 2.0.5 on a debian linux box as proxy. > > pc1@Internet <-> [Nat box, gnugk proxy] <-> pc2@192.168.0.0/24 > > Both pc1 & pc2 can register, > Both pc1 & pc2 can call each other > > When pc2 calls pc1, every thing is ok > When pc1 calls pc2, voice is bad (openphone log shows many lost packets) > > Control signals (ring/start/stop) seem to be transmitted correctly in both > directions > > The Nat box is an iptables forwading that accepts udp & tcp above 1024. > > iptables -F; > iptables -t nat -F; > iptables -t mangle -F; > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE; > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT; > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT; > iptables -P INPUT DROP; > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT; > iptables -A INPUT --protocol tcp --dport 1024:65536 -j ACCEPT > iptables -A INPUT --protocol udp --dport 1024:65536 -j ACCEPT > echo 1 > /proc/sys/net/ipv4/ip_forward > > The gnugk .ini is > > [Gatekeeper::Main] > Fourtytwo=42 > Name=h323gk > TimeToLive=600 > EndpointIDSuffix=_ep > > [RoutedMode] > GKRouted=1 > H245Routed=1 > CallSignalPort=1720 > CallSignalHandlerNumber=2 > AcceptUnregisteredCalls=0 > RemoveH245AddressOnTunneling=0 > DropCallsByReleaseComplete=1 > SendReleaseCompleteOnDRQ=1 > SupportNATedEndpoints=1 > H245PortRange=30000-30019 > Q931PortRange=30020-30039 > > [RasSrv::ARQFeatures] > CallUnregisteredEndpoints=1 > > [Proxy] > Enable=1 > InternalNetwork=192.168.0.0/24,127.0.0.1/8 > ProxyForNAT=1 > ProxyForSameNAT=0 > T120PortRange=50000-50019 > RTPPortRange=50000-50019 > > #Plus other radauth stuffs > .... > > In the manual of gnugk, I read: > Since 2.0.2, the GnuGK supports NAT outbound calls (from an endpoint behind > NAT to public networks) directly without any necessary modification of > endpoints or NAT box. Just register the endpoint with the GnuGK and you can > make call now. > > This is true because I tested it successfully. > > What about inbound call? > > Notice that I didn't apply the iptables h323 kernel patch and i don't want > to. > > Thanks for your help > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id-49 Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49 Homepage: http://www.gnugk.org/