Re: inbound calls with gnugk proxy & nat?

kompnet <kompnet@aaanet.ru> · Thu, 8 Jan 2004 06:37:22 +0300

Sorry, Samuel.
Can't help you. I only use hardware to place calls.
Goto http://www.ethereal.com/ 
This is powerful tool for research of networking misunderstanding.
Igor.

В письме от 7 Январь 2004 21:35 Samuel KABAK написал:
> I tried with ACCEPT all, same result.
>
> http://www.ibiblio.org/pub/Linux/docs/HOWTO/Masquerading-Simple-HOWTO tells
> that my iptables rules are good.
>
> May be I need a special rule for gnugk?
>
> I use openphone for both sides.
>
> -----Message d'origine-----
> De : openh323gk-users-admin@lists.sourceforge.net
> [mailto:openh323gk-users-admin@lists.sourceforge.net]De la part de kompnet
> Envoye : mercredi 7 janvier 2004 16:13
> A : openh323gk-users@lists.sourceforge.net
> Objet : Re:  inbound calls with gnugk proxy & nat?
>
>
> There are some errors in your iptables rules:
> 1) Only 1 interface was configured
> 2) You fogot about OUTPUT chain
> Check your rules carefully.
> Try to ACCEPT all and then place call.
> Look at Iptables Tutorial, there are some scripts which you can
> use as base scripts to your case.
> Igor.
>
> В письме от 7 Январь 2004 14:31 Samuel KABAK написал:
> > I configured opengk 2.0.5 on a debian linux box as proxy.
> >
> > pc1@Internet <-> [Nat box, gnugk proxy] <-> pc2@192.168.0.0/24
> >
> > Both pc1 & pc2 can register,
> > Both pc1 & pc2 can call each other
> >
> > When pc2 calls pc1, every thing is ok
> > When pc1 calls pc2, voice is bad (openphone log shows many lost packets)
> >
> > Control signals (ring/start/stop) seem to be transmitted correctly in
> > both directions
> >
> > The Nat box is an iptables forwading that accepts udp & tcp above 1024.
> >
> > iptables -F;
> > iptables -t nat -F;
> > iptables -t mangle -F;
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE;
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT;
> > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT;
> > iptables -P INPUT DROP;
> > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT;
> > iptables -A INPUT --protocol tcp --dport 1024:65536 -j ACCEPT
> > iptables -A INPUT --protocol udp --dport 1024:65536 -j ACCEPT
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >
> > The gnugk .ini is
> >
> > [Gatekeeper::Main]
> > Fourtytwo=42
> > Name=h323gk
> > TimeToLive=600
> > EndpointIDSuffix=_ep
> >
> > [RoutedMode]
> > GKRouted=1
> > H245Routed=1
> > CallSignalPort=1720
> > CallSignalHandlerNumber=2
> > AcceptUnregisteredCalls=0
> > RemoveH245AddressOnTunneling=0
> > DropCallsByReleaseComplete=1
> > SendReleaseCompleteOnDRQ=1
> > SupportNATedEndpoints=1
> > H245PortRange=30000-30019
> > Q931PortRange=30020-30039
> >
> > [RasSrv::ARQFeatures]
> > CallUnregisteredEndpoints=1
> >
> > [Proxy]
> > Enable=1
> > InternalNetwork=192.168.0.0/24,127.0.0.1/8
> > ProxyForNAT=1
> > ProxyForSameNAT=0
> > T120PortRange=50000-50019
> > RTPPortRange=50000-50019
> >
> > #Plus other radauth stuffs
> > ....
> >
> > In the manual of gnugk, I read:
> > Since 2.0.2, the GnuGK supports NAT outbound calls (from an endpoint
>
> behind
>
> > NAT to public networks) directly without any necessary modification of
> > endpoints or NAT box. Just register the endpoint with the GnuGK and you
>
> can
>
> > make call now.
> >
> > This is true because I tested it successfully.
> >
> > What about inbound call?
> >
> > Notice that I didn't apply the iptables h323 kernel patch and i don't
> > want to.
> >
> > Thanks for your help
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > _______________________________________________
> > List: Openh323gk-users@lists.sourceforge.net
> > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
> > Homepage: http://www.gnugk.org/
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
> _______________________________________________
> List: Openh323gk-users@lists.sourceforge.net
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id-49
> Homepage: http://www.gnugk.org/
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Perforce Software.
> Perforce is the Fast Software Configuration Management System offering
> advanced branching capabilities and atomic changes on 50+ platforms.
> Free Eval! http://www.perforce.com/perforce/loadprog.html
> _______________________________________________
> List: Openh323gk-users@lists.sourceforge.net
> Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49
> Homepage: http://www.gnugk.org/

-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
List: Openh323gk-users@lists.sourceforge.net
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49
Homepage: http://www.gnugk.org/