Sorry, Samuel. Can't help you. I only use hardware to place calls. Goto http://www.ethereal.com/ This is powerful tool for research of networking misunderstanding. Igor. В письме от 7 Январь 2004 21:35 Samuel KABAK написал: > I tried with ACCEPT all, same result. > > http://www.ibiblio.org/pub/Linux/docs/HOWTO/Masquerading-Simple-HOWTO tells > that my iptables rules are good. > > May be I need a special rule for gnugk? > > I use openphone for both sides. > > -----Message d'origine----- > De : openh323gk-users-admin@lists.sourceforge.net > [mailto:openh323gk-users-admin@lists.sourceforge.net]De la part de kompnet > Envoye : mercredi 7 janvier 2004 16:13 > A : openh323gk-users@lists.sourceforge.net > Objet : Re: inbound calls with gnugk proxy & nat? > > > There are some errors in your iptables rules: > 1) Only 1 interface was configured > 2) You fogot about OUTPUT chain > Check your rules carefully. > Try to ACCEPT all and then place call. > Look at Iptables Tutorial, there are some scripts which you can > use as base scripts to your case. > Igor. > > В письме от 7 Январь 2004 14:31 Samuel KABAK написал: > > I configured opengk 2.0.5 on a debian linux box as proxy. > > > > pc1@Internet <-> [Nat box, gnugk proxy] <-> pc2@192.168.0.0/24 > > > > Both pc1 & pc2 can register, > > Both pc1 & pc2 can call each other > > > > When pc2 calls pc1, every thing is ok > > When pc1 calls pc2, voice is bad (openphone log shows many lost packets) > > > > Control signals (ring/start/stop) seem to be transmitted correctly in > > both directions > > > > The Nat box is an iptables forwading that accepts udp & tcp above 1024. > > > > iptables -F; > > iptables -t nat -F; > > iptables -t mangle -F; > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE; > > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT; > > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT; > > iptables -P INPUT DROP; > > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT; > > iptables -A INPUT --protocol tcp --dport 1024:65536 -j ACCEPT > > iptables -A INPUT --protocol udp --dport 1024:65536 -j ACCEPT > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > The gnugk .ini is > > > > [Gatekeeper::Main] > > Fourtytwo=42 > > Name=h323gk > > TimeToLive=600 > > EndpointIDSuffix=_ep > > > > [RoutedMode] > > GKRouted=1 > > H245Routed=1 > > CallSignalPort=1720 > > CallSignalHandlerNumber=2 > > AcceptUnregisteredCalls=0 > > RemoveH245AddressOnTunneling=0 > > DropCallsByReleaseComplete=1 > > SendReleaseCompleteOnDRQ=1 > > SupportNATedEndpoints=1 > > H245PortRange=30000-30019 > > Q931PortRange=30020-30039 > > > > [RasSrv::ARQFeatures] > > CallUnregisteredEndpoints=1 > > > > [Proxy] > > Enable=1 > > InternalNetwork=192.168.0.0/24,127.0.0.1/8 > > ProxyForNAT=1 > > ProxyForSameNAT=0 > > T120PortRange=50000-50019 > > RTPPortRange=50000-50019 > > > > #Plus other radauth stuffs > > .... > > > > In the manual of gnugk, I read: > > Since 2.0.2, the GnuGK supports NAT outbound calls (from an endpoint > > behind > > > NAT to public networks) directly without any necessary modification of > > endpoints or NAT box. Just register the endpoint with the GnuGK and you > > can > > > make call now. > > > > This is true because I tested it successfully. > > > > What about inbound call? > > > > Notice that I didn't apply the iptables h323 kernel patch and i don't > > want to. > > > > Thanks for your help > > > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: IBM Linux Tutorials. > > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > > _______________________________________________ > > List: Openh323gk-users@lists.sourceforge.net > > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > > Homepage: http://www.gnugk.org/ > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick > _______________________________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id-49 > Homepage: http://www.gnugk.org/ > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Perforce Software. > Perforce is the Fast Software Configuration Management System offering > advanced branching capabilities and atomic changes on 50+ platforms. > Free Eval! http://www.perforce.com/perforce/loadprog.html > _______________________________________________ > List: Openh323gk-users@lists.sourceforge.net > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49 > Homepage: http://www.gnugk.org/ ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ List: Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_id┘49 Homepage: http://www.gnugk.org/