Hello,
I tryed (GK behind FW):
[Gatekeeper::Main]
Fourtytwo=42
TimeToLive=600
Name=TestGK
UseBroadcastListener=0
EndpointIDSuffix=_TestGK
[RoutedMode]
GKRouted=1
H245Routed=0
CallSignalPort=1721
CallSignalHandlerNumber=1
AcceptNeighborsCalls=1
AcceptUnregisteredCalls=0
RemoveH245AddressOnTunneling=1
DropCallsByReleaseComplete=1
SendReleaseCompleteOnDRQ=1
[Proxy]
Enable=0
[Endpoint]
Gatekeeper=<maingkip>
Type=Terminal
H323ID=testing
E164=000111
UnregisterOnReload=1
TimeToLive=300
RRQRetryInterval=5
ARQTimeout=2
NATRetryInterval=60
NATKeepaliveInterval=86400
[Gatekeeper::Auth]
AliasAuth=required;RRQ
default=allow
Right now there is no endpoint registered under that GK, I'm just
trying to register it under main GK.
I got (in the main GK):
registrationRequest {
requestSeqNum = 1
protocolIdentifier = 0.0.8.2250.0.2
discoveryComplete = FALSE
callSignalAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 00 01 05 ....
}
port = 1721
}
}
rasAddress = 1 entries {
[0]=ipAddress {
ip = 4 octets {
0a 00 01 05 ....
}
port = 1719
}
}
terminalType = {
gatekeeper = {
}
terminal = {
}
mc = FALSE
undefinedNode = FALSE
}
terminalAlias = 2 entries {
[0]=h323_ID 7 characters {
0074 0065 0073 0074 0069 006e 0067 testing
}
[1]=dialedDigits "000111"
}
endpointVendor = {
vendor = {
t35CountryCode = 0
t35Extension = 0
manufacturerCode = 0
}
productId = 59 octets {
47 4e 55 20 47 61 74 65 6b 65 65 70 65 72 20 6f GNU Gatekeeper o
6e 20 32 30 30 30 20 69 35 38 36 20 76 35 2e 31 n 2000 i586 v5.1
2e 32 36 30 30 2c 20 4a 61 6e 20 31 37 20 32 30 .2600, Jan 17 20
30 34 20 31 39 3a 31 36 3a 33 30 04 19:16:30
}
versionId = 13 octets {
56 65 72 73 69 6f 6e 20 32 2e 30 2e 37 Version 2.0.7
}
}
timeToLive = 300
keepAlive = FALSE
willSupplyUUIEs = FALSE
maintainConnection = FALSE
supportsAltGK = <<null>>
}
2004/03/02 19:07:54.622 1 RasSrv.cxx(302) RAS RRQ Received
2004/03/02 19:07:54.623 4 gkauth.cxx(661) GkAuth AliasAuth - condition 'sigaddr:.*ipAddress .* ip = .* 51 b6 *
.*port = 1721.*' rejected RRQ from the endpoint testing
2004/03/02 19:07:54.623 2 gkauth.h(117) GkAuth AliasAuth check failed
I see, that my configured sigaddr is the public IP, but I think that
is good.
I have SupportNATedEndpoints=1 set and also tryed to put into
[NATedEndpoints] section: testing=true
Did I miss something?
Thanks in advance,
Thomas
Tuesday, March 2, 2004, 3:29:14 PM, Zygmuntowicz wrote:
ZM> In general, you don't need to do anything. Put both gatekeepers
ZM> in routed mode (and proxy mode, if your endpoints are not smart
ZM> enough to handle media through NAT). Register the NATed one
ZM> as a child of the one with public IP.
ZM> It should work find with any type of NAT. Problems may arise
ZM> when you setup too strict firewall rules (it is enough to configure
ZM> the firewall/NAT to allow outgoing udp/tcp connections).
ZM> You may need to change some parameters like NATKeepAliveInterval
ZM> to make sure NAT keeps port mappings for the signalling connection.
ZM> Regards,
ZM> Michal
ZM> Thomas <thomasj@xxxxxxxxx> wrote:
>>Hello,
>>
>>could anybody explain how does Citron\'s NAT technology work? What
>>should be set up in GK behind NAT firewall, in GK with public IP and
>>also what requirements are stated for firewall.
>>
>>As I underestood the topology has to look like:
>>gw - GK1 ~~~ NAT FW ~~~~ GK2 ---- gw
>>where GK1 is registered under GK2 (if I\'m right).
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
