Firewall Question

[rahul a <raul009@xxxxxxxx>]

hi ... i have installed gnugk v2.2beta5 on a linux box. Redhat 7.3, Kernel 2.4.18-3, pwlib 1.5.2, openh323 1.12.2 if my environment is as follows : Public Segment <---> Firewall <---> Internet (gnugk) (openphone) My questions : 1. Can openphone calls pierce the firewall and register with the gatekeeper ? 2. Is there a way by which the firewall could bypassed? 3. Any configuration changes necessary ? 4. gnugk code changes or kernel patching ? My config file is as follows : [Gatekeeper::Main] Fourtytwo=42 Name=SifyGK EndpointIDSuffix=_sifyep1 StatusPort=7000 TimeToLive=-1 TotalBandwidth=-1 [RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1720 CallSignalHandlerNumber=2 RemoveH245AddressOnTunneling=1 AcceptNeighborsCalls=0 AcceptUnregisteredCalls=0 DropCallsByReleaseComplete=1 SendReleaseCompleteOnDRQ=1 SupportNATedEndpoints=1 Q931PortRange=20000-20020 H245PortRange=30000-30010 ConnectTimeout=60000 [Proxy] Enable=1 ;InternalNetwork=192.168.1.127/255.255.255.128, 192.168.1.255/255.255.255.128 T120PortRange=1024-65535 RTPPortRange=1024-65535 ProxyForNAT=1 ProxyForSameNAT=0 [GkStatus::Auth] rule=allow Shutdown=forbid ;KeyFilled=11 [RasSrv::GWPrefixes] [RasSrv::RewriteE164] [RasSrv::PermanentEndpoints] [RasSrv::Neighbors] [RasSrv::LRQFeatures] NeighborTimeout=2 ForwardHopCount=2 IncludeDestinationInfoInLCF=1 CiscoGKCompatible=1 [RasSrv::RRQFeatures] AcceptGatewayPrefixes=1 OverwriteEPOnSameAddress=1 [RasSrv::ARQFeatures] ArjReasonRouteCallToSCN=1 ArjReasonRouteCallToGatekeeper=1 CallUnregisteredEndpoints=0 RemoveTrailingChar=# [CallTable] GenerateNBCDR=1 GenerateUCCDR=1 DefaultCallDurationLimit=0 AcctUpdateInterval=60 [EndPoint] Gatekeeper=no Type=Gateway RRQRetryInterval=10 ARQTimeout=2 [Endpoint::RewriteE164] [Gatekeeper::Auth] ExternalPasswordAuth=required;RRQ ;SimplePasswordAuth=optional;RRQ ;AliasAuth=optional;RRQ ;SQLPasswordAuth=optional;RRQ ;SQLAliasAuth=optional;RRQ default=allow ;[Password] ;KeyFilled=123 ;PasswordTimeuot=120 [ExternalPasswordAuth] PasswordProgram=/usr/local/src/openh323gkCVS/dbin/webauth.pl KeyFilled=123 [RasSrv::RRQAuth] MYEP5=allow [SQLPasswordAuth] Driver=MySQL Host=localhost Database=gkcontrol Username=gnugk Password=secret CacheTimeout=300 Query=SELECT h235password FROM users WHERE alias = '%1' AND IS active [SQLAliasAuth] Driver=MySQL Host=localhost:3306 Database=gkcontrol Username=gnugk Password=secret CacheTimeout=300 Query=SELECT IF(LENGTH(TRIM(authcond)), authcond, CONCAT('sigip:',host, IF(port, CONCAT(':',port),''))) as authrule FROM users WHERE alias = '%1' AND GatekeeperId = '%2' AND active [Gatekeeper::Acct] SQLAcct=required;start,update,stop FileAcct=alternative;start,update,stop [Accounting] AlwaysUseCLID=1 [FileAcct] DetailFile=/usr/local/src/openh323gkCVS/dbin/cdr.log Rotate=0 [SQLAcct] Driver=MySQL Host=localhost:3306 Database=gkcontrol Username=gnugk Password=secret MinPoolSize=5 StartQuery=INSERT INTO call (gkname, callnum, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}") StartQueryAlt=INSERT INTO call (gkname, callnum, duration, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%d", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}") UpdateQuery=UPDATE call SET duration = %d WHERE gkname = "%g" AND sessid = "%s" StopQuery=UPDATE call SET duration = %d, disconnect_time = "%{disconnect-time}" WHERE gkname = "%g" AND sessid = "%s" StopQueryAlt=INSERT INTO call (gkname, callnum, d_cause, sessid, H323id, setup_time, connect_time, disconnect_time, caller_ip, callee_ip, calling_number, caller_number) VALUES ("%g", "%n", "%c", "%s", "%u", "%{setup-time}", "%{connect-time}", "%{disconnect-time}", "%{caller-ip}", "%{callee-ip}", "%{Calling-Station-Id}", "%{Caller-Station-Id}")