Re: gnugk behind NAT questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

This configuration works fine for me, and for hundreds of other happy
gnugk users.  Many thanks to the developers for this functionality.
I don't even need to set ProxyForNAT in my production systems.
Here is a simplified description (assuming fast start, but that is
not necessary):

1. Registration, etc. has no problem because GK responds to whatever
  port it got RAS packet from.

2. EP1 wants to call EP2, so sends ARQ to GK.  GKRouted is on, so
  ACF tells EP1 to send Setup to GK.

3. EP1 opens TCP connection to GK and sends Setup.  Setup contains
  OLC request to send audio to 192.168.1.1 port 10000.

4. GK knows real IP of EP2 (saved from registration) and opens TCP
  connection to 90.90.2.2 port 1720.  NAT2 has been administratively
  configured (by port forwarding or DMZ) to forward the connection
  to 192.168.2.1 .

5. EP2 accepts the connection, and GK sends the Setup.  GK modifies the
  contents so that EP2 is told to send audio to 80.80.1.1 port 10000.

6. After Connect, EP2 sends RTP (UDP) audio packets to 80.80.1.1 port 10000.

7. Audio packets arrive at NAT1, which has been administratively configured
  to forward UDP port 10000 to 192.168.1.1 .

8. Audio packets arrive at EP1, happy caller hears 'hello' from other end :)

--Stewart

----- Original Message ----- From: "kompnet" <kompnet@xxxxxxxxx>
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Saturday, September 11, 2004 5:24 PM
Subject: Re: gnugk behind NAT questions


Which configuration do you mean?

<1-st ep 192.168.1.1>--<192.168.1.254 NAT1 80.80.1.1>--<212.211.2.2 GNUGK>
  |
<2-nd ep 192.168.2.1>--<192.168.2.254 NAT2 90.90.2.2>

If you want to establish connection in described configuration, foget about it because not only headers of packets contains information about ip addresses and ports, but also internal contents of packets contains information about real ip address of an endpoint and used ports. And you need not only change the ip-header, but internal content too.
In it is the purpose of the gatekeeper in full proxy mode.
You need 2 gnugk's installed on both NAT boxes. And you can't use hardware NAT, only computer with two interfaces configured as gateway. Or you need hardware NAT with full h323-proxy functionality.

Regards,
Igor



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux