Hi Stewart,
At 09:28 PM 11.09.2004, you wrote:
Hi,
Our network has a single gnugk on a public IP, and several users behind NATs, with no problems. It is necessary to set up each NAT so that an inbound call can reach all the required ports. For example, on an ATA186 you need to forward the H.225 channels (typically TCP 1720 and 1721), the H.245 ports (typically TCP 1740 and 1741), and the media ports (typically UDP 10000-10007). For other endpoints, the ports may be different. With many devices, such as the ATA, you can just set them as the DMZ host instead.
I see. Probably I have same situation here as yours. I tried to redirect
ports on NAT, however it didn't work. I just redirected ports 1719-1721, it seems
like not enough as you said.
I have NAT on OpenBSD and FreeBSD and I did following on OpenBSD pf.conf and it didn't work.
rdr on $ext_if proto tcp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto udp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto tcp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto udp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto tcp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
rdr on $ext_if proto udp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
Some NATs cause trouble by incorrectly proxying H.323 . They were designed to work with NetMeeting, and have bugs when used with other endpoints. Some have configuration settings that will disable this undesired behavior. With others you are out of luck. Most mainstream consumer NATs (Linksys, D-Link, Netgear) are too stupid to cause trouble, and most professional firewalls (Cisco, Sonicwall) are smart enough to do it right.
As I said before I have FreeBSD and OpenBSD NATs, are these can do what I want?
thanks in advance,
Ganbold
--Stewart
----- Original Message ----- From: "Rafat Subhan" <rafat@xxxxxxxxxxxxxxx> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Sunday, January 11, 2004 1:17 PM Subject: Re: gnugk behind NAT questions
Its not possible i think. i tried it with many configurations, was not able to call when GK is on public ip
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
