Hi,
At 01:30 PM 12.09.2004, you wrote:
Stewart, thanks! I didn't know that this functionality have released in gnugk. I demand from customers that they used real public addresses for their endpoints even behind a NAT.
I was thinking about it until I got answers from you guys:)
The truth at such approach is small advantage - disappears necessity for registrations, acknowledgements and so on (or there is a hole in security?). At the first opportunity I'll check up the functionality described by you.
I'll try too, I wanna see how it works and how it will reflect billing.
Then it becomes abundantly clear that so-called "NAT problems or questions" are not connected almost to GNUGK configuration and are problems of adjustment of NAT's. And to solve similar problems not too difficultly: it is necessary to start sniffer (ethereal or another) in all three points and closely to look, how to occur translation of addresses in headers of packets and in a content.
Yes, I should definitely check the connections with the sniffer.
regards,
Ganbold
Regards, Igor
On Saturday 11 September 2004 20:51, Stewart Nelson wrote: > Hi, > > This configuration works fine for me, and for hundreds of other happy > gnugk users. Many thanks to the developers for this functionality. > I don't even need to set ProxyForNAT in my production systems. > Here is a simplified description (assuming fast start, but that is > not necessary): > > 1. Registration, etc. has no problem because GK responds to whatever > port it got RAS packet from. > > 2. EP1 wants to call EP2, so sends ARQ to GK. GKRouted is on, so > ACF tells EP1 to send Setup to GK. > > 3. EP1 opens TCP connection to GK and sends Setup. Setup contains > OLC request to send audio to 192.168.1.1 port 10000. > > 4. GK knows real IP of EP2 (saved from registration) and opens TCP > connection to 90.90.2.2 port 1720. NAT2 has been administratively > configured (by port forwarding or DMZ) to forward the connection > to 192.168.2.1 . > > 5. EP2 accepts the connection, and GK sends the Setup. GK modifies the > contents so that EP2 is told to send audio to 80.80.1.1 port 10000. > > 6. After Connect, EP2 sends RTP (UDP) audio packets to 80.80.1.1 port > 10000. > > 7. Audio packets arrive at NAT1, which has been administratively configured > to forward UDP port 10000 to 192.168.1.1 . > > 8. Audio packets arrive at EP1, happy caller hears 'hello' from other end > :) > > --Stewart > > ----- Original Message ----- > From: "kompnet" <kompnet@xxxxxxxxx> > To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx> > Sent: Saturday, September 11, 2004 5:24 PM > Subject: Re: gnugk behind NAT questions > > > Which configuration do you mean? > > > > <1-st ep 192.168.1.1>--<192.168.1.254 NAT1 80.80.1.1>--<212.211.2.2 > > GNUGK> > > > > <2-nd ep 192.168.2.1>--<192.168.2.254 NAT2 90.90.2.2> > > > > If you want to establish connection in described configuration, foget > > about it because not only headers of packets contains information about > > ip addresses and ports, but also internal contents of packets contains > > information about real ip address of an endpoint and used ports. And you > > need not only change the ip-header, but internal content too. > > In it is the purpose of the gatekeeper in full proxy mode. > > You need 2 gnugk's installed on both NAT boxes. > > And you can't use hardware NAT, only computer with two interfaces > > configured as gateway. Or you need hardware NAT with full h323-proxy > > functionality. > > > > Regards, > > Igor > > ------------------------------------------------------- > This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 > Project Admins to receive an Apple iPod Mini FREE for your judgement on > who ports your project to Linux PPC the best. Sponsored by IBM. > Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php > > _______________________________________________________ > > List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx > Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 > Homepage: http://www.gnugk.org/
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
