Hi Ganbold,
I see. Probably I have same situation here as yours. I tried to redirect
ports on NAT, however it didn't work. I just redirected ports 1719-1721, it seems
like not enough as you said.
First, without any special NAT config, but with ProxyForNAT=1, try a call from 192.168.0.18 through the GK to an endpoint on a public IP. If that doesn't work, make sure that you can talk between two endpoints on the same network, first without the GK, and then with it.
Sorry, I have no knowledge specific to the BSD NATs, but I hope that the following general information will work for you:
I have NAT on OpenBSD and FreeBSD and I did following on OpenBSD pf.conf and it didn't work.
rdr on $ext_if proto tcp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto udp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto tcp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto udp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto tcp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
rdr on $ext_if proto udp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
What you have should be fine, but only the
rdr on $ext_if proto tcp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
should be needed, because the accesses on ports 1719 and 1721 should
be outgoing only, and the NAT will set up those associations automatically.
But you also need UDP rdr entries for the RTP and RTCP ports (check endpoint
docs or use Ethereal or GK trace to find out what they are). And you need
a TCP rdr entry for H.245, unless you can use fast start or H.245 tunneling.
Once you have set up the above, you should be able to call from the endpoint on a public IP to 192.168.0.18 . When that's working, configure your other NAT and its endpoint similarly, and test calls from there to and from the endpoint with public IP. Once that's also working, try calls from one NAT to the other. And finally, try turning off ProxyForNAT and see if it all still works.
When a given setup fails, please don't just post that it doesn't work. As a minimum, say something like "The endpoints register ok, and the called phone rings, but on answer there is no audio." But much better, post some meaningful debug information, from the GK trace, from Ethereal, or from whatever debug features your endpoints may have. Also, let us know what simpler configuration you tried that did work.
Good luck,
Stewart
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
