Hi Stewart,
At 09:03 AM 14.09.2004, you wrote:
Hi Ganbold,
I see. Probably I have same situation here as yours. I tried to redirect
ports on NAT, however it didn't work. I just redirected ports 1719-1721, it seems
like not enough as you said.
First, without any special NAT config, but with ProxyForNAT=1, try a call from 192.168.0.18 through the GK to an endpoint on a public IP. If that doesn't work, make sure that you can talk between two endpoints on the same network, first without the GK, and then with it.
I tested call from private network to public network and it is working fine.
Sorry, I have no knowledge specific to the BSD NATs, but I hope that the following general information will work for you:
I have NAT on OpenBSD and FreeBSD and I did following on OpenBSD pf.conf and it didn't work.
rdr on $ext_if proto tcp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto udp from any to $external_addr/32 port 1719 -> 192.168.0.18 port 1719
rdr on $ext_if proto tcp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto udp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
rdr on $ext_if proto tcp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
rdr on $ext_if proto udp from any to $external_addr/32 port 1721 -> 192.168.0.18 port 1721
What you have should be fine, but only the
rdr on $ext_if proto tcp from any to $external_addr/32 port 1720 -> 192.168.0.18 port 1720
should be needed, because the accesses on ports 1719 and 1721 should
be outgoing only, and the NAT will set up those associations automatically.
But you also need UDP rdr entries for the RTP and RTCP ports (check endpoint
docs or use Ethereal or GK trace to find out what they are). And you need
a TCP rdr entry for H.245, unless you can use fast start or H.245 tunneling.
I did as you said, and it is working, however I have to upgrade my OpenBSD/pf. Current version of
pf seems like doesn't support port range, I have to enter redirect rules for each port now :)
Once you have set up the above, you should be able to call from the endpoint on a public IP to 192.168.0.18 . When that's working, configure your other NAT and its endpoint similarly, and test calls from there to and from the endpoint with public IP. Once that's also working, try calls from one NAT to the other. And finally, try turning off ProxyForNAT and see if it all still works.
I did test call from private network to private network and it works without any problem now.
I'll test it without ProxyForNAT option.
When a given setup fails, please don't just post that it doesn't work. As a minimum, say something like "The endpoints register ok, and the called phone rings, but on answer there is no audio." But much better, post some meaningful debug information, from the GK trace, from Ethereal, or from whatever debug features your endpoints may have. Also, let us know what simpler configuration you tried that did work.
We had no audio first time, and figured out problem was again port redirecting for RTP and RTCP.
One more question, How situation will change if there are multiple endpoints for each NAT?
I mean how does it reflect to NAT port redirect rules? Did you make similar setup before?
How NAT will distinguish each call and port redirection will work just as supposed to?
thanks in advance,
Ganbold
Good luck,
Stewart
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
