that was I want
|my PC | |Smoothwall | |
| Debian | |redirection | |different PC
|gnomemeeting |-192.168.1.5 ----|ip dynamic | --internet ---|IP Dynamic
|gnugk | |trujo.hn.org | | Netmeeting
I'm trying to connect with my brothers and friend
that is the port I open in the proxy
Proto External source IP Source port Destination IP Destination port
TCP ALL 1720 192.168.1.5 N/A TCP ALL 80 192.168.1.5 N/A
TCP ALL 30000:30010 192.168.1.5 N/A
UDP ALL 5010:5013 192.168.1.5 N/A
UDP ALL 5000:5007 192.168.1.5 N/A
UDP ALL 80 192.168.1.5 N/A
TCP ALL 20000 192.168.1.5 N/A
TCP ALL 40000:40999 192.168.1.5 N/A
TCP ALL 50000:59999 192.168.1.5 N/A
TCP ALL 1719 192.168.1.5 N/A
TCP ALL 22 192.168.1.5 N/A
UDP ALL 1720 192.168.1.5 N/A
TCP ALL 5010:5013 192.168.1.5 N/A
TCP ALL 5000:5003 192.168.1.5 N/A
UDP ALL 1719 192.168.1.5 N/A
TCP ALL 7000 192.168.1.5 N/A
TCP ALL 522 192.168.1.5 N/A
UDP ALL 522 192.168.1.5 N/A
TCP ALL 3450 192.168.1.5 N/A
TCP ALL 1718:1721 192.168.1.5 N/A
UDP ALL 1718:1721 192.168.1.5 N/A
UDP ALL 50000:59999 192.168.1.5 N/A
this is my gatekeeper.ini cat /etc/gatekeeper.ini # File: ~/.pwlib_config/Gatekeeper.ini # comments may start with # or ; ######################################
## Boolean values. ## Boolean Values are retresented by a case insensitive string ## - "t"..., "y"... or "1" for TRUE ## - all other for FALSE
##
## Params used in Gatekeeper::Main()
##
## NOTE: This parameters may be loaded at program startup and not influenced by the HUP signal.
[Gatekeeper::Main]
## 'config is present' indicator. Has to be 42.
Fourtytwo=42
# Includes in some RAS-Msgs
Name=OpenH323GK
# overwritten from command line parameter
Home=192.168.1.5
NetworkInterfaces=eth0
#TimeToLive=600
#TotalBandwidth=100000
#StatusPort=7000
#UseBroadcastListener=0
##
## Failover support
##
#AlternateGKs=1.2.3.4:1719:false:120:OpenH323GK2
#Sendto=1.2.3.4:1719
#EndpointIDSuffix=_gk1
#SkipForwards=4.3.2.1
#RedirectGK=Calls > 50
##
## You should never need to change any of the following values.
## They are mainly used for testing or very sophisticated applications.
##
#UnicastRasPort=1719
#MulticastPort=1718
#MulticastGroup=224.0.1.41
#EndpointSignalPort=9999
#EndpointSignalPort=1720
#ListenQueueLength=1024
# [ms], default 1000
#SignalReadTimeout=3000
# [ms], default 3000
#StatusReadTimeout=5000
#StatusWriteTimeout=5000
[RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1721 CallSignalHandlerNumber=1 RemoveH245AddressOnTunneling=0 AcceptNeighborsCalls=1 AcceptUnregisteredCalls=0 SupportNATedEndpoints=1 DropCallsByReleaseComplete=1 #RemoveCallOnDRQ=1 #SendReleaseCompleteOnDRQ=0 #ScreenDisplayIE= #ScreenCallingPartyNumberIE= #ScreenSourceAddress= #ForwardOnFacility=1 #ShowForwarderNumber=1 #Q931PortRange=20000-20999 #H245PortRange=30000-30999 #ConnectTimeout=180000
[Proxy] Enable=1 InternalNetwork=192.168.1.0/255.255.255.0,127.0.0.0/8 T120PortRange=40000-40999 RTPPortRange=50000-59999 ProxyForNAT=1 ProxyForSameNAT=0
#[Endpoint] #Gatekeeper=auto #Gatekeeper=210.58.112.188 #Type=Gateway #H323ID=CitronProxy #E164=18888600000 #Password= #Prefix=18888600,1888890003 #TimeToLive=900 #RRQRetryInterval=10 #ARQTimeout=2 #UnregisterOnReload=0 #NATRetryInterval=60 #NATKeepaliveInterval=86400
#[Endpoint::RewriteE164] #188889000=9
## ## Prefixes of e164 numbers for gateways. ## Separate list elements by one of " .,\t". ## @see RasTbl::addPrefixes ## This parameters should consider a HUP signal. [RasSrv::GWPrefixes] ## Test-Gateways # 195.71.226.162 #rossi-gt2=80,90 #rossi-gt2=0 # 195.71.226.165 #rossi-gt3=80,90 #rossi-gt3=05241,0521,5241,521 # 195.71.129.254 #ip400-v1=12 #ip400-wi1=0
[RasSrv::RRQFeatures] #OverwriteEPOnSameAddress=1 #AcceptEndpointIdentifier=1 #AcceptGatewayPrefixes=1
[RasSrv::ARQFeatures] ArjReasonRouteCallToSCN=0 ArjReasonRouteCallToGatekeeper=1 CallUnregisteredEndpoints=1 RemoveTrailingChar=# ParseEmailAliases=1
[RasSrv::RRQAuth]
## On a RRQ the h323-alias is queried from this section.
## If there is an entry the endpoint is authenticated against the given rules.
## If there is no entry the default action is performed. The default action
## is to confirm the RRQ, unless the parameter "default=reject" is given.
##
## Notation:
## <authrules> := empty | <authrule> "&" <authrules>
## <authrule> := <authtype> ":" <authparams>
## <authtype> := "sigaddr" | "sigip"
## <autparams> := [!&]*
## The notation and meaning of <authparams> depends on <authtype>:
## - sigaddr: extended regular expression that has to match agains the
## "PrintOn(ostream)" representation of the signal address of the request.
## Example: "sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.*"
## - sigip: specialized form of "sigaddr". Write the signalling ip adresse
## using (commonly used) decimal notation: "byteA.byteB.byteC.byteD:port"
## Example of the above sigaddr: "sigip:195.71.226.165:1720"
##
## This parameters should consider a HUP signal.
#rossi-gt1=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a2 .*port = 1720.* #rossi-gt2=sigaddr:.*ipAddress .* ip = .* c3 47 e2 a5 .*port = 1720.* #rossi-gt3=sigip:195.71.226.165:1720
default=confirm
## The parameter "rule" may be one of the following:
## - "forbid" disallow any connection (default when no rule us given)
## - "allow" allow any connection
## - "explicit" reads the parameter #"<ip>=<value>"# with ip is the ip4-address
## if the peering client. #<value># is resolved with #Toolkit::AsBool#. If the ip
## is not listed the param "default" is used.
## - "regex" the #<ip># of the client is matched against the given regular expression.
## First the ip-rules (like "explicit") are tested. Olny of no such param exists
## the regex is tried.
## Example: "regex=^195\.71\.(129|131)\.[0-9]+$"
## - "password" authenticates clients by asking for username/password
## and it compares them with the username/password pairs stored in this section.
## Set KeyFilled variable and use addpasswd utility to add new username/password pairs:
## addpasswd gnugk.ini GkStatus::Auth gkadmin secret
[GkStatus::Auth]
rule=allow
#rule=deny
#rule=explicit
#rule=regex
# - 195.71.129.*
# - 195.71.100.*
# - 62.52.26.[1-2][0-9][0-9]
#regex=^(195\.71\.(129|100)\.[0-9]+)|(62\.52\.26\.[1-2][0-9][0-9])$
#rule=password
#KeyFilled=123
# only used when "rule=explicit"
#default=forbid
#Shutdown=disable
## ## Beside other things every number to rewrite has its ## own key/value-line. The implemententation is such that ## all numbers that shell be rewritten have to begin ## with a common prefix given by 'Fastmatch'. ## ## Doc From the code: ## // Do rewrite to #newE164#. Append the suffix too. ## // old: 01901234999 ## // 999 Suffix ## // 0190 Fastmatch ## // 01901234 prefix, Config-Rule: 01901234=0521321 ## // new: 0521321999 ## ## The rewrite-numbers function take care of reloads/a HUP signal.
[RasSrv::RewriteE164] ## Only if an e164 number begins with #Fastmatch# the ## the further rewriting is done. Only one #Fastmatch# can be given. #Fastmatch= #0190703100=052418088663 #01903142=0521178260 #5241908601903142=521178260
##
## The GK would send LRQ to its neighbors if the destination of ARQ is unknown.
## A neighbor is selected if its prefix match the destination or
## it has prefix '*'.
## Currently multiple prefixes are supported.
##
#
# GKID=ip[:port;prefixes;password;dynamic]
#
[RasSrv::Neighbors]
#GK1=203.60.151.5:1719;*;gk1
#GK2=203.60.151.9:1719;02,03
[RasSrv::LRQFeatures] #NeighborTimeout=2 #ForwardHopCount=2 #AlwaysForwardLRQ=0 #AcceptForwardedLRQ=1 #IncludeDestinationInfoInLCF=1 #CiscoGKCompatible=1
## ## In this section you can put endpoints that don't have RAS support ## or that you don't want to be expired. The records will always ## in GK's registration table. ## However, You can still unregister it via status thread. ## # # ip[:port]=alias,alias,...[;prefix,prefix,...] # [RasSrv::PermanentEndpoints] # For gateway #10.0.1.5=Citron;009,008 # For terminal #10.0.1.10=798
##
## Authentication mechanism
##
## Syntax:
## authrule=actions
##
## <authrule> := SimplePasswordAuth | LDAPPasswordAuth
## | AliasAuth | LDAPAliasAuth | ...
## <actions> := <control>[;<ras>|<q931>,<ras>|<q931>,...]
## <control> := optional | required | sufficient
## <ras> := GRQ | RRQ | URQ | ARQ | BRQ | DRQ | LRQ | IRQ
## <q931> := Setup
##
## Currently supported modules:
##
## SimplePasswordAuth/SQLPasswordAuth/LDAPPasswordAuth
##
## The module checks the tokens or cryptoTokens
## fields of RAS message. The tokens should contain
## at least generalID and password. For cryptoTokens,
## cryptoEPPwdHash tokens hashed by simple MD5 and
## nestedcryptoToken tokens hashed by HMAC-SHA1-96
## (libssl must be installed!) are supported now.
## The ID and password are read from [Password] section
## / SQL / LDAP. For backward compatibility,
## MySQLPasswordAuth module can be used instead of SQLPassword auth
##
## NeighborPasswordAuth
##
## The module only check LRQs from neighbors. The ID and
## password are defined in [RasSrv::Neighbors] section.
##
## AliasAuth/
## LDAPAliasAuth/ The IP of an endpoint with given alias should
## SQLAliasAuth match a specified pattern. For AliasAuth the pattern
## is defined in [RasSrv::RRQAuth] section.
## For LDAPAliasAuth the alias (default: mail attribute)
## and IP (default: voIPIpAddress attribute) must be found
## in one LDAP entry.
## For SQLAliasAuth alias and IP is read from a database.
## For backward compatibility MySQLAliasAuth modules is supported.
##
## RadAuth/RadAliasAuth
##
## The H.235 username/password from RRQ/ARQ message
## or endpoint alias/IP from RRQ/ARQ/Setup message
## is used to authenticate an endpoint/a call using
## RADIUS server.
##
## A rule may results in one of the three codes: ok, fail, pass.
##
## ok The request is authenticated by this module
## fail The authentication fails and should be rejected
## next The rule cannot determine the request
##
## There are also three ways to control a rule:
##
## optional If the rule cannot determine the request, it is passed
## to next rule.
## required The requests should be authenticated by this module,
## or it would be rejected. The authenticated request would
## then be passwd to next rule.
## sufficient If the request is authenticated, it is accepted,
## or it would be rejected. That is, the rule determines
## the fate of the request. No rule should be put after
## a sufficient rule, since it won't take effect.
##
## You can also configure a rule to check only for some particular RAS
## messages. For example, to configure SimplePasswordAuth as a required
## rule to check RRQ, ARQ and LRQ:
## SimplePasswordAuth=required;RRQ,ARQ,LRQ
#
[Gatekeeper::Auth]
#SimplePasswordAuth=optional
#LDAPPasswordAuth=optional
#AliasAuth=sufficient;RRQ
#LDAPAliasAuth=sufficient;RRQ
#RadAuth=required;RRQ,ARQ
#RadAliasAuth=required;Setup
#default=reject
default=allow
##
## Destination analysis mechanism
## (must be enabled with compiler option WITH_DEST_ANALYSIS_LIST)
##
## Syntax:
## authrule=actions
##
## <authrule> := OverlapSendDestAnalysis
## <actions> := <control>[;<message>,<message>,...]
## <control> := optional | required | sufficient
## <message> := ARQ | LRQ
##
## Currently supported modules:
##
## OverlapSendDestAnalysis This module checks for incomplete destination
## addresses (not fully implemented up to now).
##
## A rule may results in one of the three codes: ok, fail, pass.
## There are also three ways to control a rule: optional, required, sufficient.
## Additionally you can configure a rule to check only for some particular
## messages.
## (see Authentication mechanism for details informations).
#
[Gatekeeper::DestAnalysis]
#OverlapSendDestAnalysis=required;ARQ
#default=reject
#default=allow
## ## Use 'make addpasswd' to generate the utility addpasswd ## Usage: ## addpasswd config section userid password ## #[Password] #KeyFilled=123 #CheckID=FALSE #PasswordTimeout=0 #(id=cwhuang, password=123456) #cwhuang=UGwUtpy837k=
[MySQLAuth] #Host=localhost #Database=billing #User=cwhuang #Password=123456 #Table=customer #IDField=IPN #PasswordField=Password #ExtraCriterion=Kind < 2 #CacheTimeout=0
[MySQLAliasAuth] #Host=localhost #Database=billing #User=cwhuang #Password=123456 #Table=customer #IDField=IPN #IPField=IPAddr #ExtraCriterion=Kind < 2 #CacheTimeout=0
[SQLPasswordAuth] #Driver=MySQL #Host=localhost #Database=billing #Username=gnugk #Password=secret #CacheTimeout=0 #Query=SELECT password FROM users WHERE alias = '%1'
[SQLAliasAuth] #Driver=PostgreSQL #Host=localhost #Database=billing #Username=gnugk #Password=secret #CacheTimeout=0 #Query=SELECT authcond FROM users WHERE alias = '%1'
[CallTable] #GenerateNBCDR=TRUE #GenerateUCCDR=TRUE #DefaultCallDurationLimit=21600 #AcctUpdateInterval=0
[GkLDAP::LDAPAttributeNames] #H323ID=mail #IPAddress=voIPIpAddress #TelephonNo=telephoneNumber #H235PassWord=plaintextPassword
# Settings for LDAP access [GkLDAP::Settings] #ServerName=ldap #ServerPort=389 #SearchBaseDN=o=University of Michigan, c=US #BindUserDN=cn=Babs Jensen,o=University of Michigan, c=US #BindUserPW=ReallySecretPassword #sizelimit=0 #timelimit=0
##
## Accounting mechanism
##
## Syntax:
## acctmod=actions
## ...
##
## <acctmod> := RadAcct | FileAcct | SQLAcct | ...
## <actions> := <control>[;<event>,<event>,...]
## <control> := optional | required | sufficient | alternative
## <event> := start | stop | update | on | off
##
## One special module is the "default" module - it can be used
## to determine a final accounting status:
##
## default=<status>[;<event>,<event>]
##
## <status> := accept | reject
## <event> := start | stop | update | on | off
##
## Currently supported modules:
##
## RadAcct
##
## Provides accounting through RADIUS protocol.
##
## FileAcct
##
## Provides accounting to a plain text file using GK status line CDR format.
##
## SQLAcct
##
## Provides accounting directly to an SQL database.
##
## default
##
## Determines the final status, if not already set by another module
## (it can be helpful with optional or alternative actions).
##
## Processing of an accounting event by an accounting module may results
## in one of the three codes: ok, fail, next.
##
## ok the accounting event has been succesfully processed (logged) by this module
## fail the accounting event has not been logged by this module (due to failure)
## next the accounting event has not been logged by this module,
## either because the module does not support this event type
## or the event type has not been configured to be processed
##
## There are also three ways to control how an accounting event is passed down
## through a stack of modules:
##
## optional the module tries to log the accounting event. Success or
## failure does not determine the final status for all modules
## (except when the rule is the last one). The event is then
## passed down to remaining modules.
## required if the module fails to log the event, the final status is set
## to failure. If the event is logged successfully, the final status
## is determined by any remaining modules (except when the rule is the last one).
## sufficient if the module logs the event successfully, remaining modules
## are not processed and the final status is success. Otherwise
## the final status is failure and the event is passed down
## to any remaining modules.
## alternative if the module logs the event successfully, remaining modules
## are not processed and the final status is success. Otherwise
## the final status is determined by any remaining modules.
##
## You can configure a module to log only some particular accounting events.
## For example, to configure RadAcct as a required module to log call "start"
## and "stop" events only, write:
## RadAcct=required;start,stop
##
## Recognized accounting event types:
##
## start call start
## stop call stop
## update call update
## on GK start
## off GK stop
##
[Gatekeeper::Acct]
#RadAcct=alternative;start,stop,on,off
#FileAcct=required;stop
#default=reject;start,stop
# Various global settings for accounting modules [Accounting] #AlwaysUseCLID=1
# if the GK can't auto detect your NATed EP # set it here [NATedEndpoints] ;704=11.1.1.111 ;705=allow
# settings for inbound call distribution with virtual queue [CTI::Agents] VirtualQueueAliases=CC ;VirtualQueuePrefixes=001,0044,0049 ;VirtualQueueRegex=^(001|04)[0-9]*$ RequestTimeout=10
# SQL based configuration [SQLConfig] #Driver=PostgreSQL #Host=localhost #Database=billing #Username=gnugk #Password=secret #RewriteE164Query=SELECT ... #PermanentEndpointsQuery=SELECT ... #NeighborsQuery=SELECT ... #GWPrefixesQuery=SELECT ...
# EOF
------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
