Hi Terry, You should have the Sonicwall configured so that it doesn't look into any H.323 packets or modify their contents. Then, yes, NetworkInterfaces should specify the outside address of the GK. This is needed so that, for example, the signaling address sent in RCF is the outside address, and the calling phone knows to send the Setup to the firewall, which in turn forwards it to the GK. Since the GK did get the originating Setup, I assume that this was working correctly. However, if you have a public address on the LAN side of the firewall, it would IMO be simpler if you eliminated the NAT, and had Sonicwall act as a normal router for the GK host. Assuming that this Win2k is dedicated to gnugk, I don't think that you gain any security by using NAT; you could still restrict incoming connections as desired. I'm pretty sure that your immediate problem is NAT related and a test without NAT would be informative. Your trace seemed to show 63.80.96.164 as the outside address of the GK. I was unable to connect there, but had assumed that it was because the firewall only accepted connections from authorized sources, and/or because the GK was not running at the time. So, I did not mention it yesterday. However, if this is not correct, it may be a useful clue. Regards, Stewart ----- Original Message ----- From: "TERRY HE" <terry.he@xxxxxxxxx> To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Monday, December 13, 2004 10:09 PM Subject: Re: Can't reply problem > Hi, all, > > Thanks for your help again. > This letter is just for some update info after I finished some of your > advices, since it's not working yet right now. > I used the trace function on the firewall, and there was no any tcp > info to the destination ip phone. Say, there is no tcp info sent from > the gk server. There is no any firewall software on the gk server. So, > I think the gnugk didn't send the tcp package. > I didn't have time to use ethereal to trace the gkserver and change to > gnugk 2.0.0 yet, and I'll do that tomorrow evening. BTW, I still need > to mention another info: as I said before, I'm using one-to-one NAT on > the sonic firewall, so, I put the internet address (One-to-one NAT > outer address) of the gk server instead of the firewall address (also > is internet address), into the parameter NetworkInterfaces. Is that > okay? > Thanks again. > > > Regards, > > > Terry ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
