Hi Stewart, thx for the quick reply there are some serious point at your answer which help me a lot. >When you see only the public address of a NATed client in the RCF, it >indeed means that the NAT box has translated the address in the RRQ, and >if the NAT doesn't translate everything else correctly, it won't work >with gnugk. >First, try defining the endpoint in the [NATedEndpoints] section. thx for this recommendation it FIXED the misbehavior of the draytek router. i am not a developer but IMHO if this help (what it did) the gnugk can get the answer from the first request at port 1719 (the registrations request) im right so far? isn´t it possible to trace the full packet anyway to see if it´s really a public IP Endpoint or Proxy (the private ip address range is well known) ? i know this would give an overhead and h.323 wasn´t former made for NAT but more and more this is a big base of dsl/kabel/satelite broadband connection behind a NAT. >In some cases, the problem is that the NAT knows specially about port 1720; >if you set CallSignalPort=1720 in gnugk it will work fine (NAT doing >all translation correctly). I have tried that and maybe there are some routers which will do so but with the draytek and some other routers it didn´t fix the problem. (i have tried it on a test gnugk) >In other cases, if the client can register using a port other >than 1719, set UnicastRasPort (and the client) to some other value. >Then the NAT doesn't "see" the registration, and gnugk correctly finds >out that the client is behind a NAT. In this situation, keep >CallSignalPort at other than 1720. maybe a way but i don´t want go that way and leave the default values also it isn´t possible in a productional working gk. >With some NATs, you can turn off the stateful inspection related to >H.323. This may be in an unexpected menu such as "intrusion detection". yes maybe there are some configuration options, i have started to write a mail to draytek to get a statement about their incorrect h.323 implementation. (at sip i know they have a value sip_alg=0/1 but not at the 2200X and as mentioned before it´s for SIP) hopefully this is a way to treat them the right way. also with sip it was a long way to get some company to solve their problems. especially the netmeeting (compatibility) leads to some serious problems. >Is you are willing to use a child GK, put another NIC in it and have >it also function as the NAT. This is pretty sure to work, as long >as the OS is not Windows. It can also improve performance, if you no >longer need ProxyForNAT on the main GK. Hmm i used also a child GK but figured out the same problems as with the phones we use except with the zyxel routes it fixed the problems. the proxy which is also a router 2 NICs would be of course a solution but we have fixed situations at the customer side and also not even cheap NAT Routers which are quick to replace with a very good working linksys wrt45g (it´s may favorite) another point is the security issue and the liability for this router. >I don't know whether [NATedEndpoints] will work for a child GK. >Presumably it would if the auxiliary GK is configured as an endpoint. Yes it works also very well, just tried it. >STUN could potentially help, but that solution would be of no use to >the majority of users with hardware endpoints that are almost always >closed-source. agree with you maybe this is not for the endpoints but it could solve many problems with a child/proxy GK to give more fault tolerance for broken NATs and or broken Endpoints. At the moment i am working an a proxy child gk (knoppix based) which is running from a usb stick or from cd which works really great but there is a lot on the todo list to get it to a production state for use with an appliance. if there some interests or sb like to help development it would be very appreciated. thx a lot TOM ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
